--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// aesCommon.h - common AES/Rijndael constants
+//
+#ifndef _H_AES_COMMON_
+#define _H_AES_COMMON_
+
+#define MIN_AES_KEY_BITS 128
+#define MID_AES_KEY_BITS 192
+#define MAX_AES_KEY_BITS 256
+
+#define MIN_AES_BLOCK_BITS 128
+#define MID_AES_BLOCK_BITS 192
+#define MAX_AES_BLOCK_BITS 256
+
+#define MIN_AES_BLOCK_BYTES (MIN_AES_BLOCK_BITS / 8)
+#define DEFAULT_AES_BLOCK_BYTES MIN_AES_BLOCK_BYTES
+
+/*
+ * When true, the Gladman AES implementation is present and is used
+ * for all 128-bit block configurations.
+ */
+#define GLADMAN_AES_128_ENABLE 1
+
+#endif /* _H_AES_COMMON_ */
#define DEFAULT_BLOCK_SIZE (MIN_AES_BLOCK_BITS / 8)
-#define DEBUG_ED 0 /* general encrypt/decrypt debug */
-#if DEBUG_ED
-#define dprint(s) printf s
-#else
-#define dprint(s)
-#endif
-
-#define DEBUG_SIZES 0
-#if DEBUG_SIZES
-#define logSize(s, final, encr, ibs, in, out) \
- printf("%s final %d encr %d inbufsz %d inSize %d outSize %d\n", \
- s, final, encr, ibs, in, out)
-#else
-#define logSize(s, final, encr, ibs, in, out)
-#endif
-
/*
* AES symmetric key generation.
* This algorithm has key size restrictions which don't fit with the
}
int opt128 = 0;
+#if !GLADMAN_AES_128_ENABLE
if((mBlockSize == (MIN_AES_BLOCK_BITS/8)) &&
(keyLen == (MIN_AES_KEY_BITS/8)) &&
doAES128) {
opt128 = 1;
}
+#endif /* !GLADMAN_AES_128_ENABLE */
/* create new key if needed */
if(mAesKey == NULL) {
mRawKeySize = keyLen;
}
+#if !GLADMAN_AES_128_ENABLE
if(opt128) {
/* optimized path */
mEncryptFcn = rijndaelBlockEncrypt128;
mEncryptFcn = rijndaelBlockEncrypt;
mDecryptFcn = rijndaelBlockDecrypt;
}
+#else
+ /* common standard path */
+ mEncryptFcn = rijndaelBlockEncrypt;
+ mDecryptFcn = rijndaelBlockDecrypt;
+#endif !GLADMAN_AES_128_ENABLE
/* Finally, have BlockCryptor do its setup */
setup(mBlockSize, context);
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * gladmanContext.cpp - glue between BlockCryptor and Gladman AES implementation
+ * Written by Doug Mitchell 12/12/2001
+ */
+
+#include "gladmanContext.h"
+#include "cspdebugging.h"
+
+/*
+ * Global singleton to perform one-time-only init of AES tables.
+ */
+class GladmanInit
+{
+public:
+ GladmanInit() : mTablesGenerated(false) { }
+ void genTables();
+private:
+ bool mTablesGenerated;
+ Mutex mLock;
+};
+
+void GladmanInit::genTables()
+{
+ StLock<Mutex> _(mLock);
+ if(mTablesGenerated) {
+ return;
+ }
+
+ /* allocate the tables */
+ CssmAllocator &alloc = CssmAllocator::standard(CssmAllocator::sensitive);
+ pow_tab = (u1byte *)alloc.malloc(POW_TAB_SIZE * sizeof(u1byte));
+ log_tab = (u1byte *)alloc.malloc(LOG_TAB_SIZE * sizeof(u1byte));
+ sbx_tab = (u1byte *)alloc.malloc(SBX_TAB_SIZE * sizeof(u1byte));
+ isb_tab = (u1byte *)alloc.malloc(ISB_TAB_SIZE * sizeof(u1byte));
+ rco_tab = (u4byte *)alloc.malloc(RCO_TAB_SIZE * sizeof(u4byte));
+ ft_tab = (u4byte (*)[FT_TAB_SIZE_LS])alloc.malloc(
+ FT_TAB_SIZE_LS * FT_TAB_SIZE_MS * sizeof(u4byte));
+ it_tab = (u4byte (*)[IT_TAB_SIZE_LS])alloc.malloc(
+ IT_TAB_SIZE_LS * IT_TAB_SIZE_MS * sizeof(u4byte));
+ #ifdef LARGE_TABLES
+ fl_tab = (u4byte (*)[FL_TAB_SIZE_LS])alloc.malloc(
+ FL_TAB_SIZE_LS * FL_TAB_SIZE_MS * sizeof(u4byte));
+ il_tab = (u4byte (*)[IL_TAB_SIZE_LS])alloc.malloc(
+ IL_TAB_SIZE_LS * IL_TAB_SIZE_MS * sizeof(u4byte));
+ #endif
+
+ /* now fill them */
+ gen_tabs();
+ mTablesGenerated = true;
+}
+
+static ModuleNexus<GladmanInit> gladmanInit;
+
+/*
+ * AES encrypt/decrypt.
+ */
+GAESContext::GAESContext(AppleCSPSession &session) :
+ BlockCryptor(session),
+ mKeyValid(false),
+ mInitFlag(false),
+ mRawKeySize(0)
+{
+ /* one-time only init */
+ gladmanInit().genTables();
+}
+
+GAESContext::~GAESContext()
+{
+ deleteKey();
+ memset(mRawKey, 0, MAX_AES_KEY_BITS / 8);
+ mInitFlag = false;
+}
+
+void GAESContext::deleteKey()
+{
+ memset(&mAesKey, 0, sizeof(GAesKey));
+ mKeyValid = false;
+}
+
+/*
+ * Standard CSPContext init, called from CSPFullPluginSession::init().
+ * Reusable, e.g., query followed by en/decrypt. Even reusable after context
+ * changed (i.e., new IV in Encrypted File System).
+ */
+void GAESContext::init(
+ const Context &context,
+ bool encrypting)
+{
+ if(mInitFlag && !opStarted()) {
+ return;
+ }
+
+ UInt32 keyLen;
+ UInt8 *keyData = NULL;
+ bool sameKeySize = false;
+
+ /* obtain key from context */
+ symmetricKeyBits(context, CSSM_ALGID_AES,
+ encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
+ keyData, keyLen);
+
+ /*
+ * Delete existing key if key size changed
+ */
+ if(mRawKeySize == keyLen) {
+ sameKeySize = true;
+ }
+ else {
+ deleteKey();
+ }
+
+ /* init key only if key size or key bits have changed */
+ if(!sameKeySize || memcmp(mRawKey, keyData, mRawKeySize)) {
+ set_key((u4byte *)keyData, keyLen * 8, &mAesKey);
+
+ /* save this raw key data */
+ memmove(mRawKey, keyData, mRawKeySize);
+ mRawKeySize = keyLen;
+ }
+
+ /* Finally, have BlockCryptor do its setup */
+ setup(GLADMAN_BLOCK_SIZE_BYTES, context);
+ mInitFlag = true;
+}
+
+/*
+ * Functions called by BlockCryptor
+ */
+void GAESContext::encryptBlock(
+ const void *plainText, // length implied (one block)
+ size_t plainTextLen,
+ void *cipherText,
+ size_t &cipherTextLen, // in/out, throws on overflow
+ bool final) // ignored
+{
+ if(plainTextLen != GLADMAN_BLOCK_SIZE_BYTES) {
+ CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR);
+ }
+ if(cipherTextLen < GLADMAN_BLOCK_SIZE_BYTES) {
+ CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
+ }
+ rEncrypt((u4byte *)plainText, (u4byte *)cipherText, &mAesKey);
+ cipherTextLen = GLADMAN_BLOCK_SIZE_BYTES;
+}
+
+void GAESContext::decryptBlock(
+ const void *cipherText, // length implied (one cipher block)
+ void *plainText,
+ size_t &plainTextLen, // in/out, throws on overflow
+ bool final) // ignored
+{
+ if(plainTextLen < GLADMAN_BLOCK_SIZE_BYTES) {
+ CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
+ }
+ rDecrypt((u4byte *)cipherText, (u4byte *)plainText, &mAesKey);
+ plainTextLen = GLADMAN_BLOCK_SIZE_BYTES;
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// gladmanContext.h - Gladman AES context class
+//
+#ifndef _H_GLADMAN_CONTEXT
+#define _H_GLADMAN_CONTEXT
+
+#include <Security/CSPsession.h>
+#include "AppleCSP.h"
+#include "AppleCSPContext.h"
+#include "AppleCSPSession.h"
+#include "BlockCryptor.h"
+#include "rijndaelGladman.h"
+#include "aesCommon.h"
+
+#define GLADMAN_BLOCK_SIZE_BYTES DEFAULT_AES_BLOCK_BYTES
+
+/* Symmetric encryption context */
+class GAESContext : public BlockCryptor {
+public:
+ GAESContext(AppleCSPSession &session);
+ ~GAESContext();
+
+ // called by CSPFullPluginSession
+ void init(const Context &context, bool encoding = true);
+
+ // As an optimization, we allow reuse of a modified context. The main thing
+ // we avoid is a redundant key scheduling. We save the current raw keys bits
+ // in mRawKey and compare on re-init.
+ bool changed(const Context &context) { return true; }
+
+ // called by BlockCryptor
+ void encryptBlock(
+ const void *plainText, // length implied (one block)
+ size_t plainTextLen,
+ void *cipherText,
+ size_t &cipherTextLen, // in/out, throws on overflow
+ bool final);
+ void decryptBlock(
+ const void *cipherText, // length implied (one cipher block)
+ void *plainText,
+ size_t &plainTextLen, // in/out, throws on overflow
+ bool final);
+
+private:
+ void deleteKey();
+
+ /* scheduled key */
+ GAesKey mAesKey;
+ bool mKeyValid;
+ bool mInitFlag; // for easy reuse
+
+ /* raw key bits saved here and checked on re-init to avoid extra key schedule */
+ uint8 mRawKey[MAX_AES_KEY_BITS / 8];
+ uint32 mRawKeySize;
+}; /* AESContext */
+
+#endif //_H_GLADMAN_CONTEXT
return 0;
}
+#if !GLADMAN_AES_128_ENABLE
+
/*
* All of these 128-bit-key-and-block routines require 32-bit word-aligned
* char array pointers.ÊThe key schedule arrays are easy; they come from
return 0;
}
+#endif /* !GLADMAN_AES_128_ENABLE */
+
#ifndef __RIJNDAEL_ALG_H
#define __RIJNDAEL_ALG_H
-#ifdef __APPLE__
-#define MIN_AES_KEY_BITS 128
-#define MID_AES_KEY_BITS 192
-#define MAX_AES_KEY_BITS 256
+#include "aesCommon.h"
-#define MIN_AES_BLOCK_BITS 128
-#define MID_AES_BLOCK_BITS 192
-#define MAX_AES_BLOCK_BITS 256
-#endif
#define MAXBC (MAX_AES_BLOCK_BITS/32)
#define MAXKC (MAX_AES_KEY_BITS/32)
#define MAXROUNDS 14
word8 rk[MAXROUNDS+1][4][MAXBC], int rounds);
#endif
+#if !GLADMAN_AES_128_ENABLE
+
/*
* Optimized routines for 128-bit block and key.
*/
int rijndaelDecrypt128 (word8 a[4][BC_128_OPT],
word8 rk[MAXROUNDS+1][4][MAXBC]);
+#endif /* !GLADMAN_AES_128_ENABLE */
+
#ifdef __cplusplus
}
#endif
key->columns = blockLen / 32;
/* initialize key schedule */
+#if !GLADMAN_AES_128_ENABLE
if(enable128Opt &&
(keyLen == MIN_AES_KEY_BITS) &&
(blockLen == MIN_AES_BLOCK_BITS)) {
rijndaelKeySched128 (k, key->keySched);
memset(k, 0, 4 * KC_128_OPT);
}
- else {
+ else
+#endif /* !GLADMAN_AES_128_ENABLE */
+ {
+
/* general case */
word8 k[4][MAXKC];
return key->blockLen;
}
+#if !GLADMAN_AES_128_ENABLE
/*
* Optimized routines for 128 bit block and 128 bit key.
*/
memset(localBlock, 0, 4*BC_128_OPT);
return MIN_AES_BLOCK_BITS;
}
+#endif /* !GLADMAN_AES_128_ENABLE */
word8 *input,
word8 *outBuffer);
+#if !GLADMAN_AES_128_ENABLE
/*
* Optimized routines for 128 bit block and 128 bit key.
*/
keyInstance *key,
word8 *input,
word8 *outBuffer);
+#endif /* !GLADMAN_AES_128_ENABLE */
-#ifdef __ppc__
+#if defined(__ppc__) && defined(ALTIVEC_ENABLE)
/*
* dmitch addenda 4/11/2001: 128-bit only vectorized encrypt/decrypt with no CBC
*/
keyInstance *key,
word8 *input,
word8 *outBuffer);
-#endif __ppc__
-
+
/* temp switch for runtime enable/disable */
extern int doAES128;
+#endif /* __ppc__ && ALTIVEC_ENABLE */
+
/* ptr to one of several (possibly optimized) encrypt/decrypt functions */
typedef int (*aesCryptFcn)(
keyInstance *key,
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * rijndaelGladman.c - Gladman AES/Rijndael implementation.
+ * Based on rijndael.c written by Dr. Brian Gladman.
+ */
+
+
+
+/* This is an independent implementation of the encryption algorithm: */
+/* */
+/* RIJNDAEL by Joan Daemen and Vincent Rijmen */
+/* */
+/* which is a candidate algorithm in the Advanced Encryption Standard */
+/* programme of the US National Institute of Standards and Technology. */
+/* */
+/* Copyright in this implementation is held by Dr B R Gladman but I */
+/* hereby give permission for its free direct or derivative use subject */
+/* to acknowledgment of its origin and compliance with any conditions */
+/* that the originators of the algorithm place on its exploitation. */
+/* */
+/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */
+
+#include "rijndaelGladman.h"
+
+/* enable of block/word/byte swapping macros */
+#define USE_SWAP_MACROS 1
+
+#if old_way
+/* original static declarations */
+u1byte pow_tab[256];
+u1byte log_tab[256];
+u1byte sbx_tab[256];
+u1byte isb_tab[256];
+u4byte rco_tab[ 10];
+u4byte ft_tab[4][256];
+u4byte it_tab[4][256];
+
+#ifdef LARGE_TABLES
+ u4byte fl_tab[4][256];
+ u4byte il_tab[4][256];
+#endif
+#else /* new_way */
+u1byte *pow_tab; /* [POW_TAB_SIZE] */
+u1byte *log_tab; /* [LOG_TAB_SIZE] */;
+u1byte *sbx_tab; /* [SBX_TAB_SIZE] */
+u1byte *isb_tab; /* [ISB_TAB_SIZE] */
+u4byte *rco_tab; /* [RCO_TAB_SIZE] */
+u4byte (*ft_tab)[FT_TAB_SIZE_LS];
+u4byte (*it_tab)[IT_TAB_SIZE_LS];
+#ifdef LARGE_TABLES
+u4byte (*fl_tab)[FL_TAB_SIZE_LS];
+u4byte (*il_tab)[IL_TAB_SIZE_LS];
+#endif /* LARGE_TABLES */
+#endif /* new_way */
+
+#define ff_mult(a,b) (a && b ? pow_tab[(log_tab[a] + log_tab[b]) % 255] : 0)
+
+#define f_rn(bo, bi, n, k) \
+ bo[n] = ft_tab[0][byte(bi[n],0)] ^ \
+ ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
+ ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
+
+#define i_rn(bo, bi, n, k) \
+ bo[n] = it_tab[0][byte(bi[n],0)] ^ \
+ it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
+ it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
+
+#ifdef LARGE_TABLES
+
+#define ls_box(x) \
+ ( fl_tab[0][byte(x, 0)] ^ \
+ fl_tab[1][byte(x, 1)] ^ \
+ fl_tab[2][byte(x, 2)] ^ \
+ fl_tab[3][byte(x, 3)] )
+
+#define f_rl(bo, bi, n, k) \
+ bo[n] = fl_tab[0][byte(bi[n],0)] ^ \
+ fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
+ fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
+
+#define i_rl(bo, bi, n, k) \
+ bo[n] = il_tab[0][byte(bi[n],0)] ^ \
+ il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
+ il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
+
+#else
+
+#define ls_box(x) \
+ ((u4byte)sbx_tab[byte(x, 0)] << 0) ^ \
+ ((u4byte)sbx_tab[byte(x, 1)] << 8) ^ \
+ ((u4byte)sbx_tab[byte(x, 2)] << 16) ^ \
+ ((u4byte)sbx_tab[byte(x, 3)] << 24)
+
+#define f_rl(bo, bi, n, k) \
+ bo[n] = (u4byte)sbx_tab[byte(bi[n],0)] ^ \
+ rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \
+ rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \
+ rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n)
+
+#define i_rl(bo, bi, n, k) \
+ bo[n] = (u4byte)isb_tab[byte(bi[n],0)] ^ \
+ rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \
+ rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \
+ rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n)
+
+#endif
+
+void gen_tabs(void)
+{ u4byte i, t;
+ u1byte p, q;
+
+ /* log and power tables for GF(2**8) finite field with */
+ /* 0x11b as modular polynomial - the simplest prmitive */
+ /* root is 0x11, used here to generate the tables */
+
+ for(i = 0,p = 1; i < 256; ++i)
+ {
+ pow_tab[i] = (u1byte)p; log_tab[p] = (u1byte)i;
+
+ p = p ^ (p << 1) ^ (p & 0x80 ? 0x01b : 0);
+ }
+
+ log_tab[1] = 0; p = 1;
+
+ for(i = 0; i < 10; ++i)
+ {
+ rco_tab[i] = p;
+
+ p = (p << 1) ^ (p & 0x80 ? 0x1b : 0);
+ }
+
+ /* note that the affine byte transformation matrix in */
+ /* rijndael specification is in big endian format with */
+ /* bit 0 as the most significant bit. In the remainder */
+ /* of the specification the bits are numbered from the */
+ /* least significant end of a byte. */
+
+ for(i = 0; i < 256; ++i)
+ {
+ p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p;
+ q = (q >> 7) | (q << 1); p ^= q;
+ q = (q >> 7) | (q << 1); p ^= q;
+ q = (q >> 7) | (q << 1); p ^= q;
+ q = (q >> 7) | (q << 1); p ^= q ^ 0x63;
+ sbx_tab[i] = (u1byte)p; isb_tab[p] = (u1byte)i;
+ }
+
+ for(i = 0; i < 256; ++i)
+ {
+ p = sbx_tab[i];
+
+#ifdef LARGE_TABLES
+
+ t = p; fl_tab[0][i] = t;
+ fl_tab[1][i] = rotl(t, 8);
+ fl_tab[2][i] = rotl(t, 16);
+ fl_tab[3][i] = rotl(t, 24);
+#endif
+ t = ((u4byte)ff_mult(2, p)) |
+ ((u4byte)p << 8) |
+ ((u4byte)p << 16) |
+ ((u4byte)ff_mult(3, p) << 24);
+
+ ft_tab[0][i] = t;
+ ft_tab[1][i] = rotl(t, 8);
+ ft_tab[2][i] = rotl(t, 16);
+ ft_tab[3][i] = rotl(t, 24);
+
+ p = isb_tab[i];
+
+#ifdef LARGE_TABLES
+
+ t = p; il_tab[0][i] = t;
+ il_tab[1][i] = rotl(t, 8);
+ il_tab[2][i] = rotl(t, 16);
+ il_tab[3][i] = rotl(t, 24);
+#endif
+ t = ((u4byte)ff_mult(14, p)) |
+ ((u4byte)ff_mult( 9, p) << 8) |
+ ((u4byte)ff_mult(13, p) << 16) |
+ ((u4byte)ff_mult(11, p) << 24);
+
+ it_tab[0][i] = t;
+ it_tab[1][i] = rotl(t, 8);
+ it_tab[2][i] = rotl(t, 16);
+ it_tab[3][i] = rotl(t, 24);
+ }
+};
+
+#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
+
+#define imix_col(y,x) \
+ u = star_x(x); \
+ v = star_x(u); \
+ w = star_x(v); \
+ t = w ^ (x); \
+ (y) = u ^ v ^ w; \
+ (y) ^= rotr(u ^ t, 8) ^ \
+ rotr(v ^ t, 16) ^ \
+ rotr(t,24)
+
+/* initialise the key schedule from the user supplied key */
+
+#define loop4(i) \
+{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \
+ t ^= e_key[4 * i]; e_key[4 * i + 4] = t; \
+ t ^= e_key[4 * i + 1]; e_key[4 * i + 5] = t; \
+ t ^= e_key[4 * i + 2]; e_key[4 * i + 6] = t; \
+ t ^= e_key[4 * i + 3]; e_key[4 * i + 7] = t; \
+}
+
+#define loop6(i) \
+{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \
+ t ^= e_key[6 * i]; e_key[6 * i + 6] = t; \
+ t ^= e_key[6 * i + 1]; e_key[6 * i + 7] = t; \
+ t ^= e_key[6 * i + 2]; e_key[6 * i + 8] = t; \
+ t ^= e_key[6 * i + 3]; e_key[6 * i + 9] = t; \
+ t ^= e_key[6 * i + 4]; e_key[6 * i + 10] = t; \
+ t ^= e_key[6 * i + 5]; e_key[6 * i + 11] = t; \
+}
+
+#define loop8(i) \
+{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \
+ t ^= e_key[8 * i]; e_key[8 * i + 8] = t; \
+ t ^= e_key[8 * i + 1]; e_key[8 * i + 9] = t; \
+ t ^= e_key[8 * i + 2]; e_key[8 * i + 10] = t; \
+ t ^= e_key[8 * i + 3]; e_key[8 * i + 11] = t; \
+ t = e_key[8 * i + 4] ^ ls_box(t); \
+ e_key[8 * i + 12] = t; \
+ t ^= e_key[8 * i + 5]; e_key[8 * i + 13] = t; \
+ t ^= e_key[8 * i + 6]; e_key[8 * i + 14] = t; \
+ t ^= e_key[8 * i + 7]; e_key[8 * i + 15] = t; \
+}
+
+u4byte *set_key(
+ const u4byte in_key[],
+ const u4byte key_len,
+ GAesKey *aesKey)
+{ u4byte i, t, u, v, w;
+ u4byte *e_key = aesKey->e_key;
+ u4byte *d_key = aesKey->d_key;
+
+ aesKey->k_len = (key_len + 31) / 32;
+
+ #if USE_SWAP_MACROS
+ get_key(e_key, key_len);
+ #else
+ e_key[0] = in_key[0]; e_key[1] = in_key[1];
+ e_key[2] = in_key[2]; e_key[3] = in_key[3];
+ #endif
+
+ switch(aesKey->k_len)
+ {
+ case 4: t = e_key[3];
+ for(i = 0; i < 10; ++i)
+ loop4(i);
+ break;
+
+ case 6:
+ #if USE_SWAP_MACROS
+ t = e_key[5];
+ #else
+ /* done in get_key macros in USE_SWAP_MACROS case */
+ e_key[4] = in_key[4]; t = e_key[5] = in_key[5];
+ #endif
+ for(i = 0; i < 8; ++i)
+ loop6(i);
+ break;
+
+ case 8:
+ #if USE_SWAP_MACROS
+ t = e_key[7];
+ #else
+ e_key[4] = in_key[4]; e_key[5] = in_key[5];
+ e_key[6] = in_key[6]; t = e_key[7] = in_key[7];
+ #endif
+ for(i = 0; i < 7; ++i)
+ loop8(i);
+ break;
+ }
+
+ d_key[0] = e_key[0]; d_key[1] = e_key[1];
+ d_key[2] = e_key[2]; d_key[3] = e_key[3];
+
+ for(i = 4; i < 4 * aesKey->k_len + 24; ++i)
+ {
+ imix_col(d_key[i], e_key[i]);
+ }
+
+ return e_key;
+};
+
+/* encrypt a block of text */
+
+#define f_nround(bo, bi, k) \
+ f_rn(bo, bi, 0, k); \
+ f_rn(bo, bi, 1, k); \
+ f_rn(bo, bi, 2, k); \
+ f_rn(bo, bi, 3, k); \
+ k += 4
+
+#define f_lround(bo, bi, k) \
+ f_rl(bo, bi, 0, k); \
+ f_rl(bo, bi, 1, k); \
+ f_rl(bo, bi, 2, k); \
+ f_rl(bo, bi, 3, k)
+
+void rEncrypt(
+ const u4byte in_blk[4],
+ u4byte out_blk[4],
+ const GAesKey *aesKey)
+{
+ u4byte b0[4], b1[4], *kp;
+ u4byte *e_key = aesKey->e_key;
+
+ #if USE_SWAP_MACROS
+ u4byte swap_block[4];
+ get_block(swap_block);
+ b0[0] = swap_block[0] ^ e_key[0]; b0[1] = swap_block[1] ^ e_key[1];
+ b0[2] = swap_block[2] ^ e_key[2]; b0[3] = swap_block[3] ^ e_key[3];
+ #else
+ b0[0] = in_blk[0] ^ e_key[0]; b0[1] = in_blk[1] ^ e_key[1];
+ b0[2] = in_blk[2] ^ e_key[2]; b0[3] = in_blk[3] ^ e_key[3];
+ #endif
+
+ kp = e_key + 4;
+
+ if(aesKey->k_len > 6)
+ {
+ f_nround(b1, b0, kp); f_nround(b0, b1, kp);
+ }
+
+ if(aesKey->k_len > 4)
+ {
+ f_nround(b1, b0, kp); f_nround(b0, b1, kp);
+ }
+
+ f_nround(b1, b0, kp); f_nround(b0, b1, kp);
+ f_nround(b1, b0, kp); f_nround(b0, b1, kp);
+ f_nround(b1, b0, kp); f_nround(b0, b1, kp);
+ f_nround(b1, b0, kp); f_nround(b0, b1, kp);
+ f_nround(b1, b0, kp); f_lround(b0, b1, kp);
+
+ #if USE_SWAP_MACROS
+ put_block(b0);
+ #else
+ out_blk[0] = b0[0]; out_blk[1] = b0[1];
+ out_blk[2] = b0[2]; out_blk[3] = b0[3];
+ #endif
+};
+
+/* decrypt a block of text */
+
+#define i_nround(bo, bi, k) \
+ i_rn(bo, bi, 0, k); \
+ i_rn(bo, bi, 1, k); \
+ i_rn(bo, bi, 2, k); \
+ i_rn(bo, bi, 3, k); \
+ k -= 4
+
+#define i_lround(bo, bi, k) \
+ i_rl(bo, bi, 0, k); \
+ i_rl(bo, bi, 1, k); \
+ i_rl(bo, bi, 2, k); \
+ i_rl(bo, bi, 3, k)
+
+void rDecrypt(
+ const u4byte in_blk[4],
+ u4byte out_blk[4],
+ const GAesKey *aesKey)
+{
+ u4byte b0[4], b1[4], *kp;
+ u4byte *e_key = aesKey->e_key;
+ u4byte *d_key = aesKey->d_key;
+ u4byte k_len = aesKey->k_len;
+
+ #if USE_SWAP_MACROS
+ u4byte swap_block[4];
+ get_block(swap_block);
+ b0[0] = swap_block[0] ^ e_key[4 * k_len + 24];
+ b0[1] = swap_block[1] ^ e_key[4 * k_len + 25];
+ b0[2] = swap_block[2] ^ e_key[4 * k_len + 26];
+ b0[3] = swap_block[3] ^ e_key[4 * k_len + 27];
+ #else
+ b0[0] = in_blk[0] ^ e_key[4 * k_len + 24];
+ b0[1] = in_blk[1] ^ e_key[4 * k_len + 25];
+ b0[2] = in_blk[2] ^ e_key[4 * k_len + 26];
+ b0[3] = in_blk[3] ^ e_key[4 * k_len + 27];
+ #endif
+
+ kp = d_key + 4 * (k_len + 5);
+
+ if(k_len > 6)
+ {
+ i_nround(b1, b0, kp); i_nround(b0, b1, kp);
+ }
+
+ if(k_len > 4)
+ {
+ i_nround(b1, b0, kp); i_nround(b0, b1, kp);
+ }
+
+ i_nround(b1, b0, kp); i_nround(b0, b1, kp);
+ i_nround(b1, b0, kp); i_nround(b0, b1, kp);
+ i_nround(b1, b0, kp); i_nround(b0, b1, kp);
+ i_nround(b1, b0, kp); i_nround(b0, b1, kp);
+ i_nround(b1, b0, kp); i_lround(b0, b1, kp);
+
+ #if USE_SWAP_MACROS
+ put_block(b0);
+ #else
+ out_blk[0] = b0[0]; out_blk[1] = b0[1];
+ out_blk[2] = b0[2]; out_blk[3] = b0[3];
+ #endif
+};
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * rijndaelGladman.h - constants and macros for Gladman AES/Rijndael implementation.
+ * Based on std_defs.h written by Dr. Brian Gladman.
+ */
+
+
+
+/* 1. Standard types for AES cryptography source code */
+
+typedef unsigned char u1byte; /* an 8 bit unsigned character type */
+typedef unsigned short u2byte; /* a 16 bit unsigned integer type */
+typedef unsigned long u4byte; /* a 32 bit unsigned integer type */
+
+typedef signed char s1byte; /* an 8 bit signed character type */
+typedef signed short s2byte; /* a 16 bit signed integer type */
+typedef signed long s4byte; /* a 32 bit signed integer type */
+
+/* 2. Standard interface for AES cryptographic routines */
+
+/* These are all based on 32 bit unsigned values and will therefore */
+/* require endian conversions for big-endian architectures */
+
+#ifdef __cplusplus
+ extern "C"
+ {
+#endif
+
+ /*
+ * Lookup tables, dynamically allocated (by client) and generated (by
+ * gen_tabs())
+ */
+ #define LARGE_TABLES
+
+ #define POW_TAB_SIZE 256
+ #define LOG_TAB_SIZE 256
+ #define SBX_TAB_SIZE 256
+ #define ISB_TAB_SIZE 256
+ #define RCO_TAB_SIZE 10
+ #define FT_TAB_SIZE_MS 4
+ #define FT_TAB_SIZE_LS 256
+ #define IT_TAB_SIZE_MS 4
+ #define IT_TAB_SIZE_LS 256
+ extern u1byte *pow_tab; /* [POW_TAB_SIZE] */
+ extern u1byte *log_tab; /* [LOG_TAB_SIZE] */;
+ extern u1byte *sbx_tab; /* [SBX_TAB_SIZE] */
+ extern u1byte *isb_tab; /* [ISB_TAB_SIZE] */
+ extern u4byte *rco_tab; /* [RCO_TAB_SIZE] */
+ extern u4byte (*ft_tab)[FT_TAB_SIZE_LS];
+ extern u4byte (*it_tab)[IT_TAB_SIZE_LS];
+
+ #ifdef LARGE_TABLES
+ #define FL_TAB_SIZE_MS 4
+ #define FL_TAB_SIZE_LS 256
+ #define IL_TAB_SIZE_MS 4
+ #define IL_TAB_SIZE_LS 256
+ extern u4byte (*fl_tab)[FL_TAB_SIZE_LS];
+ extern u4byte (*il_tab)[IL_TAB_SIZE_LS];
+ #endif
+
+ typedef struct {
+ u4byte k_len;
+ u4byte e_key[64];
+ u4byte d_key[64];
+ } GAesKey;
+
+ void gen_tabs(void); // one-time-only table generate
+ u4byte *set_key(const u4byte in_key[], const u4byte key_len, GAesKey *aesKey);
+ void rEncrypt(const u4byte in_blk[4], u4byte out_blk[4], const GAesKey *aesKey);
+ void rDecrypt(const u4byte in_blk[4], u4byte out_blk[4], const GAesKey *aesKey);
+
+#ifdef __cplusplus
+ };
+#endif
+
+/* 3. Basic macros for speeding up generic operations */
+
+/* Circular rotate of 32 bit values */
+
+#ifdef _MSC_VER
+
+# include <stdlib.h>
+# pragma intrinsic(_lrotr,_lrotl)
+# define rotr(x,n) _lrotr(x,n)
+# define rotl(x,n) _lrotl(x,n)
+
+#else
+
+#define rotr(x,n) (((x) >> ((int)(n))) | ((x) << (32 - (int)(n))))
+#define rotl(x,n) (((x) << ((int)(n))) | ((x) >> (32 - (int)(n))))
+
+#endif
+
+/* Invert byte order in a 32 bit variable */
+
+#define bswap(x) ((rotl(x, 8) & 0x00ff00ff) | (rotr(x, 8) & 0xff00ff00))
+
+/* Extract byte from a 32 bit quantity (little endian notation) */
+
+#define byte(x,n) ((u1byte)((x) >> (8 * n)))
+
+/* For inverting byte order in input/output 32 bit words if needed */
+#ifdef __ppc__
+#define BYTE_SWAP
+#endif
+
+#ifdef BLOCK_SWAP
+#define BYTE_SWAP
+#define WORD_SWAP
+#endif
+
+#ifdef BYTE_SWAP
+#define io_swap(x) bswap(x)
+#else
+#define io_swap(x) (x)
+#endif
+
+/* For inverting the byte order of input/output blocks if needed */
+
+#ifdef WORD_SWAP
+
+#define get_block(x) \
+ ((u4byte*)(x))[0] = io_swap(in_blk[3]); \
+ ((u4byte*)(x))[1] = io_swap(in_blk[2]); \
+ ((u4byte*)(x))[2] = io_swap(in_blk[1]); \
+ ((u4byte*)(x))[3] = io_swap(in_blk[0])
+
+#define put_block(x) \
+ out_blk[3] = io_swap(((u4byte*)(x))[0]); \
+ out_blk[2] = io_swap(((u4byte*)(x))[1]); \
+ out_blk[1] = io_swap(((u4byte*)(x))[2]); \
+ out_blk[0] = io_swap(((u4byte*)(x))[3])
+
+#define get_key(x,len) \
+ ((u4byte*)(x))[4] = ((u4byte*)(x))[5] = \
+ ((u4byte*)(x))[6] = ((u4byte*)(x))[7] = 0; \
+ switch((((len) + 63) / 64)) { \
+ case 2: \
+ ((u4byte*)(x))[0] = io_swap(in_key[3]); \
+ ((u4byte*)(x))[1] = io_swap(in_key[2]); \
+ ((u4byte*)(x))[2] = io_swap(in_key[1]); \
+ ((u4byte*)(x))[3] = io_swap(in_key[0]); \
+ break; \
+ case 3: \
+ ((u4byte*)(x))[0] = io_swap(in_key[5]); \
+ ((u4byte*)(x))[1] = io_swap(in_key[4]); \
+ ((u4byte*)(x))[2] = io_swap(in_key[3]); \
+ ((u4byte*)(x))[3] = io_swap(in_key[2]); \
+ ((u4byte*)(x))[4] = io_swap(in_key[1]); \
+ ((u4byte*)(x))[5] = io_swap(in_key[0]); \
+ break; \
+ case 4: \
+ ((u4byte*)(x))[0] = io_swap(in_key[7]); \
+ ((u4byte*)(x))[1] = io_swap(in_key[6]); \
+ ((u4byte*)(x))[2] = io_swap(in_key[5]); \
+ ((u4byte*)(x))[3] = io_swap(in_key[4]); \
+ ((u4byte*)(x))[4] = io_swap(in_key[3]); \
+ ((u4byte*)(x))[5] = io_swap(in_key[2]); \
+ ((u4byte*)(x))[6] = io_swap(in_key[1]); \
+ ((u4byte*)(x))[7] = io_swap(in_key[0]); \
+ }
+
+#else
+
+#define get_block(x) \
+ ((u4byte*)(x))[0] = io_swap(in_blk[0]); \
+ ((u4byte*)(x))[1] = io_swap(in_blk[1]); \
+ ((u4byte*)(x))[2] = io_swap(in_blk[2]); \
+ ((u4byte*)(x))[3] = io_swap(in_blk[3])
+
+#define put_block(x) \
+ out_blk[0] = io_swap(((u4byte*)(x))[0]); \
+ out_blk[1] = io_swap(((u4byte*)(x))[1]); \
+ out_blk[2] = io_swap(((u4byte*)(x))[2]); \
+ out_blk[3] = io_swap(((u4byte*)(x))[3])
+
+#define get_key(x,len) \
+ ((u4byte*)(x))[4] = ((u4byte*)(x))[5] = \
+ ((u4byte*)(x))[6] = ((u4byte*)(x))[7] = 0; \
+ switch((((len) + 63) / 64)) { \
+ case 4: \
+ ((u4byte*)(x))[6] = io_swap(in_key[6]); \
+ ((u4byte*)(x))[7] = io_swap(in_key[7]); \
+ case 3: \
+ ((u4byte*)(x))[4] = io_swap(in_key[4]); \
+ ((u4byte*)(x))[5] = io_swap(in_key[5]); \
+ case 2: \
+ ((u4byte*)(x))[0] = io_swap(in_key[0]); \
+ ((u4byte*)(x))[1] = io_swap(in_key[1]); \
+ ((u4byte*)(x))[2] = io_swap(in_key[2]); \
+ ((u4byte*)(x))[3] = io_swap(in_key[3]); \
+ }
+
+#endif
return;
}
-#endif /* !ppc */
+#endif /* defined(__ppc__) && defined(ALTIVEC_ENABLE) */
+++ /dev/null
-// !$*UTF8*$!
-{
- archiveVersion = 1;
- classes = {
- };
- objectVersion = 32;
- objects = {
- 00B7C42CFEC78220D0A17CE7 = {
- isa = PBXFileReference;
- path = pkcs_7_8.cpp;
- refType = 4;
- };
- 00B7C42EFEC7824FD0A17CE7 = {
- isa = PBXFileReference;
- path = pkcs_7_8.h;
- refType = 4;
- };
- 00B7C430FEC78562D0A17CE7 = {
- isa = PBXFileReference;
- path = wrapKey.cpp;
- refType = 4;
- };
- 00B7C431FEC78562D0A17CE7 = {
- fileRef = 00B7C430FEC78562D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 00B95717FEBDE93ED0A17CE7 = {
- isa = PBXFileReference;
- path = AppleCSPUtils.cpp;
- refType = 4;
- };
- 00B95718FEBDE93ED0A17CE7 = {
- fileRef = 00B95717FEBDE93ED0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 00B95719FEBDEC98D0A17CE7 = {
- isa = PBXFileReference;
- path = AppleCSPUtils.h;
- refType = 4;
- };
- 00B9571AFEBDEC98D0A17CE7 = {
- fileRef = 00B95719FEBDEC98D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 00B9571BFEBDF916D0A17CE7 = {
- isa = PBXFileReference;
- path = BinaryKey.h;
- refType = 4;
- };
- 00B9571CFEBDF916D0A17CE7 = {
- fileRef = 00B9571BFEBDF916D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 00BBA18BFED05E75D0A17CE7 = {
- isa = PBXFileReference;
- name = HMACSHA1.c;
- path = PBKDF2/HMACSHA1.c;
- refType = 2;
- };
- 00BBA18CFED05E75D0A17CE7 = {
- isa = PBXFileReference;
- name = pbkdf2.c;
- path = PBKDF2/pbkdf2.c;
- refType = 2;
- };
- 00BBA18DFED05E75D0A17CE7 = {
- isa = PBXFileReference;
- name = HMACSHA1.h;
- path = PBKDF2/HMACSHA1.h;
- refType = 2;
- };
- 00BBA18EFED05E75D0A17CE7 = {
- isa = PBXFileReference;
- name = pbkdf2.h;
- path = PBKDF2/pbkdf2.h;
- refType = 2;
- };
- 00BBA18FFED05E75D0A17CE7 = {
- fileRef = 00BBA18DFED05E75D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 00BBA190FED05E75D0A17CE7 = {
- fileRef = 00BBA18EFED05E75D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 00BBA191FED05E75D0A17CE7 = {
- fileRef = 00BBA18BFED05E75D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 00BBA192FED05E75D0A17CE7 = {
- fileRef = 00BBA18CFED05E75D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 00BBA193FED060CED0A17CE7 = {
- isa = PBXFileReference;
- path = deriveKey.cpp;
- refType = 4;
- };
- 00BBA194FED060CED0A17CE7 = {
- fileRef = 00BBA193FED060CED0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 00FCF302FF28B8B011CD296C = {
- isa = PBXFileReference;
- path = wrapKeyCms.cpp;
- refType = 4;
- };
- 00FCF303FF28B8B011CD296C = {
- fileRef = 00FCF302FF28B8B011CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0144AEB60054261D7F000001 = {
- isa = PBXFileReference;
- name = BlockCryptor.h;
- path = AppleCSP/BlockCryptor.h;
- refType = 2;
- };
- 0144AEB70054261D7F000001 = {
- fileRef = 0144AEB60054261D7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0144AEB80054359B7F000001 = {
- isa = PBXFileReference;
- path = BlockCryptor.cpp;
- refType = 4;
- };
- 0144AEB90054359B7F000001 = {
- fileRef = 0144AEB80054359B7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 015F469500433E457F000001 = {
- isa = PBXFileReference;
- path = FEECSPUtils.h;
- refType = 4;
- };
- 015F469600433E457F000001 = {
- fileRef = 015F469500433E457F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 015F469700433ED37F000001 = {
- isa = PBXFileReference;
- path = FEECSPUtils.cpp;
- refType = 4;
- };
- 015F469800433ED37F000001 = {
- fileRef = 015F469700433ED37F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 015F46990044518E7F000001 = {
- isa = PBXFileReference;
- name = FEEKeys.h;
- path = CryptKitCSP/FEEKeys.h;
- refType = 2;
- };
- 015F469A0044518E7F000001 = {
- fileRef = 015F46990044518E7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 015F469B0044580E7F000001 = {
- isa = PBXFileReference;
- path = FEEKeys.cpp;
- refType = 4;
- };
- 015F469C0044580E7F000001 = {
- fileRef = 015F469B0044580E7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 015F469D00446C827F000001 = {
- isa = PBXFileReference;
- path = CryptKitSpace.h;
- refType = 4;
- };
- 015F469E00446C827F000001 = {
- fileRef = 015F469D00446C827F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 01847A450055487B7F000001 = {
- isa = PBXFileReference;
- path = FEEAsymmetricContext.h;
- refType = 4;
- };
- 01847A460055487B7F000001 = {
- fileRef = 01847A450055487B7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 01847A4700554A6C7F000001 = {
- isa = PBXFileReference;
- name = FEEAsymmetricContext.cpp;
- path = CryptKitCSP/FEEAsymmetricContext.cpp;
- refType = 2;
- };
- 01847A4800554A6C7F000001 = {
- fileRef = 01847A4700554A6C7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 01C17D02FF16DCC911CD283A = {
- children = (
- 2B8B5BBAFFF3E29A11CD283A,
- );
- isa = PBXGroup;
- name = Frameworks;
- refType = 4;
- };
- 023E3603001F8EB211CD283A = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- OTHER_LDFLAGS = "\U0001-dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Security:$(SYMROOT)/Security.framework/Versions/A/Security\"";
- };
- isa = PBXBuildStyle;
- name = "Build Folder";
- };
- 0806BF29FFD847D411CD296C = {
- isa = PBXBundleReference;
- path = AppleCSP.bundle;
- refType = 3;
- };
- 0806BF2AFFD847D411CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- };
- isa = PBXBuildStyle;
- name = Development;
- };
- 0806BF2BFFD847D411CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = YES;
- };
- isa = PBXBuildStyle;
- name = Deployment;
- };
- 09C40943FEAF7DAAD0A17CE7 = {
- isa = PBXFileReference;
- path = AppleCSP.cpp;
- refType = 4;
- };
- 09C40944FEAF7DAAD0A17CE7 = {
- fileRef = 09C40943FEAF7DAAD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 09C40945FEAF7E09D0A17CE7 = {
- isa = PBXFileReference;
- path = AppleCSP.h;
- refType = 4;
- };
- 09C40946FEAF7E09D0A17CE7 = {
- fileRef = 09C40945FEAF7E09D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0D5C9DCDFEAFAC09D0A17CE7 = {
- isa = PBXFileReference;
- name = debugging.c;
- path = AppleCSP/debugging.c;
- refType = 2;
- };
- 0D5C9DCEFEAFAC09D0A17CE7 = {
- isa = PBXFileReference;
- name = debugging.h;
- path = AppleCSP/debugging.h;
- refType = 2;
- };
- 0D5C9DCFFEAFAC09D0A17CE7 = {
- fileRef = 0D5C9DCEFEAFAC09D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0D5C9DD0FEAFAC09D0A17CE7 = {
- fileRef = 0D5C9DCDFEAFAC09D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0FD07C9DFE8A174411CD283A = {
- buildStyles = (
- 0806BF2AFFD847D411CD296C,
- 0806BF2BFFD847D411CD296C,
- 023E3603001F8EB211CD283A,
- );
- isa = PBXProject;
- mainGroup = 0FD07C9EFE8A174411CD283A;
- productRefGroup = 0FD07CBFFE8A1A0011CD283A;
- projectDirPath = .;
- targets = (
- 0FD07C9FFE8A17DE11CD283A,
- 6D8679A7FE9E75CF11CD296C,
- 22FA741EFE8A468311CD283A,
- 22FA7434FE8A468311CD283A,
- );
- };
- 0FD07C9EFE8A174411CD283A = {
- children = (
- 22FA7442FE8A470511CD283A,
- 22FA7784FE8A470511CD283A,
- 22FA7799FE8A470511CD283A,
- 22FA77F8FE8A470511CD283A,
- 17CFEF85FF8A5A84D0A17CE7,
- 01C17D02FF16DCC911CD283A,
- 0FD07CBFFE8A1A0011CD283A,
- );
- isa = PBXGroup;
- refType = 4;
- };
- 0FD07C9FFE8A17DE11CD283A = {
- buildPhases = (
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\"";
- INSTALL_PATH = /;
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = world;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 1118B012FE8AE31F11CD296C,
- );
- isa = PBXAggregateTarget;
- name = world;
- productInstallPath = /;
- productName = world;
- shouldUseHeadermap = 0;
- };
- 0FD07CBFFE8A1A0011CD283A = {
- children = (
- 0806BF29FFD847D411CD296C,
- );
- isa = PBXGroup;
- name = Products;
- path = "";
- refType = 3;
- };
- 1118B012FE8AE31F11CD296C = {
- isa = PBXTargetDependency;
- target = 22FA741EFE8A468311CD283A;
- };
- 17CFEF85FF8A5A84D0A17CE7 = {
- children = (
- 1972C1CB00430D427F000001,
- 1972C1CC00430D427F000001,
- 1972C1C900430C1C7F000001,
- 1972C1A3004307DF7F000001,
- 1972C19B0043075C7F000001,
- 1972C19C0043075C7F000001,
- 1972C19D0043075C7F000001,
- 1972C19E0043075C7F000001,
- );
- isa = PBXGroup;
- name = AES;
- refType = 4;
- };
- 1871086FFF1549F211CD283A = {
- isa = PBXLibraryReference;
- name = libCryptKit.a;
- path = /MacOS9/Projects/build/libCryptKit.a;
- refType = 0;
- };
- 1972C192004306477F000001 = {
- isa = PBXTargetDependency;
- target = 6D8679A7FE9E75CF11CD296C;
- };
- 1972C19B0043075C7F000001 = {
- isa = PBXFileReference;
- name = "rijndael-alg-ref.c";
- path = "AES/rijndael-alg-ref.c";
- refType = 4;
- };
- 1972C19C0043075C7F000001 = {
- isa = PBXFileReference;
- name = "rijndael-alg-ref.h";
- path = "AES/rijndael-alg-ref.h";
- refType = 4;
- };
- 1972C19D0043075C7F000001 = {
- isa = PBXFileReference;
- name = rijndaelApi.c;
- path = AES/rijndaelApi.c;
- refType = 4;
- };
- 1972C19E0043075C7F000001 = {
- isa = PBXFileReference;
- name = rijndaelApi.h;
- path = AES/rijndaelApi.h;
- refType = 4;
- };
- 1972C19F0043075C7F000001 = {
- fileRef = 1972C19C0043075C7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1A00043075C7F000001 = {
- fileRef = 1972C19E0043075C7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1A10043075C7F000001 = {
- fileRef = 1972C19B0043075C7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1A20043075C7F000001 = {
- fileRef = 1972C19D0043075C7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1A3004307DF7F000001 = {
- isa = PBXFileReference;
- name = "boxes-ref.h";
- path = "AES/boxes-ref.h";
- refType = 4;
- };
- 1972C1A4004307DF7F000001 = {
- fileRef = 1972C1A3004307DF7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1A5004308417F000001 = {
- isa = PBXFileReference;
- path = cryptkitcsp.cpp;
- refType = 4;
- };
- 1972C1A6004308417F000001 = {
- isa = PBXFileReference;
- path = cryptkitcsp.h;
- refType = 4;
- };
- 1972C1A7004308417F000001 = {
- isa = PBXFileReference;
- path = DigestContext.cpp;
- refType = 4;
- };
- 1972C1A8004308417F000001 = {
- isa = PBXFileReference;
- path = DigestContext.h;
- refType = 4;
- };
- 1972C1A9004308417F000001 = {
- isa = PBXFileReference;
- path = DigestObject.cpp;
- refType = 4;
- };
- 1972C1AA004308417F000001 = {
- isa = PBXFileReference;
- path = DigestObject.h;
- refType = 4;
- };
- 1972C1AB004308417F000001 = {
- fileRef = 1972C1A6004308417F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1AC004308417F000001 = {
- fileRef = 1972C1A8004308417F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1AD004308417F000001 = {
- fileRef = 1972C1AA004308417F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1AE004308417F000001 = {
- fileRef = 1972C1A5004308417F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1AF004308417F000001 = {
- fileRef = 1972C1A7004308417F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1B0004308417F000001 = {
- fileRef = 1972C1A9004308417F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1B1004308907F000001 = {
- isa = PBXFileReference;
- path = algmaker.cpp;
- refType = 4;
- };
- 1972C1B2004308907F000001 = {
- isa = PBXFileReference;
- path = bsafeAsymmetric.cpp;
- refType = 4;
- };
- 1972C1B3004308907F000001 = {
- isa = PBXFileReference;
- path = bsafeContext.cpp;
- refType = 4;
- };
- 1972C1B4004308907F000001 = {
- isa = PBXFileReference;
- path = bsafecsp.h;
- refType = 4;
- };
- 1972C1B5004308907F000001 = {
- isa = PBXFileReference;
- path = bsafecspi.h;
- refType = 4;
- };
- 1972C1B6004308907F000001 = {
- isa = PBXFileReference;
- path = bsafeKeyGen.cpp;
- refType = 4;
- };
- 1972C1B7004308907F000001 = {
- isa = PBXFileReference;
- path = bsafePKCS1.cpp;
- refType = 4;
- };
- 1972C1B8004308907F000001 = {
- isa = PBXFileReference;
- path = bsafePKCS1.h;
- refType = 4;
- };
- 1972C1B9004308907F000001 = {
- isa = PBXFileReference;
- path = bsafeSymmetric.cpp;
- refType = 4;
- };
- 1972C1BA004308907F000001 = {
- isa = PBXFileReference;
- path = bsobjects.h;
- refType = 4;
- };
- 1972C1BB004308907F000001 = {
- isa = PBXFileReference;
- path = memory.cpp;
- refType = 4;
- };
- 1972C1BC004308907F000001 = {
- isa = PBXFileReference;
- path = miscalgorithms.cpp;
- refType = 4;
- };
- 1972C1BD004308907F000001 = {
- fileRef = 1972C1B4004308907F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1BE004308907F000001 = {
- fileRef = 1972C1B5004308907F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1BF004308907F000001 = {
- fileRef = 1972C1B8004308907F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1C0004308907F000001 = {
- fileRef = 1972C1BA004308907F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1C1004308907F000001 = {
- fileRef = 1972C1B1004308907F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1C2004308907F000001 = {
- fileRef = 1972C1B2004308907F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1C3004308907F000001 = {
- fileRef = 1972C1B3004308907F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1C4004308907F000001 = {
- fileRef = 1972C1B6004308907F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1C5004308907F000001 = {
- fileRef = 1972C1B7004308907F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1C6004308907F000001 = {
- fileRef = 1972C1B9004308907F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1C7004308907F000001 = {
- fileRef = 1972C1BB004308907F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1C8004308907F000001 = {
- fileRef = 1972C1BC004308907F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1C900430C1C7F000001 = {
- isa = PBXFileReference;
- name = aescsp.cpp;
- path = AES/aescsp.cpp;
- refType = 4;
- };
- 1972C1CA00430C1C7F000001 = {
- fileRef = 1972C1C900430C1C7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1CB00430D427F000001 = {
- isa = PBXFileReference;
- name = aescsp.h;
- path = AES/aescsp.h;
- refType = 4;
- };
- 1972C1CC00430D427F000001 = {
- isa = PBXFileReference;
- name = aescspi.h;
- path = AES/aescspi.h;
- refType = 4;
- };
- 1972C1CD00430D427F000001 = {
- fileRef = 1972C1CB00430D427F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1CE00430D427F000001 = {
- fileRef = 1972C1CC00430D427F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1CF004320A27F000001 = {
- isa = PBXFileReference;
- path = FEESignatureObject.h;
- refType = 4;
- };
- 1972C1D0004320A27F000001 = {
- fileRef = 1972C1CF004320A27F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1D2004324407F000001 = {
- isa = PBXFileReference;
- path = FEESignatureObject.cpp;
- refType = 4;
- };
- 1972C1D3004324407F000001 = {
- fileRef = 1972C1D2004324407F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1D400432DF47F000001 = {
- isa = PBXFileReference;
- name = FEESignatureContext.h;
- path = CryptKitCSP/FEESignatureContext.h;
- refType = 2;
- };
- 1972C1D500432DF47F000001 = {
- fileRef = 1972C1D400432DF47F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1972C1D6004330C77F000001 = {
- isa = PBXFileReference;
- name = FEESignatureContext.cpp;
- path = CryptKitCSP/FEESignatureContext.cpp;
- refType = 2;
- };
- 1972C1D7004330C77F000001 = {
- fileRef = 1972C1D6004330C77F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1D96D506FEB620B6D0A17CE7 = {
- isa = PBXFileReference;
- name = AppleCSPContext.h;
- path = AppleCSP/AppleCSPContext.h;
- refType = 2;
- };
- 1D96D507FEB620B6D0A17CE7 = {
- fileRef = 1D96D506FEB620B6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1D96D50FFEB63683D0A17CE7 = {
- isa = PBXFileReference;
- name = AppleCSPContext.cpp;
- path = AppleCSP/AppleCSPContext.cpp;
- refType = 2;
- };
- 1D96D510FEB63683D0A17CE7 = {
- fileRef = 1D96D50FFEB63683D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 1DF71D5FFF31105711CD283A = {
- isa = PBXFileReference;
- path = cssmplugin.exp;
- refType = 4;
- };
- 1DF71D60FF31105711CD283A = {
- fileRef = 1DF71D5FFF31105711CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA741EFE8A468311CD283A = {
- buildPhases = (
- 22FA741FFE8A468311CD283A,
- 22FA7420FE8A468311CD283A,
- 22FA7421FE8A468311CD283A,
- 22FA7422FE8A468311CD283A,
- 22FA7423FE8A468311CD283A,
- );
- buildSettings = {
- DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O2";
- EXPORTED_SYMBOLS_FILE = AppleCSP/cssmplugin.exp;
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SYMROOT)/BSafe.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/BSafe.framework/Headers\"";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security";
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "-O1";
- OTHER_CFLAGS = "-pipe -DVDADER_RULES -DALLOW_ZERO_PASSWORD";
- OTHER_LDFLAGS = "-bundle -undefined error";
- OTHER_REZFLAGS = "";
- PRELINK_FLAGS = "-L$(SYMROOT)";
- PRELINK_LIBS = "-lBSafe -lCryptKit -lstdc++";
- PRODUCT_NAME = AppleCSP;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas -Wno-format";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 1972C192004306477F000001,
- );
- isa = PBXBundleTarget;
- name = AppleCSP;
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/Security";
- productName = AppleCSP;
- productReference = 0806BF29FFD847D411CD296C;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict>
- <key>CFBundleDevelopmentRegion</key>
- <string>English</string>
- <key>CFBundleExecutable</key>
- <string>AppleCSP</string>
- <key>CFBundleGetInfoString</key>
- <string></string>
- <key>CFBundleIdentifier</key>
- <string>com.apple.applecsp</string>
- <key>CFBundleInfoDictionaryVersion</key>
- <string>6.0</string>
- <key>CFBundleName</key>
- <string>AppleCSP</string>
- <key>CFBundlePackageType</key>
- <string>BNDL</string>
- <key>CFBundleShortVersionString</key>
- <string>1.0</string>
- <key>CFBundleSignature</key>
- <string>????</string>
- <key>CFBundleVersion</key>
- <string>AppleCSP 1.0</string>
-</dict>
-</plist>
-";
- shouldUseHeadermap = 1;
- };
- 22FA741FFE8A468311CD283A = {
- buildActionMask = 2147483647;
- files = (
- 09C40946FEAF7E09D0A17CE7,
- 0D5C9DCFFEAFAC09D0A17CE7,
- 1D96D507FEB620B6D0A17CE7,
- 27CADDA2FEB8CBB7D0A17CE7,
- 00B9571AFEBDEC98D0A17CE7,
- 00B9571CFEBDF916D0A17CE7,
- 00BBA18FFED05E75D0A17CE7,
- 00BBA190FED05E75D0A17CE7,
- 1972C1CD00430D427F000001,
- 1972C1CE00430D427F000001,
- 1972C19F0043075C7F000001,
- 1972C1A00043075C7F000001,
- 1972C1A4004307DF7F000001,
- 1972C1AB004308417F000001,
- 1972C1AC004308417F000001,
- 1972C1AD004308417F000001,
- 1972C1BD004308907F000001,
- 1972C1BE004308907F000001,
- 1972C1BF004308907F000001,
- 1972C1C0004308907F000001,
- 1972C1D0004320A27F000001,
- 1972C1D500432DF47F000001,
- 015F469600433E457F000001,
- 015F469A0044518E7F000001,
- 015F469E00446C827F000001,
- 0144AEB70054261D7F000001,
- 01847A460055487B7F000001,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 22FA7420FE8A468311CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 22FA7421FE8A468311CD283A = {
- buildActionMask = 2147483647;
- files = (
- 09C40944FEAF7DAAD0A17CE7,
- 0D5C9DD0FEAFAC09D0A17CE7,
- 1D96D510FEB63683D0A17CE7,
- 00B95718FEBDE93ED0A17CE7,
- 00B7C431FEC78562D0A17CE7,
- 00BBA191FED05E75D0A17CE7,
- 00BBA192FED05E75D0A17CE7,
- 00BBA194FED060CED0A17CE7,
- 00FCF303FF28B8B011CD296C,
- 1DF71D60FF31105711CD283A,
- 1972C1CA00430C1C7F000001,
- 1972C1A10043075C7F000001,
- 1972C1A20043075C7F000001,
- 1972C1AE004308417F000001,
- 1972C1AF004308417F000001,
- 1972C1B0004308417F000001,
- 1972C1C1004308907F000001,
- 1972C1C2004308907F000001,
- 1972C1C3004308907F000001,
- 1972C1C4004308907F000001,
- 1972C1C5004308907F000001,
- 1972C1C6004308907F000001,
- 1972C1C7004308907F000001,
- 1972C1C8004308907F000001,
- 1972C1D3004324407F000001,
- 1972C1D7004330C77F000001,
- 015F469800433ED37F000001,
- 015F469C0044580E7F000001,
- 0144AEB90054359B7F000001,
- 01847A4800554A6C7F000001,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 22FA7422FE8A468311CD283A = {
- buildActionMask = 2147483647;
- files = (
- 2B8B5BBBFFF3E29A11CD283A,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 22FA7423FE8A468311CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 22FA7434FE8A468311CD283A = {
- buildPhases = (
- 22FA7435FE8A468311CD283A,
- 22FA7436FE8A468311CD283A,
- 22FA7437FE8A468311CD283A,
- 22FA7438FE8A468311CD283A,
- );
- buildSettings = {
- DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O2 -fno-inline";
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\"";
- INSTALL_PATH = /usr/local/lib;
- LIBRARY_SEARCH_PATHS = "";
- LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "-O2 -fno-inline";
- OTHER_CFLAGS = "-pipe";
- OTHER_LDFLAGS = "";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = libCryptKit.a;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXLibraryTarget;
- name = CryptKit;
- productInstallPath = /usr/local/lib;
- productName = libCryptKit.a;
- productReference = 1871086FFF1549F211CD283A;
- shouldUseHeadermap = 1;
- };
- 22FA7435FE8A468311CD283A = {
- buildActionMask = 2147483647;
- files = (
- 22FA7B38FE8A470611CD283A,
- 22FA7B39FE8A470611CD283A,
- 22FA7B3AFE8A470611CD283A,
- 22FA7B3BFE8A470611CD283A,
- 22FA7B3CFE8A470611CD283A,
- 22FA7B3DFE8A470611CD283A,
- 22FA7B3FFE8A470611CD283A,
- 22FA7B40FE8A470611CD283A,
- 22FA7B41FE8A470611CD283A,
- 22FA7B42FE8A470611CD283A,
- 22FA7B43FE8A470611CD283A,
- 22FA7B44FE8A470611CD283A,
- 22FA7B45FE8A470611CD283A,
- 22FA7B46FE8A470611CD283A,
- 22FA7B47FE8A470611CD283A,
- 22FA7B48FE8A470611CD283A,
- 22FA7B49FE8A470611CD283A,
- 22FA7B4AFE8A470611CD283A,
- 22FA7B4BFE8A470611CD283A,
- 22FA7B4CFE8A470611CD283A,
- 22FA7B4DFE8A470611CD283A,
- 22FA7B4EFE8A470611CD283A,
- 22FA7B4FFE8A470611CD283A,
- 22FA7B50FE8A470611CD283A,
- 22FA7B51FE8A470611CD283A,
- 22FA7B52FE8A470611CD283A,
- 22FA7B53FE8A470611CD283A,
- 22FA7B54FE8A470611CD283A,
- 22FA7B55FE8A470611CD283A,
- 22FA7B56FE8A470611CD283A,
- 22FA7B57FE8A470611CD283A,
- 22FA7B58FE8A470611CD283A,
- 22FA7B59FE8A470611CD283A,
- 22FA7B5AFE8A470611CD283A,
- 22FA7B63FE8A470611CD283A,
- 22FA7B64FE8A470611CD283A,
- 22FA7B65FE8A470611CD283A,
- 22FA7B66FE8A470611CD283A,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 22FA7436FE8A468311CD283A = {
- buildActionMask = 2147483647;
- files = (
- 22FA7B67FE8A470611CD283A,
- 22FA7B68FE8A470611CD283A,
- 22FA7B69FE8A470611CD283A,
- 22FA7B6AFE8A470611CD283A,
- 22FA7B6BFE8A470611CD283A,
- 22FA7B6CFE8A470611CD283A,
- 22FA7B6DFE8A470611CD283A,
- 22FA7B6EFE8A470611CD283A,
- 22FA7B70FE8A470611CD283A,
- 22FA7B71FE8A470611CD283A,
- 22FA7B72FE8A470611CD283A,
- 22FA7B73FE8A470611CD283A,
- 22FA7B74FE8A470611CD283A,
- 22FA7B75FE8A470611CD283A,
- 22FA7B76FE8A470611CD283A,
- 22FA7B77FE8A470611CD283A,
- 22FA7B78FE8A470611CD283A,
- 22FA7B79FE8A470611CD283A,
- 22FA7B7AFE8A470611CD283A,
- 22FA7B7CFE8A470611CD283A,
- 22FA7B7DFE8A470611CD283A,
- 22FA7B7EFE8A470611CD283A,
- 22FA7B85FE8A470611CD283A,
- 22FA7B86FE8A470611CD283A,
- 22FA7B87FE8A470611CD283A,
- 22FA7B88FE8A470611CD283A,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 22FA7437FE8A468311CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 22FA7438FE8A468311CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 22FA7442FE8A470511CD283A = {
- children = (
- 09C40943FEAF7DAAD0A17CE7,
- 1D96D50FFEB63683D0A17CE7,
- 00B95717FEBDE93ED0A17CE7,
- 0144AEB80054359B7F000001,
- 0D5C9DCDFEAFAC09D0A17CE7,
- 00BBA193FED060CED0A17CE7,
- 00BBA18BFED05E75D0A17CE7,
- 00BBA18CFED05E75D0A17CE7,
- 00B7C42CFEC78220D0A17CE7,
- 00B7C430FEC78562D0A17CE7,
- 00FCF302FF28B8B011CD296C,
- 09C40945FEAF7E09D0A17CE7,
- 1D96D506FEB620B6D0A17CE7,
- 27CADDA1FEB8CBB7D0A17CE7,
- 00B95719FEBDEC98D0A17CE7,
- 00B9571BFEBDF916D0A17CE7,
- 0144AEB60054261D7F000001,
- 0D5C9DCEFEAFAC09D0A17CE7,
- 00BBA18DFED05E75D0A17CE7,
- 00BBA18EFED05E75D0A17CE7,
- 00B7C42EFEC7824FD0A17CE7,
- 1DF71D5FFF31105711CD283A,
- );
- isa = PBXGroup;
- path = AppleCSP;
- refType = 4;
- };
- 22FA7784FE8A470511CD283A = {
- children = (
- 1972C1B1004308907F000001,
- 1972C1B2004308907F000001,
- 1972C1B3004308907F000001,
- 1972C1B4004308907F000001,
- 1972C1B5004308907F000001,
- 1972C1B6004308907F000001,
- 1972C1B7004308907F000001,
- 1972C1B8004308907F000001,
- 1972C1B9004308907F000001,
- 1972C1BA004308907F000001,
- 1972C1BB004308907F000001,
- 1972C1BC004308907F000001,
- );
- isa = PBXGroup;
- path = BSafeCSP;
- refType = 4;
- };
- 22FA7799FE8A470511CD283A = {
- children = (
- 22FA779CFE8A470511CD283A,
- 22FA779DFE8A470511CD283A,
- 22FA77A0FE8A470511CD283A,
- 22FA77A1FE8A470511CD283A,
- 22FA77A2FE8A470511CD283A,
- 22FA77A3FE8A470511CD283A,
- 22FA77A4FE8A470511CD283A,
- 22FA77A5FE8A470511CD283A,
- 22FA77A6FE8A470511CD283A,
- 22FA77AAFE8A470511CD283A,
- 22FA77ABFE8A470511CD283A,
- 22FA77ACFE8A470511CD283A,
- 22FA77ADFE8A470511CD283A,
- 22FA77AEFE8A470511CD283A,
- 22FA77AFFE8A470511CD283A,
- 22FA77B0FE8A470511CD283A,
- 22FA77B1FE8A470511CD283A,
- 22FA77B2FE8A470511CD283A,
- 22FA77B3FE8A470511CD283A,
- 22FA77B4FE8A470511CD283A,
- 22FA77B5FE8A470511CD283A,
- 22FA77B6FE8A470511CD283A,
- 22FA77B8FE8A470511CD283A,
- 22FA77B9FE8A470511CD283A,
- 22FA77BAFE8A470511CD283A,
- 22FA77BBFE8A470511CD283A,
- 22FA77BCFE8A470511CD283A,
- 22FA77BDFE8A470511CD283A,
- 22FA77BEFE8A470511CD283A,
- 22FA77BFFE8A470511CD283A,
- 22FA77C0FE8A470511CD283A,
- 22FA77C1FE8A470511CD283A,
- 22FA77C2FE8A470511CD283A,
- 22FA77C3FE8A470511CD283A,
- 22FA77C4FE8A470511CD283A,
- 22FA77C5FE8A470511CD283A,
- 22FA77C6FE8A470511CD283A,
- 22FA77C7FE8A470511CD283A,
- 22FA77C8FE8A470511CD283A,
- 22FA77C9FE8A470511CD283A,
- 22FA77CAFE8A470511CD283A,
- 22FA77CBFE8A470511CD283A,
- 22FA77CCFE8A470511CD283A,
- 22FA77CDFE8A470511CD283A,
- 22FA77CEFE8A470511CD283A,
- 22FA77CFFE8A470511CD283A,
- 22FA77D0FE8A470511CD283A,
- 22FA77D1FE8A470511CD283A,
- 22FA77D2FE8A470511CD283A,
- 22FA77D3FE8A470511CD283A,
- 22FA77D4FE8A470511CD283A,
- 22FA77D5FE8A470511CD283A,
- 22FA77D6FE8A470511CD283A,
- 22FA77D7FE8A470511CD283A,
- 22FA77D8FE8A470511CD283A,
- 22FA77D9FE8A470511CD283A,
- 22FA77DCFE8A470511CD283A,
- 22FA77DDFE8A470511CD283A,
- 22FA77ECFE8A470511CD283A,
- 22FA77EDFE8A470511CD283A,
- 22FA77F0FE8A470511CD283A,
- 22FA77F1FE8A470511CD283A,
- 22FA77F2FE8A470511CD283A,
- 22FA77F3FE8A470511CD283A,
- 22FA77F6FE8A470511CD283A,
- 22FA77F7FE8A470511CD283A,
- );
- isa = PBXGroup;
- path = CryptKit;
- refType = 4;
- };
- 22FA779CFE8A470511CD283A = {
- isa = PBXFileReference;
- path = byteRep.c;
- refType = 4;
- };
- 22FA779DFE8A470511CD283A = {
- isa = PBXFileReference;
- path = byteRep.h;
- refType = 4;
- };
- 22FA77A0FE8A470511CD283A = {
- isa = PBXFileReference;
- path = CipherFileDES.c;
- refType = 4;
- };
- 22FA77A1FE8A470511CD283A = {
- isa = PBXFileReference;
- path = CipherFileDES.h;
- refType = 4;
- };
- 22FA77A2FE8A470511CD283A = {
- isa = PBXFileReference;
- path = CipherFileFEED.c;
- refType = 4;
- };
- 22FA77A3FE8A470511CD283A = {
- isa = PBXFileReference;
- path = CipherFileFEED.h;
- refType = 4;
- };
- 22FA77A4FE8A470511CD283A = {
- isa = PBXFileReference;
- path = CipherFileTypes.h;
- refType = 4;
- };
- 22FA77A5FE8A470511CD283A = {
- isa = PBXFileReference;
- path = config.h;
- refType = 4;
- };
- 22FA77A6FE8A470511CD283A = {
- isa = PBXFileReference;
- path = Crypt.h;
- refType = 4;
- };
- 22FA77AAFE8A470511CD283A = {
- isa = PBXFileReference;
- path = curveParams.c;
- refType = 4;
- };
- 22FA77ABFE8A470511CD283A = {
- isa = PBXFileReference;
- path = curveParams.h;
- refType = 4;
- };
- 22FA77ACFE8A470511CD283A = {
- isa = PBXFileReference;
- path = DES.c;
- refType = 4;
- };
- 22FA77ADFE8A470511CD283A = {
- isa = PBXFileReference;
- path = DES.h;
- refType = 4;
- };
- 22FA77AEFE8A470511CD283A = {
- isa = PBXFileReference;
- path = ECDSA_Profile.h;
- refType = 4;
- };
- 22FA77AFFE8A470511CD283A = {
- isa = PBXFileReference;
- path = ECDSA_Verify_Prefix.h;
- refType = 4;
- };
- 22FA77B0FE8A470511CD283A = {
- isa = PBXFileReference;
- path = elliptic.c;
- refType = 4;
- };
- 22FA77B1FE8A470511CD283A = {
- isa = PBXFileReference;
- path = elliptic.h;
- refType = 4;
- };
- 22FA77B2FE8A470511CD283A = {
- isa = PBXFileReference;
- path = ellipticMeasure.h;
- refType = 4;
- };
- 22FA77B3FE8A470511CD283A = {
- isa = PBXFileReference;
- path = ellipticProj.c;
- refType = 4;
- };
- 22FA77B4FE8A470511CD283A = {
- isa = PBXFileReference;
- path = ellipticProj.h;
- refType = 4;
- };
- 22FA77B5FE8A470511CD283A = {
- isa = PBXFileReference;
- path = enc64.c;
- refType = 4;
- };
- 22FA77B6FE8A470511CD283A = {
- isa = PBXFileReference;
- path = enc64.h;
- refType = 4;
- };
- 22FA77B8FE8A470511CD283A = {
- isa = PBXFileReference;
- path = falloc.c;
- refType = 4;
- };
- 22FA77B9FE8A470511CD283A = {
- isa = PBXFileReference;
- path = falloc.h;
- refType = 4;
- };
- 22FA77BAFE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeCipherFile.c;
- refType = 4;
- };
- 22FA77BBFE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeCipherFile.h;
- refType = 4;
- };
- 22FA77BCFE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeCipherFileAtom.c;
- refType = 4;
- };
- 22FA77BDFE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeDebug.h;
- refType = 4;
- };
- 22FA77BEFE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeDES.c;
- refType = 4;
- };
- 22FA77BFFE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeDES.h;
- refType = 4;
- };
- 22FA77C0FE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeDigitalSignature.c;
- refType = 4;
- };
- 22FA77C1FE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeDigitalSignature.h;
- refType = 4;
- };
- 22FA77C2FE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeECDSA.c;
- refType = 4;
- };
- 22FA77C3FE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeECDSA.h;
- refType = 4;
- };
- 22FA77C4FE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeFEED.c;
- refType = 4;
- };
- 22FA77C5FE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeFEED.h;
- refType = 4;
- };
- 22FA77C6FE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeFEEDExp.c;
- refType = 4;
- };
- 22FA77C7FE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeFEEDExp.h;
- refType = 4;
- };
- 22FA77C8FE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeFunctions.h;
- refType = 4;
- };
- 22FA77C9FE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeHash.c;
- refType = 4;
- };
- 22FA77CAFE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeHash.h;
- refType = 4;
- };
- 22FA77CBFE8A470511CD283A = {
- isa = PBXFileReference;
- path = feePublicKey.c;
- refType = 4;
- };
- 22FA77CCFE8A470511CD283A = {
- isa = PBXFileReference;
- path = feePublicKey.h;
- refType = 4;
- };
- 22FA77CDFE8A470511CD283A = {
- isa = PBXFileReference;
- path = feePublicKeyPrivate.h;
- refType = 4;
- };
- 22FA77CEFE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeRandom.c;
- refType = 4;
- };
- 22FA77CFFE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeRandom.h;
- refType = 4;
- };
- 22FA77D0FE8A470511CD283A = {
- isa = PBXFileReference;
- path = feeTypes.h;
- refType = 4;
- };
- 22FA77D1FE8A470511CD283A = {
- isa = PBXFileReference;
- path = giantFFT.c;
- refType = 4;
- };
- 22FA77D2FE8A470511CD283A = {
- isa = PBXFileReference;
- path = giantIntegers.c;
- refType = 4;
- };
- 22FA77D3FE8A470511CD283A = {
- isa = PBXFileReference;
- path = giantIntegers.h;
- refType = 4;
- };
- 22FA77D4FE8A470511CD283A = {
- isa = PBXFileReference;
- path = giantPort_Generic.h;
- refType = 4;
- };
- 22FA77D5FE8A470511CD283A = {
- isa = PBXFileReference;
- path = giantPort_i486.h;
- refType = 4;
- };
- 22FA77D6FE8A470511CD283A = {
- isa = PBXFileReference;
- path = giantPort_i486.s;
- refType = 4;
- };
- 22FA77D7FE8A470511CD283A = {
- isa = PBXFileReference;
- path = giantPort_PPC.c;
- refType = 4;
- };
- 22FA77D8FE8A470511CD283A = {
- isa = PBXFileReference;
- path = giantPort_PPC.h;
- refType = 4;
- };
- 22FA77D9FE8A470511CD283A = {
- isa = PBXFileReference;
- path = giantPortCommon.h;
- refType = 4;
- };
- 22FA77DCFE8A470511CD283A = {
- isa = PBXFileReference;
- path = MD5.c;
- refType = 4;
- };
- 22FA77DDFE8A470511CD283A = {
- isa = PBXFileReference;
- path = MD5.h;
- refType = 4;
- };
- 22FA77ECFE8A470511CD283A = {
- isa = PBXFileReference;
- path = platform.c;
- refType = 4;
- };
- 22FA77EDFE8A470511CD283A = {
- isa = PBXFileReference;
- path = platform.h;
- refType = 4;
- };
- 22FA77F0FE8A470511CD283A = {
- isa = PBXFileReference;
- path = SHA1.c;
- refType = 4;
- };
- 22FA77F1FE8A470511CD283A = {
- isa = PBXFileReference;
- path = SHA1.h;
- refType = 4;
- };
- 22FA77F2FE8A470511CD283A = {
- isa = PBXFileReference;
- path = SHA1_priv.c;
- refType = 4;
- };
- 22FA77F3FE8A470511CD283A = {
- isa = PBXFileReference;
- path = SHA1_priv.h;
- refType = 4;
- };
- 22FA77F6FE8A470511CD283A = {
- isa = PBXFileReference;
- path = utilities.c;
- refType = 4;
- };
- 22FA77F7FE8A470511CD283A = {
- isa = PBXFileReference;
- path = utilities.h;
- refType = 4;
- };
- 22FA77F8FE8A470511CD283A = {
- children = (
- 1972C1A5004308417F000001,
- 1972C1A6004308417F000001,
- 1972C1A7004308417F000001,
- 1972C1A8004308417F000001,
- 1972C1A9004308417F000001,
- 1972C1AA004308417F000001,
- 015F469B0044580E7F000001,
- 015F46990044518E7F000001,
- 01847A4700554A6C7F000001,
- 01847A450055487B7F000001,
- 1972C1D6004330C77F000001,
- 1972C1D400432DF47F000001,
- 1972C1CF004320A27F000001,
- 1972C1D2004324407F000001,
- 015F469500433E457F000001,
- 015F469700433ED37F000001,
- 015F469D00446C827F000001,
- );
- isa = PBXGroup;
- path = CryptKitCSP;
- refType = 4;
- };
- 22FA7B38FE8A470611CD283A = {
- fileRef = 22FA779DFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B39FE8A470611CD283A = {
- fileRef = 22FA77A1FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B3AFE8A470611CD283A = {
- fileRef = 22FA77A3FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B3BFE8A470611CD283A = {
- fileRef = 22FA77A4FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B3CFE8A470611CD283A = {
- fileRef = 22FA77A5FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B3DFE8A470611CD283A = {
- fileRef = 22FA77A6FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B3FFE8A470611CD283A = {
- fileRef = 22FA77ABFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B40FE8A470611CD283A = {
- fileRef = 22FA77ADFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B41FE8A470611CD283A = {
- fileRef = 22FA77AEFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B42FE8A470611CD283A = {
- fileRef = 22FA77AFFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B43FE8A470611CD283A = {
- fileRef = 22FA77B1FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B44FE8A470611CD283A = {
- fileRef = 22FA77B2FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B45FE8A470611CD283A = {
- fileRef = 22FA77B4FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B46FE8A470611CD283A = {
- fileRef = 22FA77B6FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B47FE8A470611CD283A = {
- fileRef = 22FA77B9FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B48FE8A470611CD283A = {
- fileRef = 22FA77BBFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B49FE8A470611CD283A = {
- fileRef = 22FA77BDFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B4AFE8A470611CD283A = {
- fileRef = 22FA77BFFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B4BFE8A470611CD283A = {
- fileRef = 22FA77C1FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B4CFE8A470611CD283A = {
- fileRef = 22FA77C3FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B4DFE8A470611CD283A = {
- fileRef = 22FA77C5FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B4EFE8A470611CD283A = {
- fileRef = 22FA77C7FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B4FFE8A470611CD283A = {
- fileRef = 22FA77C8FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B50FE8A470611CD283A = {
- fileRef = 22FA77CAFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B51FE8A470611CD283A = {
- fileRef = 22FA77CCFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B52FE8A470611CD283A = {
- fileRef = 22FA77CDFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B53FE8A470611CD283A = {
- fileRef = 22FA77CFFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B54FE8A470611CD283A = {
- fileRef = 22FA77D0FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B55FE8A470611CD283A = {
- fileRef = 22FA77D3FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B56FE8A470611CD283A = {
- fileRef = 22FA77D4FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B57FE8A470611CD283A = {
- fileRef = 22FA77D5FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B58FE8A470611CD283A = {
- fileRef = 22FA77D8FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B59FE8A470611CD283A = {
- fileRef = 22FA77D9FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B5AFE8A470611CD283A = {
- fileRef = 22FA77DDFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B63FE8A470611CD283A = {
- fileRef = 22FA77EDFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B64FE8A470611CD283A = {
- fileRef = 22FA77F1FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B65FE8A470611CD283A = {
- fileRef = 22FA77F3FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B66FE8A470611CD283A = {
- fileRef = 22FA77F7FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 22FA7B67FE8A470611CD283A = {
- fileRef = 22FA779CFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B68FE8A470611CD283A = {
- fileRef = 22FA77A0FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B69FE8A470611CD283A = {
- fileRef = 22FA77A2FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B6AFE8A470611CD283A = {
- fileRef = 22FA77AAFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B6BFE8A470611CD283A = {
- fileRef = 22FA77ACFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B6CFE8A470611CD283A = {
- fileRef = 22FA77B0FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B6DFE8A470611CD283A = {
- fileRef = 22FA77B3FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B6EFE8A470611CD283A = {
- fileRef = 22FA77B5FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B70FE8A470611CD283A = {
- fileRef = 22FA77B8FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B71FE8A470611CD283A = {
- fileRef = 22FA77BAFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B72FE8A470611CD283A = {
- fileRef = 22FA77BCFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B73FE8A470611CD283A = {
- fileRef = 22FA77BEFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B74FE8A470611CD283A = {
- fileRef = 22FA77C0FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B75FE8A470611CD283A = {
- fileRef = 22FA77C2FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B76FE8A470611CD283A = {
- fileRef = 22FA77C4FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B77FE8A470611CD283A = {
- fileRef = 22FA77C6FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B78FE8A470611CD283A = {
- fileRef = 22FA77C9FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B79FE8A470611CD283A = {
- fileRef = 22FA77CBFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B7AFE8A470611CD283A = {
- fileRef = 22FA77CEFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B7CFE8A470611CD283A = {
- fileRef = 22FA77D2FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B7DFE8A470611CD283A = {
- fileRef = 22FA77D7FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B7EFE8A470611CD283A = {
- fileRef = 22FA77DCFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B85FE8A470611CD283A = {
- fileRef = 22FA77ECFE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B86FE8A470611CD283A = {
- fileRef = 22FA77F0FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B87FE8A470611CD283A = {
- fileRef = 22FA77F2FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 22FA7B88FE8A470611CD283A = {
- fileRef = 22FA77F6FE8A470511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 27CADDA1FEB8CBB7D0A17CE7 = {
- isa = PBXFileReference;
- path = AppleCSPSession.h;
- refType = 4;
- };
- 27CADDA2FEB8CBB7D0A17CE7 = {
- fileRef = 27CADDA1FEB8CBB7D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 2B8B5BBAFFF3E29A11CD283A = {
- isa = PBXFrameworkReference;
- path = Security.framework;
- refType = 3;
- };
- 2B8B5BBBFFF3E29A11CD283A = {
- fileRef = 2B8B5BBAFFF3E29A11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 6D8679A7FE9E75CF11CD296C = {
- buildPhases = (
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\"";
- INSTALL_PATH = /;
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = Libraries;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 6D8679A9FE9E75CF11CD296C,
- );
- isa = PBXAggregateTarget;
- name = Libraries;
- productInstallPath = /;
- productName = Libraries;
- shouldUseHeadermap = 0;
- };
- 6D8679A9FE9E75CF11CD296C = {
- isa = PBXTargetDependency;
- target = 22FA7434FE8A468311CD283A;
- };
- };
- rootObject = 0FD07C9DFE8A174411CD283A;
-}
#endif
#include <RSA_DSA/RSA_DSA_csp.h>
#include <RSA_DSA/RSA_DSA_keys.h>
+#include <DiffieHellman/DH_csp.h>
+#include <DiffieHellman/DH_keys.h>
+
#include "YarrowConnection.h"
/*
#ifdef ASC_CSP_ENABLE
ascAlgFactory(new AscAlgFactory(&normAllocator, &privAllocator)),
#endif
- rsaDsaAlgFactory(new RSA_DSA_Factory(&normAllocator, &privAllocator))
+ rsaDsaAlgFactory(new RSA_DSA_Factory(&normAllocator, &privAllocator)),
+ dhAlgFactory(new DH_Factory(&normAllocator, &privAllocator))
{
// misc. once-per-address-space cruft...
}
delete ascAlgFactory;
#endif
delete rsaDsaAlgFactory;
+ delete dhAlgFactory;
}
ascAlgFactory(*(dynamic_cast<AscAlgFactory *>(plug.ascAlgFactory))),
#endif
rsaDsaAlgFactory(*(dynamic_cast<RSA_DSA_Factory *>(plug.rsaDsaAlgFactory))),
- normAllocator(plug.normAlloc()),
+ dhAlgFactory(*(dynamic_cast<DH_Factory *>(plug.dhAlgFactory))),
+ normAllocator(*this),
privAllocator(plug.privAlloc())
{
// anything?
CASSERT(cspCtx != NULL);
return;
}
+ if (dhAlgFactory.setup(*this, cspCtx, context)) {
+ CASSERT(cspCtx != NULL);
+ return;
+ }
#ifdef CRYPTKIT_CSP_ENABLE
if (cryptKitFactory.setup(*this, cspCtx, context)) {
CASSERT(cspCtx != NULL);
/* obtain sha1 hash of rawBlob */
- void *digest = NULL;
- CssmData *outHash = NULL;
+ CSSM_DATA_PTR outHash = NULL;
try {
- digest = normAllocator.malloc(SHA1_DIGEST_SIZE);
- outHash = new CssmData(digest, SHA1_DIGEST_SIZE);
+ outHash =
+ (CSSM_DATA_PTR)normAllocator.malloc(sizeof(CSSM_DATA));
+ outHash->Data =
+ (uint8 *)normAllocator.malloc(SHA1_DIGEST_SIZE);
+ outHash->Length = SHA1_DIGEST_SIZE;
}
catch(...) {
if(allocdRawBlob) {
}
throw;
}
- cspGenSha1Hash(rawBlob.data(), rawBlob.length(), digest);
+ cspGenSha1Hash(rawBlob.data(), rawBlob.length(), outHash->Data);
if(allocdRawBlob) {
freeCssmData(rawBlob, privAllocator);
}
const CssmKey &key)
{
CSPKeyInfoProvider *provider = NULL;
- try {
- provider = new RSAKeyInfoProvider(key);
- }
- catch(...) {
- }
+ #ifdef BSAFE_CSP_ENABLE
+ /* Give BSAFE first shot, if it's here */
+ provider = BSafe::BSafeKeyInfoProvider::provider(key);
if(provider != NULL) {
return provider;
}
+ #endif
- #ifdef BSAFE_CSP_ENABLE
- try {
- provider = new BSafe::BSafeKeyInfoProvider(key);
- }
- catch(...) {
-
- }
+ provider = RSAKeyInfoProvider::provider(key);
if(provider != NULL) {
return provider;
}
- #endif
- try {
- provider = new SymmetricKeyInfoProvider(key);
- }
- catch(...) {
- }
+ provider = SymmetricKeyInfoProvider::provider(key);
if(provider != NULL) {
return provider;
}
+
#ifdef CRYPTKIT_CSP_ENABLE
- try {
- provider = new CryptKit::FEEKeyInfoProvider(key);
+ provider = CryptKit::FEEKeyInfoProvider::provider(key);
+ if(provider != NULL) {
+ return provider;
}
- catch(...) {
+ #endif
- }
+ provider = DSAKeyInfoProvider::provider(key);
if(provider != NULL) {
return provider;
}
- #endif
+
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
}
/*
* CSPKeyInfoProvider for symmetric keys.
*/
-SymmetricKeyInfoProvider::SymmetricKeyInfoProvider(
- const CssmKey &cssmKey) :
- CSPKeyInfoProvider(cssmKey)
+CSPKeyInfoProvider *SymmetricKeyInfoProvider::provider(
+ const CssmKey &cssmKey)
{
- if(mKey.blobType() != CSSM_KEYBLOB_RAW) {
+ if(cssmKey.blobType() != CSSM_KEYBLOB_RAW) {
errorLog0("KeyInfoProvider deals only with RAW keys!\n");
CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
}
- if(mKey.keyClass() == CSSM_KEYCLASS_SESSION_KEY) {
+ if(cssmKey.keyClass() != CSSM_KEYCLASS_SESSION_KEY) {
/* that's all we need to know */
- return;
- }
- else {
- CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ return NULL;
}
+ return new SymmetricKeyInfoProvider(cssmKey);
+}
+
+SymmetricKeyInfoProvider::SymmetricKeyInfoProvider(
+ const CssmKey &cssmKey) :
+ CSPKeyInfoProvider(cssmKey)
+{
}
/* cook up a Binary key */
AppleCSPAlgorithmFactory *ascAlgFactory;
#endif
AppleCSPAlgorithmFactory *rsaDsaAlgFactory;
+ AppleCSPAlgorithmFactory *dhAlgFactory;
};
class AscAlgFactory;
#endif
class RSA_DSA_Factory;
+class DH_Factory;
/* one per attach/detach */
class AppleCSPSession : public CSPFullPluginSession {
BinaryKey &lookupRefKey(
const CssmKey &cssmKey);
- // CSP's RNG. THis is redirects to Yarrow.
+ // CSP's RNG. This redirects to Yarrow.
void getRandomBytes(size_t length, uint8 *cp);
void addEntropy(size_t length, const uint8 *cp);
AscAlgFactory &ascAlgFactory;
#endif
RSA_DSA_Factory &rsaDsaAlgFactory;
+ DH_Factory &dhAlgFactory;
private:
// storage of binary keys (which apps know as reference keys)
*/
class CSPKeyInfoProvider
{
-public:
+protected:
CSPKeyInfoProvider(
const CssmKey &cssmKey) : mKey(cssmKey) { }
+public:
+ /*
+ * This is the public way to construct - returns NULL if key is
+ * not handled. Static declaration per subclass.
+ *
+ * static CSPKeyInfoProvider *provider(
+ * const CssmKey &cssmKey);
+ */
virtual ~CSPKeyInfoProvider() { }
/* cook up a Binary key */
*/
class SymmetricKeyInfoProvider : public CSPKeyInfoProvider
{
-public:
+private:
SymmetricKeyInfoProvider(
const CssmKey &cssmKey);
+public:
+ static CSPKeyInfoProvider *provider(
+ const CssmKey &cssmKey);
+
~SymmetricKeyInfoProvider() { }
void CssmKeyToBinary(
BinaryKey **binKey); // RETURNED
/*
* Generate raw key blob.
* The format argument is an in/out parameter and is optionally used
- * to reque4st a specific keyblob format for providers which can generate
+ * to request a specific keyblob format for providers which can generate
* multipleÊformats. This value comes from an optional
* CSSM_ATTRIBUTE_{PUBLIC,PRIVATE,SYMMETRIC}_KEY_FORMAT attribute in the current
* context. If so such attribute is present, the default value
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- * DigestObject.h - generic virtual Digest base class
- */
-
-#ifndef _DIGEST_OBJECT_H_
-#define _DIGEST_OBJECT_H_
-
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
-#include <Security/context.h>
-
-/* common virtual digest class */
-class DigestObject {
-public:
- DigestObject() : mInitFlag(false), mIsDone(false) { }
- virtual ~DigestObject() { }
-
- /*
- * The remaining functions must be implemented by subclass.
- */
- /* init is reusable */
- virtual void digestInit() = 0;
-
- /* add some data */
- virtual void digestUpdate(
- const void *data,
- size_t len) = 0;
-
- /* obtain digest (once only per init, update, ... cycle) */
- virtual void digestFinal(
- void *digest) = 0; /* RETURNED, alloc'd by caller */
-
- virtual size_t digestSizeInBytes() const = 0;
-
-protected:
- bool mInitFlag;
- bool mIsDone;
-
- bool initFlag() { return mInitFlag; }
- void setInitFlag(bool flag) { mInitFlag = flag; }
- bool isDone() { return mIsDone; }
- void setIsDone(bool done) { mIsDone = done; }
-};
-
-#endif /* _DIGEST_OBJECT_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- * NULLDigest.h - nop digest for use with raw signature algorithms.
- * NullDigest(someData) = someData.
- */
-
-#ifndef _NULL_DIGEST_H_
-#define _NULL_DIGEST_H_
-
-#include <AppleCSP/DigestObject.h>
-#include <Security/cssmalloc.h>
-
-class NullDigest : public DigestObject
-{
-public:
- NullDigest() : mInBuf(NULL), mInBufSize(0)
- {
- }
-
- ~NullDigest()
- {
- CssmAllocator::standard().free(mInBuf);
- }
-
- void digestInit()
- {
- /* reusable - reset */
- CssmAllocator::standard().free(mInBuf);
- mInBufSize = 0;
- mInBuf = NULL;
- }
-
- void digestUpdate(
- const void *data,
- size_t len)
- {
- mInBuf = CssmAllocator::standard().realloc(mInBuf, mInBufSize + len);
- memmove((uint8 *)mInBuf + mInBufSize, data, len);
- mInBufSize += len;
- }
-
- virtual void digestFinal(
- void *digest)
- {
- memmove(digest, mInBuf, mInBufSize);
- }
-
- size_t digestSizeInBytes() const
- {
- return mInBufSize;
- }
-
-private:
- void *mInBuf;
- size_t mInBufSize;
-};
-
-#endif /* _NULL_DIGEST_H_ */
\ No newline at end of file
#define _SIGNATURE_CONTEXT_H_
#include <AppleCSP/RawSigner.h>
-#include <AppleCSP/DigestObject.h>
+#include <Security/digestobject.h>
#include <AppleCSP/AppleCSPContext.h>
class SignatureContext : public AppleCSPContext {
#if DEBUG_ENABLE || ERROR_LOG_ENABLE
#include <stdio.h>
+#include <stdlib.h>
#if !LOG_VIA_PRINTF
#include "cspdebugging.h"
#include <Security/context.h>
#include <Security/utilities.h>
+#include <DiffieHellman/DH_exchange.h>
/* minimum legal values */
#define PBKDF2_MIN_SALT 8 /* bytes */
/* validate input args, common to all algorithms */
switch(context.algorithm()) {
case CSSM_ALGID_PKCS5_PBKDF2:
+ case CSSM_ALGID_DH:
break;
/* maybe more here, later */
default:
Param,
keyData);
break;
+ case CSSM_ALGID_DH:
+ DeriveKey_DH(context,
+ Param,
+ keyData,
+ *this);
+ break;
/* maybe more here, later */
default:
assert(0);
StLock<Mutex> _(snaccLock);
buf.InstallData((char *)encodedBlob.Data, len);
- if((rtn = setjmp(jbuf)) == 0) {
+ try {
int i;
EncryptedContentInfo1 *eci;
(char *)(*eci->encryptedContent),
eci->encryptedContent->Len());
}
- else {
+ catch(...) {
errorLog1("cspDecodePkcs7: BDec threw %d\n", rtn);
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
}
StLock<Mutex> _(snaccLock);
buf.InstallData((char *)encodedBlob.Data, len);
- if((rtn = setjmp(jbuf)) == 0) {
+ try {
EncryptedPrivateKeyInfo epki;
epki.BDec(buf, len, jbuf);
(char *)(epki.encryptedKey),
len);
}
- else {
+ catch(...) {
errorLog1("cspDecodePkcs8: BDec threw %d\n", rtn);
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
}
// wrapKey.cpp - wrap/unwrap key functions for AppleCSPSession
//
+/*
+ * Currently the Security Server wraps public keys when they're stored, so we have
+ * to allow this. We might not want to do this in the real world.
+ */
+#define ALLOW_PUB_KEY_WRAP 1
+
#include "AppleCSPSession.h"
#include "AppleCSPUtils.h"
#ifdef USE_SNACC
default:
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
}
- try {
- /* wrapping key only required for non-NULL wrap */
- CssmKey &wrappingKeyRef =
- Context.get<CssmKey>(CSSM_ATTRIBUTE_KEY,
- CSSMERR_CSP_MISSING_ATTR_KEY);
- wrappingKey = &wrappingKeyRef;
- }
- catch (const CssmError err) {
- if((err.error == CSSMERR_CSP_MISSING_ATTR_KEY) &&
- (Context.algorithm() == CSSM_ALGID_NONE) &&
+
+ /* wrapping key only required for non-NULL wrap */
+ wrappingKey = Context.get<CssmKey>(CSSM_ATTRIBUTE_KEY);
+ if(wrappingKey == NULL) {
+ if((Context.algorithm() == CSSM_ALGID_NONE) &&
(Context.type() == CSSM_ALGCLASS_SYMMETRIC)) {
// NULL wrap, OK
isNullWrap = true;
}
else {
errorLog0("WrapKey: missing wrapping key\n");
- throw;
+ CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_KEY);
}
}
- catch (...) {
- throw;
- }
/*
* Validate misc. params as best we can
/*
* Can only wrap session and private keys.
*/
+ #if !ALLOW_PUB_KEY_WRAP
if(UnwrappedKey.keyClass() == CSSM_KEYCLASS_PUBLIC_KEY) {
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
}
+ #endif /* ALLOW_PUB_KEY_WRAP */
cspValidateIntendedKeyUsage(&wrappingKey->KeyHeader, CSSM_KEYUSE_WRAP);
/*
/*
* Prepare outgoing header.
*/
- copyCssmHeader(UnwrappedKey.header(), wrappedHdr, normAllocator);
+ const CssmKey::Header &unwrappedHdr = UnwrappedKey.header();
+ setKeyHeader(wrappedHdr,
+ plugin.myGuid(),
+ unwrappedHdr.algorithm(), // same as incoming
+ unwrappedHdr.keyClass(), // same as incoming
+ unwrappedHdr.KeyAttr,
+ unwrappedHdr.KeyUsage);
+ wrappedHdr.LogicalKeySizeInBits = unwrappedHdr.LogicalKeySizeInBits;
wrappedHdr.WrapAlgorithmId = Context.algorithm(); // true for null
// and non-Null
wrappedHdr.Format = wrapFormat;
+ if(isNullWrap) {
+ wrappedHdr.BlobType = CSSM_KEYBLOB_RAW;
+ }
+ else {
+ wrappedHdr.BlobType = CSSM_KEYBLOB_WRAPPED;
+ }
/*
* special case - break out here for custom Apple CMS
copyCssmData(rawBlob,
CssmData::overlay(WrappedKey.KeyData),
normAllocator);
- wrappedHdr.BlobType = CSSM_KEYBLOB_RAW;
wrappedHdr.Format = rawFormat;
}
#ifdef USE_SNACC
CSSM_KEYBLOB_FORMAT wrapFormat = WrappedKey.blobFormat();
/* obtain unwrapping key if present */
- try {
- CssmKey &unwrappingKeyRef =
- Context.get<CssmKey>(CSSM_ATTRIBUTE_KEY,
- CSSMERR_CSP_MISSING_ATTR_KEY);
- unwrappingKey = &unwrappingKeyRef;
- }
- catch (const CssmError err) {
- if((err.error == CSSMERR_CSP_MISSING_ATTR_KEY) &&
- (Context.algorithm() == CSSM_ALGID_NONE) &&
+ unwrappingKey = Context.get<CssmKey>(CSSM_ATTRIBUTE_KEY);
+ if(unwrappingKey == NULL) {
+ if((Context.algorithm() == CSSM_ALGID_NONE) &&
(Context.type() == CSSM_ALGCLASS_SYMMETRIC)) {
// NULL unwrap, OK
isNullUnwrap = true;
}
else {
errorLog0("UnwrapKey: missing wrapping key\n");
- throw;
+ CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_KEY);
}
}
- catch (...) {
- throw;
- }
/*
* validate unwrappingKey
/* validate WrappedKey */
switch(WrappedKey.keyClass()) {
case CSSM_KEYCLASS_PUBLIC_KEY:
+ #if !ALLOW_PUB_KEY_WRAP
if(!isNullUnwrap) {
errorLog0("UnwrapKey: unwrap of public key illegal\n");
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
}
+ #endif /* ALLOW_PUB_KEY_WRAP */
keyType = CKT_Public;
break;
case CSSM_KEYCLASS_PRIVATE_KEY:
/* prepare outgoing header */
CssmKey::Header &unwrappedHdr = UnwrappedKey.header();
- copyCssmHeader(WrappedKey.header(), unwrappedHdr, normAllocator);
- unwrappedHdr.WrapAlgorithmId = Context.algorithm(); // true for null
- // and non-Null
- /* GUID must be appropriate */
- unwrappedHdr.CspId = plugin.myGuid();
-
+ const CssmKey::Header &wrappedHdr = WrappedKey.header();
+ setKeyHeader(unwrappedHdr,
+ plugin.myGuid(),
+ wrappedHdr.algorithm(), // same as incoming
+ wrappedHdr.keyClass(), // same as incoming
+ KeyAttr & ~KEY_ATTR_RETURN_MASK,
+ KeyUsage);
+ unwrappedHdr.LogicalKeySizeInBits = wrappedHdr.LogicalKeySizeInBits;
+ unwrappedHdr.KeyUsage = wrappedHdr.KeyUsage;
UnwrappedKey.KeyData.Data = NULL; // ignore possible incoming KeyData
UnwrappedKey.KeyData.Length = 0;
const CssmKey &cssmKey) :
CSPKeyInfoProvider(cssmKey)
{
- switch(mKey.keyClass()) {
+}
+
+CSPKeyInfoProvider *BSafe::BSafeKeyInfoProvider::provider(
+ const CssmKey &cssmKey)
+{
+ switch(cssmKey.keyClass()) {
case CSSM_KEYCLASS_PUBLIC_KEY:
case CSSM_KEYCLASS_PRIVATE_KEY:
break;
default:
- CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ return NULL;
}
switch(mKey.algorithm()) {
case CSSM_ALGID_RSA:
case CSSM_ALGID_DSA:
break;
default:
- CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ return NULL;
}
/* OK, we'll handle this one */
- return;
+ return new BSafeKeyInfoProvider(cssmKey);
}
/* cook up a Binary key */
try {
SC_decodeAsnObj(pkcs1Blob, snaccPubKey);
}
- catch(CssmError cerror) {
+ catch(const CssmError &cerror) {
CSSM_RETURN crtn = cerror.cssmError();
errorLog1("BS_setKeyPkcs1: SC_decodeAsnObj returned %s\n",
try {
SC_encodeAsnObj(snaccPubKey, pkcs1Blob, maxSize);
}
- catch(CssmError cerror) {
+ catch(const CssmError &cerror) {
CSSM_RETURN crtn = cerror.cssmError();
errorLog1("BS_GetKeyPkcs1: SC_encodeAsnObj returned %s\n",
*/
class BSafeKeyInfoProvider : public CSPKeyInfoProvider
{
- public:
+private:
BSafeKeyInfoProvider(
const CssmKey &cssmKey);
+ public:
+ static CSPKeyInfoProvider *provider(
+ const CssmKey &cssmKey);
~BSafeKeyInfoProvider() { }
void CssmKeyToBinary(
BinaryKey **binKey); // RETURNED
# Created and modified by checkpoint; do not edit
# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:47 mb Exp $
-# $Name: Security-30~1 $
+# $Name: $
ProjectName: AppleCSP
ProjectVersion: 16
#include "ascFactory.h"
#include <Security/debugging.h>
#include <Security/logging.h>
-#include <Security/debugging.h>
+#include <Security/cssmapple.h>
#define abprintf(args...) debug("ascBuf", ## args) /* buffer sizes */
#define aioprintf(args...) debug("ascIo", ## args) /* all I/O */
}
mDecryptBufValid = false;
+ /* optional optimization attribute */
+ comcryptOptimize optimize = CCO_DEFAULT;
+ uint32 opt = context.getInt(CSSM_ATTRIBUTE_ASC_OPTIMIZATION);
+ switch(opt) {
+ case CSSM_ASC_OPTIMIZE_DEFAULT:
+ optimize = CCO_DEFAULT;
+ break;
+ case CSSM_ASC_OPTIMIZE_SIZE:
+ optimize = CCO_SIZE;
+ break;
+ case CSSM_ASC_OPTIMIZE_SECURITY:
+ optimize = CCO_SECURITY;
+ break;
+ case CSSM_ASC_OPTIMIZE_TIME:
+ optimize = CCO_TIME;
+ break;
+ case CSSM_ASC_OPTIMIZE_TIME_SIZE:
+ optimize = CCO_TIME_SIZE;
+ break;
+ case CSSM_ASC_OPTIMIZE_ASCII:
+ optimize = CCO_ASCII;
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS);
+ }
+
/* All other context attributes ignored */
/* init the low-level state */
if(mCcObj == NULL) {
}
}
- crtn = comcryptInit(mCcObj, keyData, keyLen, CCO_DEFAULT);
+ crtn = comcryptInit(mCcObj, keyData, keyLen, optimize);
if(crtn) {
throwComcrypt(crtn, "comcryptInit");
}
/*
* Trivial exception class associated with a feeReturn.
*/
+// @@@ This should really be a subclass of exception
class feeException
{
protected:
feeException(feeReturn frtn, const char *op);
public:
- ~feeException() { }
- feeReturn frtn() { return mFrtn; }
+ ~feeException() throw() {}
+ feeReturn frtn() const throw() { return mFrtn; }
static void throwMe(feeReturn frtn, const char *op = NULL) __attribute__((noreturn));
private:
feeReturn mFrtn;
giantToBigIntStr(cp->basePrime, *snaccCp->basePrime);
}
}
- catch(feeException ferr) {
+ catch(const feeException &ferr) {
delete snaccCp;
throw;
}
giantToBigIntStr(u, snaccSig.u);
giantToBigIntStr(PmX, snaccSig.pmX);
}
- catch(feeException ferr) {
+ catch(const feeException &ferr) {
return ferr.frtn();
}
try {
giantToBigIntStr(c, snaccSig.c);
giantToBigIntStr(d, snaccSig.d);
}
- catch(feeException ferr) {
+ catch(const feeException &ferr) {
return ferr.frtn();
}
try {
*u = bigIntStrToGiant(snaccSig.u);
*PmX = bigIntStrToGiant(snaccSig.pmX);
}
- catch(feeException ferr) {
+ catch(const feeException &ferr) {
return ferr.frtn();
}
catch(...) {
*c = bigIntStrToGiant(snaccSig.c);
*d = bigIntStrToGiant(snaccSig.d);
}
- catch(feeException ferr) {
+ catch(const feeException &ferr) {
return ferr.frtn();
}
catch(...) {
giantToBigIntStr(plusY, *snaccKey.plusY);
}
}
- catch(feeException ferr) {
+ catch(const feeException &ferr) {
return ferr.frtn();
}
snaccKey.curveParams = feeCurveParamsToSnacc(cp);
giantToBigIntStr(privData, snaccKey.privData);
}
- catch(feeException ferr) {
+ catch(const feeException &ferr) {
return ferr.frtn();
}
int_to_giant(0, *plusY);
}
}
- catch(feeException ferr) {
+ catch(const feeException &ferr) {
return ferr.frtn();
}
catch(...) {
*cp = feeCurveParamsFromSnacc(*snaccKey.curveParams);
*privData = bigIntStrToGiant(snaccKey.privData);
}
- catch(feeException ferr) {
+ catch(const feeException &ferr) {
return ferr.frtn();
}
catch(...) {
CryptKit::FEEKeyInfoProvider::FEEKeyInfoProvider(
const CssmKey &cssmKey) :
CSPKeyInfoProvider(cssmKey)
+{
+}
+CSPKeyInfoProvider *FEEKeyInfoProvider::provider(
+ const CssmKey &cssmKey)
{
switch(cssmKey.algorithm()) {
case CSSM_ALGID_FEE:
break;
default:
- CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ return NULL;
}
switch(cssmKey.keyClass()) {
case CSSM_KEYCLASS_PUBLIC_KEY:
/* FIXME - verify proper CSSM_KEYBLOB_RAW_FORMAT_xx */
break;
default:
- CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ return NULL;
}
/* OK, we'll handle this one */
- return;
+ return new FEEKeyInfoProvider(cssmKey);
}
/* Given a raw key, cook up a Binary key */
*/
class FEEKeyInfoProvider : public CSPKeyInfoProvider
{
-public:
+private:
FEEKeyInfoProvider(
const CssmKey &cssmKey);
+public:
+ static CSPKeyInfoProvider *provider(
+ const CssmKey &cssmKey);
~FEEKeyInfoProvider() { }
void CssmKeyToBinary(
BinaryKey **binKey); // RETURNED
#include <CryptKit/falloc.h>
#include <CryptKit/feeFunctions.h>
#include <MiscCSPAlgs/SHA1_MD5_Object.h>
+#include <Security/digestobject.h>
CssmAllocator *CryptKitFactory::normAllocator;
CssmAllocator *CryptKitFactory::privAllocator;
*privAllocator)));
}
return true;
+ case CSSM_ALGID_FEE:
+ if(cspCtx == NULL) {
+ cspCtx = new SignatureContext(session,
+ *(new NullDigest()),
+ *(new FEERawSigner(feeRandCallback,
+ &session,
+ session,
+ *privAllocator)));
+ }
+ return true;
+ case CSSM_ALGID_ECDSA:
+ if(cspCtx == NULL) {
+ cspCtx = new SignatureContext(session,
+ *(new NullDigest()),
+ *(new FEEECDSASigner(feeRandCallback,
+ &session,
+ session,
+ *privAllocator)));
+ }
+ return true;
default:
break;
}
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * DH_csp.cpp - Diffie-Hellman Algorithm factory
+ */
+
+#include "DH_csp.h"
+#include "DH_keys.h"
+#include <Security/cssmapple.h>
+
+CssmAllocator *DH_Factory::normAllocator;
+CssmAllocator *DH_Factory::privAllocator;
+
+DH_Factory::DH_Factory(CssmAllocator *normAlloc, CssmAllocator *privAlloc)
+{
+ setNormAllocator(normAlloc);
+ setPrivAllocator(privAlloc);
+
+ /* NOTE WELL we assume that the RSA_DSA factory has already been instantitated,
+ * doing the basic init of openssl */
+
+ ERR_load_DH_strings();
+}
+
+DH_Factory::~DH_Factory()
+{
+}
+
+bool DH_Factory::setup(
+ AppleCSPSession &session,
+ CSPFullPluginSession::CSPContext * &cspCtx,
+ const Context &context)
+{
+ switch(context.type()) {
+ case CSSM_ALGCLASS_KEYGEN:
+ switch(context.algorithm()) {
+ case CSSM_ALGID_DH:
+ if(cspCtx == NULL) {
+ cspCtx = new DHKeyPairGenContext(session, context);
+ }
+ return true;
+ default:
+ break;
+ }
+ break;
+
+ default:
+ break;
+ }
+ /* not implemented here */
+ return false;
+}
+
+
+
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * DH_csp.h - Diffie-Hellman Algorithm factory
+ */
+
+#ifndef _DH_CSP_H_
+#define _DH_CSP_H_
+
+#include <Security/CSPsession.h>
+#include <AppleCSP/AppleCSP.h>
+
+/* Can't include AppleCSPSession.h due to circular dependency */
+class AppleCSPSession;
+
+class DH_Factory : public AppleCSPAlgorithmFactory {
+public:
+ DH_Factory(CssmAllocator *normAlloc = NULL, CssmAllocator *privAlloc = NULL);
+ ~DH_Factory();
+
+ bool setup(
+ AppleCSPSession &session,
+ CSPFullPluginSession::CSPContext * &cspCtx,
+ const Context &context);
+
+ static void setNormAllocator(CssmAllocator *alloc)
+ { assert(!normAllocator); normAllocator = alloc; }
+ static void setPrivAllocator(CssmAllocator *alloc)
+ { assert(!privAllocator); privAllocator = alloc; }
+
+ // memory allocators
+ static CssmAllocator *normAllocator;
+ static CssmAllocator *privAllocator;
+
+};
+
+#endif /* _DH_CSP_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * DH_exchange.cp - Diffie-Hellman key exchange
+ */
+
+#include "DH_exchange.h"
+#include <Security/cssmerr.h>
+#include <Security/utilities.h>
+#include "DH_utils.h"
+#include <strings.h>
+#include <open_ssl/opensslUtils/opensslUtils.h>
+
+void DeriveKey_DH (
+ const Context &context,
+ const CssmData &Param, // other's public key
+ CSSM_DATA *keyData, // mallocd by caller
+ // we fill in keyData->Length bytes
+ AppleCSPSession &session)
+{
+ bool mallocdKey;
+ size_t privSize;
+
+ /* private DH key from context */
+ DH *privKey = contextToDhKey(context, session, CSSM_KEYUSE_DERIVE,
+ mallocdKey);
+ privSize = DH_size(privKey);
+ if(privSize < keyData->Length) {
+ /* we've been asked for more bits than this key can generate */
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE);
+ }
+ BIGNUM *pubKey = BN_bin2bn(Param.Data, Param.Length, NULL);
+ if(pubKey == NULL) {
+ CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
+ }
+ unsigned char *buf = (unsigned char *)session.malloc(privSize);
+ int rtn = DH_compute_key(buf, pubKey, privKey);
+ if(rtn >= 0) {
+ /*
+ * FIXME : I have not found a specification describing *which*
+ * bytes of the value we just computed we are supposed to
+ * use as the actual key bytes. We use the M.S. bytes.
+ */
+ memmove(keyData->Data, buf, keyData->Length);
+ }
+ if(mallocdKey) {
+ DH_free(privKey);
+ }
+ BN_free(pubKey);
+ session.free(buf);
+ if(rtn < 0) {
+ throwRsaDsa("DH_compute_key");
+ }
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * DH_exchange.h - Diffie-Hellman key exchange
+ */
+
+#ifndef _DH_EXCHANGE_H_
+#define _DH_EXCHANGE_H_
+
+#include <AppleCSP/AppleCSP.h>
+
+void DeriveKey_DH (
+ const Context &context,
+ const CssmData &Param,
+ CSSM_DATA *keyData,
+ AppleCSPSession &session);
+
+#endif /* _DH_EXCHANGE_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * DH_keys.cpp - Diffie-Hellman key pair support.
+ */
+
+#include "DH_keys.h"
+#include "DH_utils.h"
+#include <opensslUtils/opensslUtils.h>
+#include <opensslUtils/openRsaSnacc.h>
+#include <Security/cssmdata.h>
+#include <AppleCSP/AppleCSPSession.h>
+#include <AppleCSP/AppleCSPUtils.h>
+#include <assert.h>
+#include <Security/debugging.h>
+#include <AppleCSP/YarrowConnection.h>
+#include <Security/appleoids.h>
+#include <Security/cdsaUtils.h>
+#include <Security/asn-octs.h>
+#include <Security/sm_vdatypes.h>
+
+#define dhKeyDebug(args...) debug("dhKey", ## args)
+
+/*
+ * FIXME - the CDSA Algorithm Guide claims that the incoming params argument
+ * for a GenerateAlgorithmParameters call is ignored for D-H. This means
+ * that there is no way for the caller to specify 'g' (typically 2, 3, or
+ * 5). This seems WAY bogus but we'll code to the spec for now, assuming
+ * a hard-coded default generator.
+ */
+#define DH_GENERATOR_DEFAULT DH_GENERATOR_2
+
+
+/***
+ *** Diffie-Hellman-style BinaryKey
+ ***/
+
+/* constructor with optional existing RSA key */
+DHBinaryKey::DHBinaryKey(DH *dhKey)
+ : mDhKey(dhKey)
+{
+ mPubKey.Data = NULL;
+ mPubKey.Length = 0;
+}
+
+DHBinaryKey::DHBinaryKey(const CSSM_DATA *pubBlob)
+ : mDhKey(NULL)
+{
+ setPubBlob(pubBlob);
+}
+
+DHBinaryKey::~DHBinaryKey()
+{
+ if(mDhKey) {
+ assert(mPubKey.Data == NULL);
+ DH_free(mDhKey);
+ mDhKey = NULL;
+ }
+ if(mPubKey.Data) {
+ assert(mDhKey == NULL);
+ DH_Factory::privAllocator->free(mPubKey.Data);
+ mPubKey.Data = NULL;
+ mPubKey.Length = 0;
+ }
+}
+
+void DHBinaryKey::generateKeyBlob(
+ CssmAllocator &allocator,
+ CssmData &blob,
+ CSSM_KEYBLOB_FORMAT &format)
+{
+ switch(mKeyHeader.KeyClass) {
+ case CSSM_KEYCLASS_PUBLIC_KEY:
+ {
+ /* trivial case, just copy the public blob */
+ assert(mDhKey == NULL);
+ assert(mPubKey.Data != NULL);
+ format = DH_PUB_KEY_FORMAT;
+ copyCssmData(CssmData::overlay(mPubKey), blob, allocator);
+ break;
+ }
+ case CSSM_KEYCLASS_PRIVATE_KEY:
+ {
+ assert(mDhKey != NULL);
+ assert(mPubKey.Data == NULL);
+ format = DH_PRIV_KEY_FORMAT;
+ CssmAutoData encodedKey(allocator);
+ CSSM_RETURN crtn = DHPrivateKeyEncode(mDhKey, encodedKey);
+ if(crtn) {
+ CssmError::throwMe(crtn);
+ }
+ blob = encodedKey.release();
+ break;
+ }
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ }
+}
+
+/* for importing.... */
+void DHBinaryKey::setPubBlob(const CSSM_DATA *pubBlob)
+{
+ assert(mDhKey == NULL);
+ assert(mPubKey.Data == NULL);
+ setUpData(mPubKey, pubBlob->Length, *DH_Factory::privAllocator);
+ memmove(mPubKey.Data, pubBlob->Data, pubBlob->Length);
+}
+
+/* for creating from a full DH private key... */
+void DHBinaryKey::setPubBlob(DH *privKey)
+{
+ assert(mDhKey == NULL);
+ assert(mPubKey.Data == NULL);
+ setUpData(mPubKey, BN_num_bytes(privKey->pub_key),
+ *DH_Factory::privAllocator);
+ BN_bn2bin(privKey->pub_key, mPubKey.Data);
+}
+
+/***
+ *** Diffie-Hellman style AppleKeyPairGenContext
+ ***/
+
+/*
+ * This one is specified in, and called from, CSPFullPluginSession. Our
+ * only job is to prepare two subclass-specific BinaryKeys and call up to
+ * AppleKeyPairGenContext.
+ */
+void DHKeyPairGenContext::generate(
+ const Context &context,
+ CssmKey &pubKey,
+ CssmKey &privKey)
+{
+ DHBinaryKey *pubBinKey = new DHBinaryKey();
+ DHBinaryKey *privBinKey = new DHBinaryKey();
+
+ try {
+ AppleKeyPairGenContext::generate(context,
+ session(),
+ pubKey,
+ pubBinKey,
+ privKey,
+ privBinKey);
+ }
+ catch (...) {
+ delete pubBinKey;
+ delete privBinKey;
+ throw;
+ }
+}
+
+/*
+ * obtain a 32-bit integer from a BigIntegerStr.
+ */
+static uint32 bigIntStrToInt(
+ const BigIntegerStr &bint,
+ CSSM_RETURN toThrow) // throws this if out of range
+{
+ size_t bytes = bint.Len();
+ if(bytes > 4) {
+ dhKeyDebug("DH integer overflow");
+ if(toThrow) {
+ CssmError::throwMe(toThrow);
+ }
+ else {
+ return 0;
+ }
+ }
+ uint32 rtn = 0;
+ const unsigned char *uo = (const unsigned char *)bint.Octs();
+ for(size_t i=0; i<bytes; i++) {
+ rtn <<= 8;
+ rtn |= uo[i];
+ }
+ return rtn;
+}
+/*
+ * This one is specified in, and called from, AppleKeyPairGenContext
+ */
+void DHKeyPairGenContext::generate(
+ const Context &context,
+ BinaryKey &pubBinKey,
+ BinaryKey &privBinKey,
+ uint32 &keyBits)
+{
+ /*
+ * These casts throw exceptions if the keys are of the
+ * wrong classes, which would be a major bogon, since we created
+ * the keys in the above generate() function.
+ */
+ DHBinaryKey &rPubBinKey =
+ dynamic_cast<DHBinaryKey &>(pubBinKey);
+ DHBinaryKey &rPrivBinKey =
+ dynamic_cast<DHBinaryKey &>(privBinKey);
+
+ /*
+ * Parameters from context:
+ * Key size in bits, required;
+ * {p,g,privKeyLength} from generateParams, optional
+ * NOTE: currently the openssl D-H imnplementation ignores the
+ * privKeyLength field.
+ */
+ keyBits = context.getInt(CSSM_ATTRIBUTE_KEY_LENGTH,
+ CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH);
+ CssmData *paramData = context.get<CssmData>(CSSM_ATTRIBUTE_ALG_PARAMS);
+
+ DHParameterBlock algParamBlock;
+ DHParameter *algParams = NULL;
+ uint32 privValueLen = 0; // only nonzero from externally generated
+ // params
+
+ if(paramData != NULL) {
+ /* this contains the DER encoding of a DHParameterBlock */
+ try {
+ SC_decodeAsnObj(*paramData, algParamBlock);
+ }
+ catch(...) {
+ /*
+ * CDSA Extension: the CDSA Algorithm Guide says that the D-H
+ * parameter block is supposed to be wrapped with its accompanying
+ * OID. However Openssl does not do this; it just exports
+ * an encoded DHParameter rather than a DHParameterBlock.
+ * For compatibility we'll try decoding the parameters as one
+ * of these.
+ */
+ if(algParamBlock.params) {
+ delete algParamBlock.params;
+ algParamBlock.params = NULL;
+ }
+ algParamBlock.params = new DHParameter;
+ try {
+ SC_decodeAsnObj(*paramData, *algParamBlock.params);
+ dhKeyDebug("Trying openssl-style DH param decoding");
+ }
+ catch(...) {
+ dhKeyDebug("openssl-style DH param decoding FAILED");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS);
+ }
+ }
+
+ algParams = algParamBlock.params;
+ if(algParams == NULL) {
+ dhKeyDebug("Bad DH param decoding");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS);
+ }
+
+ /* snag the optional private key length field */
+ if(algParams->privateValueLength) {
+ privValueLen = bigIntStrToInt(*algParams->privateValueLength,
+ CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS);
+ }
+
+ /* ensure caller's key size matches the incoming params */
+ uint32 paramKeyBytes;
+ if(privValueLen) {
+ paramKeyBytes = (privValueLen + 7) / 8;
+ }
+ else {
+ paramKeyBytes = algParams->prime.Len();
+ /* trim off possible m.s. byte of zero */
+ const unsigned char *uo =
+ (const unsigned char *)algParams->prime.Octs();
+ if(*uo == 0) {
+ paramKeyBytes--;
+ }
+ }
+ uint32 reqBytes = (keyBits + 7) / 8;
+ if(paramKeyBytes != reqBytes) {
+ dhKeyDebug("DH key size mismatch (req %d param %d)",
+ (int)reqBytes, (int)paramKeyBytes);
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEY_SIZE);
+ }
+ }
+ else {
+ /* no alg params specified; generate them now */
+ dhKeyDebug("DH implicit alg param calculation");
+ algParamBlock.params = new DHParameter;
+ algParams = algParamBlock.params;
+ dhGenParams(keyBits, DH_GENERATOR_DEFAULT, 0, *algParams);
+ }
+
+ /* create key, stuff params into it */
+ rPrivBinKey.mDhKey = DH_new();
+ if(rPrivBinKey.mDhKey == NULL) {
+ CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
+ }
+ DH *dhKey = rPrivBinKey.mDhKey;
+ dhKey->p = bigIntStrToBn(algParams->prime);
+ dhKey->g = bigIntStrToBn(algParams->base);
+ dhKey->length = privValueLen;
+
+ /* generate the key (both public and private capabilities) */
+ int irtn = DH_generate_key(dhKey);
+ if(!irtn) {
+ throwRsaDsa("DH_generate_key");
+ }
+
+ /* public key just a blob */
+ rPubBinKey.setPubBlob(dhKey);
+}
+
+
+
+/***
+ *** Diffie-Hellman CSPKeyInfoProvider.
+ ***/
+DHKeyInfoProvider::DHKeyInfoProvider(
+ const CssmKey &cssmKey) :
+ CSPKeyInfoProvider(cssmKey)
+{
+ switch(cssmKey.algorithm()) {
+ case CSSM_ALGID_DH:
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+ switch(cssmKey.keyClass()) {
+ case CSSM_KEYCLASS_PUBLIC_KEY:
+ case CSSM_KEYCLASS_PRIVATE_KEY:
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ }
+ /* OK, we'll handle this one */
+ return;
+}
+
+/* Given a raw key, cook up a Binary key */
+void DHKeyInfoProvider::CssmKeyToBinary(
+ BinaryKey **binKey)
+{
+ *binKey = NULL;
+
+ assert(mKey.blobType() == CSSM_KEYBLOB_RAW);
+ switch(mKey.keyClass()) {
+ case CSSM_KEYCLASS_PUBLIC_KEY:
+ {
+ /* trivial case - no DH * */
+ DHBinaryKey *dhKey = new DHBinaryKey(&mKey.KeyData);
+ *binKey = dhKey;
+ break;
+ }
+ case CSSM_KEYCLASS_PRIVATE_KEY:
+ {
+ /* first cook up an DH key, then drop that into a BinaryKey */
+ DH *dhKey = rawCssmKeyToDh(mKey);
+ DHBinaryKey *dhBinKey = new DHBinaryKey(dhKey);
+ *binKey = dhBinKey;
+ break;
+ }
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ }
+}
+
+/*
+ * Obtain key size in bits.
+ * FIXME - I doubt that this is, or can be, exactly accurate.....
+ */
+void DHKeyInfoProvider::QueryKeySizeInBits(
+ CSSM_KEY_SIZE &keySize)
+{
+ uint32 numBits = 0;
+
+ if(mKey.blobType() != CSSM_KEYBLOB_RAW) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT);
+ }
+ switch(mKey.keyClass()) {
+ case CSSM_KEYCLASS_PUBLIC_KEY:
+ /* trivial case */
+ numBits = mKey.KeyData.Length * 8;
+ break;
+ case CSSM_KEYCLASS_PRIVATE_KEY:
+ {
+ DH *dhKey = rawCssmKeyToDh(mKey);
+ numBits = DH_size(dhKey) * 8;
+ DH_free(dhKey);
+ break;
+ }
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ }
+ keySize.LogicalKeySizeInBits = numBits;
+ keySize.EffectiveKeySizeInBits = numBits;
+}
+
+
+/*
+ * Generate keygen parameters, stash them in a context attr array for later use
+ * when actually generating the keys.
+ */
+
+void DHKeyPairGenContext::generate(
+ const Context &context,
+ uint32 bitSize,
+ CssmData ¶ms, // RETURNED here,
+ uint32 &attrCount, // here,
+ Context::Attr * &attrs) // and here
+{
+ /* generate the params */
+ DHParameterBlock algParamBlock;
+ algParamBlock.params = new DHParameter;
+ DHParameter *algParams = algParamBlock.params;
+ dhGenParams(bitSize, DH_GENERATOR_DEFAULT, 0, *algParams);
+
+ /* drop in the required OID */
+ algParamBlock.oid.Set(pkcs_3_arc);
+
+ /*
+ * Here comes the fun part.
+ * We "return" the DER encoding of these generated params in two ways:
+ * 1. Copy out to app via the params argument, mallocing if Data ptr is NULL.
+ * The app must free this.
+ * 2. Cook up a 1-element Context::attr array containing one ALG_PARAM attr,
+ * a CSSM_DATA_PTR containing the DER encoding. We have to save a ptr to
+ * this attr array and free it, the CSSM_DATA it points to, and the DER
+ * encoding *that* points to, in our destructor.
+ *
+ * First, DER encode.
+ */
+ size_t maxSize = sizeofBigInt(algParams->prime) +
+ sizeofBigInt(algParams->base)
+ + 30; // includes oid, tag, length
+ if(algParams->privateValueLength) {
+ maxSize += sizeofBigInt(*algParams->privateValueLength);
+ }
+ CssmAutoData aDerData(session());
+ SC_encodeAsnObj(algParamBlock, aDerData, maxSize);
+
+ /* copy/release that into a mallocd CSSM_DATA. */
+ CSSM_DATA_PTR derData = (CSSM_DATA_PTR)session().malloc(sizeof(CSSM_DATA));
+ *derData = aDerData.release();
+
+ /* stuff that into a one-element Attr array which we keep after returning */
+ freeGenAttrs();
+ mGenAttrs = (Context::Attr *)session().malloc(sizeof(Context::Attr));
+ mGenAttrs->AttributeType = CSSM_ATTRIBUTE_ALG_PARAMS;
+ mGenAttrs->AttributeLength = sizeof(CSSM_DATA);
+ mGenAttrs->Attribute.Data = derData;
+
+ /* and "return" this stuff */
+ copyCssmData(CssmData::overlay(*derData), params, session());
+ attrCount = 1;
+ attrs = mGenAttrs;
+}
+
+/* free mGenAttrs and its referents if present */
+void DHKeyPairGenContext::freeGenAttrs()
+{
+ if(mGenAttrs == NULL) {
+ return;
+ }
+ if(mGenAttrs->Attribute.Data) {
+ if(mGenAttrs->Attribute.Data->Data) {
+ session().free(mGenAttrs->Attribute.Data->Data);
+ }
+ session().free(mGenAttrs->Attribute.Data);
+ }
+ session().free(mGenAttrs);
+}
+
+/*
+ * Generate DSA algorithm parameters returning result
+ * into DHParameter.{prime,base,privateValueLength].
+ * This is called from both GenerateParameters and from
+ * KeyPairGenerate (if no GenerateParameters has yet been called).
+ *
+ * FIXME - privateValueLength not implemented in openssl, not here
+ * either for now.
+ */
+
+void DHKeyPairGenContext::dhGenParams(
+ uint32 keySizeInBits,
+ unsigned g, // probably should be BIGNUM
+ int privValueLength, // optional
+ DHParameter &algParams)
+{
+ /* validate key size */
+ if((keySizeInBits < DH_MIN_KEY_SIZE) ||
+ (keySizeInBits > DH_MAX_KEY_SIZE)) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH);
+ }
+
+ /* create an openssl-style DH key with minimal setup */
+ DH *dhKey = DH_generate_parameters(keySizeInBits, g, NULL, NULL);
+ if(dhKey == NULL) {
+ throwRsaDsa("DSA_generate_parameters");
+ }
+
+ /* stuff dhKey->{p,g,length}] into a caller's DSAAlgParams */
+ bnToBigIntStr(dhKey->p, algParams.prime);
+ bnToBigIntStr(dhKey->g, algParams.base);
+ if(privValueLength) {
+ algParams.privateValueLength = new BigIntegerStr();
+ snaccIntToBigIntegerStr(g, *algParams.privateValueLength);
+ }
+ DH_free(dhKey);
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * DH_keys.h - Diffie-Hellman key pair support
+ */
+
+#ifndef _DH_KEYS_H_
+#define _DH_KEYS_H_
+
+#include <AppleCSP/AppleCSPContext.h>
+#include <AppleCSP/AppleCSPSession.h>
+#include <DiffieHellman/DH_csp.h>
+#include <openssl/dh.h>
+#include <Security/context.h>
+#include <opensslUtils/openRsaSnacc.h>
+#include <Security/appleoids.h>
+
+#define DH_PUB_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS3
+#define DH_PRIV_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS3
+
+#define DH_MIN_KEY_SIZE 512 /* FIXME */
+#define DH_MAX_KEY_SIZE 2048
+
+/*
+ * Diffie-Hellman version of a BinaryKey.
+ */
+class DHBinaryKey : public BinaryKey {
+public:
+ DHBinaryKey(DH *dhKey = NULL); // for private key
+ DHBinaryKey(const CSSM_DATA *pubBlob); // for public key
+ ~DHBinaryKey();
+ void generateKeyBlob(
+ CssmAllocator &allocator,
+ CssmData &blob,
+ CSSM_KEYBLOB_FORMAT &format);
+
+ void setPubBlob(const CSSM_DATA *pubBlob);
+ void setPubBlob(DH *privKey);
+
+ /*
+ * At most one of these is valid - a DH for a private key,
+ * CSSM_DATA for public.
+ */
+ DH *mDhKey;
+ CSSM_DATA mPubKey;
+};
+
+class DHKeyPairGenContext :
+ public AppleCSPContext, private AppleKeyPairGenContext {
+public:
+ DHKeyPairGenContext(
+ AppleCSPSession &session,
+ const Context &) :
+ AppleCSPContext(session),
+ mGenAttrs(NULL) {}
+
+ ~DHKeyPairGenContext() { freeGenAttrs(); }
+
+ // no init functionality, but we need to implement it
+ void init(
+ const Context &,
+ bool) { }
+
+ // this one is specified in, and called from, CSPFullPluginSession
+ void generate(
+ const Context &context,
+ CssmKey &pubKey,
+ CssmKey &privKey);
+
+ // this one is specified in, and called from, AppleKeyPairGenContext
+ void generate(
+ const Context &context,
+ BinaryKey &pubBinKey,
+ BinaryKey &privBinKey,
+ uint32 &keySize);
+
+ // specified in, and called from, CSPFullPluginSessionÊ- generate parameters
+ void generate(
+ const Context &context,
+ uint32 bitSize,
+ CssmData ¶ms,
+ uint32 &attrCount,
+ Context::Attr * &attrs);
+
+ /*
+ * Necessary to handle and deflect "context changed" notification which occurs
+ * after the strange return from "generate parameters", when the plugin adds
+ * the "returned" values to the Context.
+ */
+ bool changed(const Context &context) { return true; }
+
+ void dhGenParams(
+ uint32 keySizeInBits,
+ unsigned g, // probably should be BIGNUM
+ int privValueLength, // optional
+ DHParameter &algParams);
+
+private:
+ /* gross hack to store attributes "returned" from GenParams */
+ Context::Attr *mGenAttrs;
+ void freeGenAttrs();
+}; /* DHKeyPairGenContext */
+
+/*
+ * CSPKeyInfoProvider for Diffie-Hellman keys
+ */
+class DHKeyInfoProvider : public CSPKeyInfoProvider
+{
+public:
+ DHKeyInfoProvider(
+ const CssmKey &cssmKey);
+ ~DHKeyInfoProvider() { }
+ void CssmKeyToBinary(
+ BinaryKey **binKey); // RETURNED
+ void QueryKeySizeInBits(
+ CSSM_KEY_SIZE &keySize); // RETURNED
+};
+
+#endif /* _DH_KEYS_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * DH_utils.cpp
+ */
+
+#include "DH_utils.h"
+#include "DH_keys.h"
+#include <opensslUtils/openRsaSnacc.h>
+#include <Security/logging.h>
+#include <Security/debugging.h>
+#include <open_ssl/opensslUtils/opensslUtils.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
+
+#define dhMiscDebug(args...) debug("dhMisc", ## args)
+
+/*
+ * Given a Context:
+ * -- obtain CSSM key (there must only be one)
+ * -- validate keyClass - MUST be private! (DH public keys are never found
+ * in contexts.)
+ * -- validate keyUsage
+ * -- convert to DH *, allocating the DH key if necessary
+ */
+DH *contextToDhKey(
+ const Context &context,
+ AppleCSPSession &session,
+ CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc.
+ bool &mallocdKey) // RETURNED
+{
+ CssmKey &cssmKey =
+ context.get<CssmKey>(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY);
+ const CSSM_KEYHEADER &hdr = cssmKey.KeyHeader;
+ if(hdr.AlgorithmId != CSSM_ALGID_DH) {
+ CssmError::throwMe(CSSMERR_CSP_ALGID_MISMATCH);
+ }
+ if(hdr.KeyClass != CSSM_KEYCLASS_PRIVATE_KEY) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ }
+ cspValidateIntendedKeyUsage(&hdr, usage);
+ return cssmKeyToDh(cssmKey, session, mallocdKey);
+}
+/*
+ * Convert a CssmKey (Private only!) to an DH * key. May result in the
+ * creation of a new DH (when cssmKey is a raw key); allocdKey is true
+ * in that case in which case the caller generally has to free the allocd key).
+ */
+DH *cssmKeyToDh(
+ const CssmKey &cssmKey,
+ AppleCSPSession &session,
+ bool &allocdKey) // RETURNED
+{
+ DH *dhKey = NULL;
+ allocdKey = false;
+
+ const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
+ if(hdr->AlgorithmId != CSSM_ALGID_DH) {
+ // someone else's key (should never happen)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+ assert(hdr->KeyClass == CSSM_KEYCLASS_PRIVATE_KEY);
+ switch(hdr->BlobType) {
+ case CSSM_KEYBLOB_RAW:
+ dhKey = rawCssmKeyToDh(cssmKey);
+ allocdKey = true;
+ break;
+ case CSSM_KEYBLOB_REFERENCE:
+ {
+ BinaryKey &binKey = session.lookupRefKey(cssmKey);
+ DHBinaryKey *dhBinKey = dynamic_cast<DHBinaryKey *>(&binKey);
+ /* this cast failing means that this is some other
+ * kind of binary key */
+ if(dhBinKey == NULL) {
+ dhMiscDebug("cssmKeyToDh: wrong BinaryKey subclass\n");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
+ }
+ assert(dhBinKey->mDhKey != NULL);
+ dhKey = dhBinKey->mDhKey;
+ break;
+ }
+ default:
+ CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT);
+ }
+ return dhKey;
+}
+
+/*
+ * Convert a raw CssmKey (Private only!) to a newly alloc'd DH key.
+ */
+DH *rawCssmKeyToDh(
+ const CssmKey &cssmKey)
+{
+ const CSSM_KEYHEADER *hdr = &cssmKey.KeyHeader;
+
+ if(hdr->AlgorithmId != CSSM_ALGID_DH) {
+ // someone else's key (should never happen)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+ assert(hdr->BlobType == CSSM_KEYBLOB_RAW);
+ assert(hdr->KeyClass == CSSM_KEYCLASS_PRIVATE_KEY);
+ if(hdr->Format != DH_PRIV_KEY_FORMAT) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT);
+ }
+
+ DH *dhKey = DH_new();
+ if(dhKey == NULL) {
+ CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
+ }
+ CSSM_RETURN crtn;
+ crtn = DHPrivateKeyDecode(dhKey,
+ cssmKey.KeyData.Data,
+ cssmKey.KeyData.Length);
+ if(crtn) {
+ CssmError::throwMe(crtn);
+ }
+ return dhKey;
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * DH_utils.h
+ */
+#ifndef _DH_UTILS_H_
+#define _DH_UTILS_H_
+
+#include <openssl/dh.h>
+#include <AppleCSP/AppleCSPSession.h>
+#include <Security/context.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void throwDh(
+ const char *op);
+
+/*
+ * Given a Context:
+ * -- obtain CSSM key (there must only be one)
+ * -- validate keyClass - MUST be private! (DH public keys are never found
+ * in contexts.)
+ * -- validate keyUsage
+ * -- convert to DH *, allocating the DH key if necessary
+ */
+DH *contextToDhKey(
+ const Context &context,
+ AppleCSPSession &session,
+ CSSM_KEYUSE usage, // CSSM_KEYUSE_ENCRYPT, CSSM_KEYUSE_SIGN, etc.
+ bool &mallocdKey); // RETURNED
+
+/*
+ * Convert a CssmKey to an DH * key. May result in the creation of a new
+ * DH (when cssmKey is a raw key); allocdKey is true in that case
+ * in which case the caller generally has to free the allocd key).
+ */
+DH *cssmKeyToDh(
+ const CssmKey &cssmKey,
+ AppleCSPSession &session,
+ bool &allocdKey); // RETURNED
+
+/*
+ * Convert a raw CssmKey to a newly alloc'd DH *.
+ */
+DH *rawCssmKeyToDh(
+ const CssmKey &cssmKey);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /*_DH_UTILS_H_ */
* Created.
*/
+#ifdef CRYPTKIT_CSP_ENABLE
+/* CryptKit compiled in; secure malloc available */
#define STATIC_PERMS 0
+#else
+/* Statically allocated lookup tables */
+#define STATIC_PERMS 1
+#endif /* CRYPTKIT_CSP_ENABLE */
#include "DES.h"
#if !STATIC_PERMS
mDigest.digestFinal((UInt8 *)data.data());
}
+CSPFullPluginSession::CSPContext *DigestContext::clone(CssmAllocator &)
+{
+ /* first clone the low-level digest object */
+ DigestObject *newDigest = mDigest.digestClone();
+
+ /* now construct a new context */
+ return new DigestContext(session(), *newDigest);
+}
+
size_t DigestContext::outputSize(bool, size_t)
{
return mDigest.digestSizeInBytes();
#ifndef _DIGEST_CONTEXT_H_
#define _DIGEST_CONTEXT_H_
-#include <AppleCSP/DigestObject.h>
+#include <Security/digestobject.h>
#include "AppleCSPContext.h"
#include <Security/utilities.h>
void init(const Context &context, bool);
void update(const CssmData &data);
void final(CssmData &data);
+ CSPFullPluginSession::CSPContext *clone(CssmAllocator &); // clone internal state
size_t outputSize(bool, size_t);
private:
setIsDone(true);
}
+/* use default memberwise init */
+DigestObject *MD2Object::digestClone() const
+{
+ return new MD2Object(*this);
+}
+
UInt32 MD2Object::digestSizeInBytes() const
{
return MD2_DIGEST_LENGTH;
#define _MD2_OBJECT_H_
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
-#include <AppleCSP/DigestObject.h>
+#include <Security/digestobject.h>
#include <openssl/md2.h>
class MD2Object : public DigestObject
size_t len);
virtual void digestFinal(
void *digest);
+ virtual DigestObject *digestClone() const;
virtual size_t digestSizeInBytes() const;
private:
MD2_CTX mCtx;
* Final wrapup - pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first)
*/
-void MD5Final(unsigned char *digest, struct MD5Context *ctx)
+void MD5Final(struct MD5Context *ctx, unsigned char *digest)
{
unsigned count;
unsigned char *p;
void MD5Init(struct MD5Context *context);
void MD5Update(struct MD5Context *context, unsigned char const *buf,
unsigned len);
-void MD5Final(unsigned char *digest, struct MD5Context *context);
+void MD5Final(struct MD5Context *context, unsigned char *digest);
/*
* This is needed to make RSAREF happy on some MS-DOS compilers.
UInt32 keyLen;
UInt8 *keyData = NULL;
- symmetricKeyBits(context, CSSM_ALGID_SHA1HMAC,
+ symmetricKeyBits(context, mAlg,
isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY,
keyData, keyLen);
- if((keyLen < HMAC_MIN_KEY_SIZE) || (keyLen > HMAC_MAX_KEY_SIZE)) {
+ UInt32 minKey = 0;
+ switch(mAlg) {
+ case CSSM_ALGID_SHA1HMAC:
+ minKey = HMAC_SHA_MIN_KEY_SIZE;
+ mDigestSize = kHMACSHA1DigestSize;
+ break;
+ case CSSM_ALGID_MD5HMAC:
+ minKey = HMAC_MD5_MIN_KEY_SIZE;
+ mDigestSize = kHMACMD5DigestSize;
+ break;
+ default:
+ assert(0); // factory should not have called us
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+ if((keyLen < minKey) || (keyLen > HMAC_MAX_KEY_SIZE)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
- CSSM_RETURN crtn = hmacInit(mHmac, keyData, keyLen);
+ CSSM_RETURN crtn = hmacInit(mHmac, keyData, keyLen,
+ (mAlg == CSSM_ALGID_SHA1HMAC) ? CSSM_TRUE : CSSM_FALSE);
if(crtn) {
CssmError::throwMe(crtn);
}
/* generate only */
void MacContext::final(CssmData &out)
{
- if(out.length() < kHMACSHA1DigestSize) {
+ if(out.length() < mDigestSize) {
CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
}
hmacFinal(mHmac, out.data());
{
unsigned char mac[kHMACSHA1DigestSize];
hmacFinal(mHmac, mac);
- if(memcmp(mac, in.data(), kHMACSHA1DigestSize)) {
+ if(memcmp(mac, in.data(), mDigestSize)) {
CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED);
}
}
size_t MacContext::outputSize(bool final, size_t inSize)
{
- return kHMACSHA1DigestSize;
+ return mDigestSize;
}
#ifdef CRYPTKIT_CSP_ENABLE
symmetricKeyBits(context, CSSM_ALGID_SHA1HMAC,
isSigning ? CSSM_KEYUSE_SIGN : CSSM_KEYUSE_VERIFY,
keyData, keyLen);
- if((keyLen < HMAC_MIN_KEY_SIZE) || (keyLen > HMAC_MAX_KEY_SIZE)) {
+ if((keyLen < HMAC_SHA_MIN_KEY_SIZE) || (keyLen > HMAC_MAX_KEY_SIZE)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
*/
/*
- * MacContext.h - AppleCSPContext for HMACSHA1
+ * MacContext.h - AppleCSPContext for HMAC{SHA1,MD5}
*/
#ifndef _MAC_CONTEXT_H_
#include <AppleCSP/AppleCSPContext.h>
#include <PBKDF2/HMACSHA1.h>
-#define HMAC_MIN_KEY_SIZE 20 /* in bytes */
+/*
+ * TLS Export Ciphers require HMAC calculation with a secret key
+ * size of 0 bytes. We'd really like to enforce a minimum key size equal
+ * the digest size, per RFC 2104, but TLS precludes that.
+ */
+#define HMAC_MIN_KEY_SIZE 0
+#define HMAC_SHA_MIN_KEY_SIZE HMAC_MIN_KEY_SIZE
+#define HMAC_MD5_MIN_KEY_SIZE HMAC_MIN_KEY_SIZE
#define HMAC_MAX_KEY_SIZE 2048
-
class MacContext : public AppleCSPContext {
public:
MacContext(
- AppleCSPSession &session) :
- AppleCSPContext(session), mHmac(NULL) { }
+ AppleCSPSession &session,
+ CSSM_ALGORITHMS alg) :
+ AppleCSPContext(session),
+ mHmac(NULL),
+ mAlg(alg),
+ mDigestSize(0) { }
~MacContext();
/* called out from CSPFullPluginSession....
private:
hmacContextRef mHmac;
+ CSSM_ALGORITHMS mAlg;
+ UInt32 mDigestSize;
};
#ifdef CRYPTKIT_CSP_ENABLE
class MacLegacyContext : public AppleCSPContext {
public:
MacLegacyContext(
- AppleCSPSession &session) :
+ AppleCSPSession &session,
+ CSSM_ALGORITHMS alg) :
AppleCSPContext(session), mHmac(NULL) { }
~MacLegacyContext();
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * NullCryptor.h - null symmetric encryptor for measurement only
+ * Written by Doug Mitchell 12/17/2001
+ */
+#ifndef _NULL_CRYPTOR_H_
+#define _NULL_CRYPTOR_H_
+
+/*
+ * DO NOT DEFINE THIS SYMBOL TRUE FOR CODE CHECKED IN TO CVS
+ */
+#define NULL_CRYPT_ENABLE 0
+
+#if NULL_CRYPT_ENABLE
+
+#include <Security/CSPsession.h>
+#include "AppleCSP.h"
+#include "AppleCSPContext.h"
+#include "AppleCSPSession.h"
+#include "BlockCryptor.h"
+
+#define NULL_CRYPT_BLOCK_SIZE 16
+
+class NullCryptor : public BlockCryptor {
+public:
+ NullCryptor(AppleCSPSession &session) :
+ BlockCryptor(session),
+ mInitFlag(false) { }
+ ~NullCryptor() { }
+
+ // called by CSPFullPluginSession
+ void init(const Context &context, bool encoding = true)
+ {
+ if(mInitFlag && !opStarted()) {
+ return;
+ }
+ /* Just have BlockCryptor do its setup */
+ setup(NULL_CRYPT_BLOCK_SIZE, context);
+ mInitFlag = true;
+ }
+
+ // called by BlockCryptor
+ void encryptBlock(
+ const void *plainText, // length implied (one block)
+ size_t plainTextLen,
+ void *cipherText,
+ size_t &cipherTextLen, // in/out, throws on overflow
+ bool final)
+ {
+ memmove(cipherText, plainText, NULL_CRYPT_BLOCK_SIZE);
+ cipherTextLen = NULL_CRYPT_BLOCK_SIZE;
+ }
+
+ void decryptBlock(
+ const void *cipherText, // length implied (one cipher block)
+ void *plainText,
+ size_t &plainTextLen, // in/out, throws on overflow
+ bool final)
+ {
+ memmove(plainText, cipherText, NULL_CRYPT_BLOCK_SIZE);
+ plainTextLen = NULL_CRYPT_BLOCK_SIZE;
+ }
+
+private:
+ bool mInitFlag; // for easy reuse
+
+}; /* NullCryptor */
+
+#endif /* NULL_CRYPT_ENABLE */
+
+#endif //_NULL_CRYPTOR_H_
#include "SHA1.h"
#include "SHA1_priv.h"
-#include "platform.h"
+#include <strings.h>
/* for now map falloc to malloc, FIXME */
#include <stdlib.h>
return (unsigned char *)sinst->context.digest;
}
+/* As above, with copy. */
+void sha1GetDigest(sha1Obj sha1,
+ unsigned char *digest)
+{
+ unsigned char *dig = sha1Digest(sha1);
+ memmove(digest, dig, SHS_DIGESTSIZE);
+}
+
unsigned sha1DigestLen(void)
{
return SHS_DIGESTSIZE;
*/
unsigned char *sha1Digest(sha1Obj sha1);
+/* As above, with copy. */
+void sha1GetDigest(sha1Obj sha1,
+ unsigned char *digest);
+
/*
* Obtain the length of the message digest.
*/
if(mIsDone) {
throw std::runtime_error("MD5 digestFinal after final");
}
- MD5Final((unsigned char *)digest, &mCtx);
+ MD5Final(&mCtx, (unsigned char *)digest);
mIsDone = true;
}
+/* use default memberwise init */
+DigestObject *MD5Object::digestClone() const
+{
+ return new MD5Object(*this);
+}
+
UInt32 MD5Object::digestSizeInBytes() const
{
return MD5_DIGEST_SIZE;
mIsDone = true;
}
+/* use default memberwise init */
+DigestObject *SHA1Object::digestClone() const
+{
+ return new SHA1Object(*this);
+}
+
UInt32 SHA1Object::digestSizeInBytes() const
{
return SHS_DIGESTSIZE;
#define _SHA1_MD5_OBJECT_H_
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
-#include <AppleCSP/DigestObject.h>
+#include <Security/digestobject.h>
#include <MiscCSPAlgs/MD5.h>
-#include <CryptKit/SHA1_priv.h>
+#include <MiscCSPAlgs/SHA1_priv.h>
class SHA1Object : public DigestObject
{
size_t len);
virtual void digestFinal(
void *digest);
+ virtual DigestObject *digestClone() const;
virtual size_t digestSizeInBytes() const;
private:
SHS_INFO mCtx;
size_t len);
virtual void digestFinal(
void *digest);
+ virtual DigestObject *digestClone() const;
virtual size_t digestSizeInBytes() const;
private:
MD5Context mCtx;
#include "SHA1_priv.h"
-#include "platform.h"
#include <string.h>
/* The SHS f()-functions */
{
StLock<Mutex> _(desInitMutex());
for(i=0; i<3; i++) {
- if(irtn = desinit(&DesInst[i], DES_MODE_STD)) {
+ if((irtn = desinit(&DesInst[i], DES_MODE_STD))) {
DESDebug("desinit returned %d\n", irtn);
CssmError::throwMe(CSSMERR_CSP_MEMORY_ERROR);
}
#include "miscAlgFactory.h"
#include <AES/aescspi.h>
+#include <AES/gladmanContext.h>
#include "desContext.h"
#include "rc2Context.h"
#include "rc4Context.h"
#include "DigestContext.h"
#include "SHA1_MD5_Object.h" /* raw digest */
#include "MD2Object.h"
+#include "NullCryptor.h"
#include <Security/cssmapple.h>
-/*
- * normally CSSM_ALGID_SHA1HMAC_LEGACY maps to a MacLegacyContext if
- * CRYPTKIT_CSP_ENABLE is true. For quick testing, we also map
- * CSSM_ALGID_SHA1HMAC to MacLegacyContext.
- */
-#define HMAC_BOGUS_ENABLE 0
-
/*
* These #defines are mainly to facilitate measuring the performance of our own
* implementation vs. the ones in BSafe. This factory gets called first; if
switch(alg) {
case CSSM_ALGID_AES:
if(cspCtx == NULL) {
- cspCtx = new AESContext(session);
+ /*
+ * Get optional block size to determine correct implementation
+ */
+ uint32 blockSize = context.getInt(CSSM_ATTRIBUTE_BLOCK_SIZE);
+ if(blockSize == 0) {
+ blockSize = GLADMAN_BLOCK_SIZE_BYTES;
+ }
+ if(GLADMAN_AES_128_ENABLE &&
+ (blockSize == GLADMAN_BLOCK_SIZE_BYTES)) {
+ cspCtx = new GAESContext(session);
+ }
+ else {
+ cspCtx = new AESContext(session);
+ }
}
return true;
return true;
#endif
+ #if NULL_CRYPT_ENABLE
+ case CSSM_ALGID_NONE:
+ if(cspCtx == NULL) {
+ cspCtx = new NullCryptor(session);
+ }
+ return true;
+ #endif /* NULL_CRYPT_ENABLE */
+
default:
break; // not our symmetric alg
} // switch alg for symmetric
case CSSM_ALGID_SHA1HMAC:
if(cspCtx == NULL) {
cspCtx = new AppleSymmKeyGenerator(session,
- HMAC_MIN_KEY_SIZE * 8,
+ HMAC_SHA_MIN_KEY_SIZE * 8,
+ HMAC_MAX_KEY_SIZE * 8,
+ true); // must be byte size
+ }
+ return true;
+ case CSSM_ALGID_MD5HMAC:
+ if(cspCtx == NULL) {
+ cspCtx = new AppleSymmKeyGenerator(session,
+ HMAC_MD5_MIN_KEY_SIZE * 8,
HMAC_MAX_KEY_SIZE * 8,
true); // must be byte size
}
return true;
#endif
+ #if NULL_CRYPT_ENABLE
+ case CSSM_ALGID_NONE:
+ if(cspCtx == NULL) {
+ cspCtx = new AppleSymmKeyGenerator(session,
+ NULL_CRYPT_BLOCK_SIZE * 8,
+ NULL_CRYPT_BLOCK_SIZE * 8,
+ true); // must be byte size
+ }
+ return true;
+ #endif /* NULL_CRYPT_ENABLE */
+
default:
break; // not our keygen alg
} // switch alg for keygen
switch(alg) {
#if MAF_MAC_ENABLE
case CSSM_ALGID_SHA1HMAC:
+ case CSSM_ALGID_MD5HMAC:
if(cspCtx == NULL) {
- #if HMAC_BOGUS_ENABLE
- /* quick hack for Keychain Access testing */
- cspCtx = new MacLegacyContext(session);
- #else
- cspCtx = new MacContext(session);
- #endif
+ cspCtx = new MacContext(session, alg);
}
return true;
#endif
#if CRYPTKIT_CSP_ENABLE
case CSSM_ALGID_SHA1HMAC_LEGACY:
if(cspCtx == NULL) {
- cspCtx = new MacLegacyContext(session);
+ cspCtx = new MacLegacyContext(session, alg);
}
return true;
#endif
Written by: Michael Brouwer <mb@apple.com>
*/
#include "HMACSHA1.h"
-#include <CryptKit/SHA1.h>
+#include <MiscCSPAlgs/SHA1.h>
+#include <MiscCSPAlgs/MD5.h>
#include <string.h>
#include <stdlib.h> // for malloc - maybe we should use CssmAllocator?
#include <Security/cssmerr.h>
+#pragma mark --- Common digest class ---
+
+typedef struct {
+ union {
+ sha1Obj sha1Context; // must be allocd via sha1Alloc
+ struct MD5Context md5Context;
+ } dig;
+ CSSM_BOOL isSha1;
+} DigestCtx;
+
+/* Ops on a DigestCtx */
+static CSSM_RETURN DigestCtxInit(
+ DigestCtx *ctx,
+ CSSM_BOOL isSha1)
+{
+ if(isSha1) {
+ if(ctx->dig.sha1Context == NULL) {
+ ctx->dig.sha1Context = sha1Alloc();
+ if(ctx->dig.sha1Context == NULL) {
+ return CSSMERR_CSP_MEMORY_ERROR;
+ }
+ }
+ else {
+ sha1Reinit(ctx->dig.sha1Context);
+ }
+ }
+ else {
+ MD5Init(&ctx->dig.md5Context);
+ }
+ ctx->isSha1 = isSha1;
+ return CSSM_OK;
+}
+
+static void DigestCtxFree(
+ DigestCtx *ctx)
+{
+ if(ctx->isSha1) {
+ sha1Free(ctx->dig.sha1Context);
+ }
+ memset(ctx, 0, sizeof(DigestCtx));
+}
+
+static void DigestCtxUpdate(
+ DigestCtx *ctx,
+ const void *textPtr,
+ UInt32 textLen)
+{
+ if(ctx->isSha1) {
+ sha1AddData(ctx->dig.sha1Context, (unsigned char *)textPtr, textLen);
+ }
+ else {
+ MD5Update(&ctx->dig.md5Context, (unsigned char *)textPtr, textLen);
+ }
+}
+
+static void DigestCtxFinal(
+ DigestCtx *ctx,
+ void *digest)
+{
+ if(ctx->isSha1) {
+ sha1GetDigest(ctx->dig.sha1Context, (unsigned char *)digest);
+ }
+ else {
+ MD5Final(&ctx->dig.md5Context, (unsigned char *)digest);
+ }
+}
+
+#pragma mark --- HMAC class ---
+
struct hmacContext {
- sha1Obj sha1Context;
- UInt8 k_opad[kSHA1BlockSize];
+ DigestCtx digest;
+ UInt8 k_opad[kSHA1BlockSize];
};
hmacContextRef hmacAlloc()
hmacContextRef hmac)
{
if(hmac != NULL) {
- if(hmac->sha1Context != NULL) {
- sha1Free (hmac->sha1Context);
- }
+ DigestCtxFree(&hmac->digest);
memset(hmac, 0, sizeof(struct hmacContext));
free(hmac);
}
CSSM_RETURN hmacInit(
hmacContextRef hmac,
const void *keyPtr,
- UInt32 keyLen)
+ UInt32 keyLen,
+ CSSM_BOOL isSha1) // true -> SHA1; false -> MD5
{
UInt8 tk[kSHA1DigestSize];
UInt8 *key;
UInt32 byte;
UInt8 k_ipad[kSHA1BlockSize];
-
- if(hmac->sha1Context == NULL) {
- hmac->sha1Context = sha1Alloc();
- if(hmac->sha1Context == NULL) {
- return CSSMERR_CSP_MEMORY_ERROR;
- }
- }
- else {
- sha1Reinit(hmac->sha1Context);
- }
+ UInt32 digestSize = sha1Digest ? kSHA1DigestSize : MD5_DIGEST_SIZE;
- /* If the key is longer than kSHA1BlockSize reset it to key=SHA1(key) */
+ DigestCtxInit(&hmac->digest, isSha1);
+
+ /* If the key is longer than kSHA1BlockSize reset it to key=digest(key) */
if (keyLen <= kSHA1BlockSize)
key = (UInt8*)keyPtr;
else {
- sha1AddData(hmac->sha1Context, (UInt8*)keyPtr, keyLen);
- memcpy (tk, sha1Digest(hmac->sha1Context), kSHA1DigestSize);
+ DigestCtxUpdate(&hmac->digest, (UInt8*)keyPtr, keyLen);
+ DigestCtxFinal(&hmac->digest, tk);
key = tk;
- keyLen = kSHA1DigestSize;
- sha1Reinit (hmac->sha1Context);
+ keyLen = digestSize;
+ DigestCtxInit(&hmac->digest, isSha1);
}
- /* The HMAC_SHA_1 transform looks like:
- SHA1 (K XOR opad || SHA1 (K XOR ipad || text))
+ /* The HMAC_<DIG> transform looks like:
+ <DIG> (K XOR opad || <DIG> (K XOR ipad || text))
Where K is a n byte key
ipad is the byte 0x36 repeated 64 times.
opad is the byte 0x5c repeated 64 times.
memset (k_ipad + keyLen, 0x36, kSHA1BlockSize - keyLen);
memset (hmac->k_opad + keyLen, 0x5c, kSHA1BlockSize - keyLen);
}
- sha1AddData (hmac->sha1Context, k_ipad, kSHA1BlockSize);
+ DigestCtxUpdate(&hmac->digest, k_ipad, kSHA1BlockSize);
return CSSM_OK;
}
const void *textPtr,
UInt32 textLen)
{
- sha1AddData (hmac->sha1Context, (UInt8*)textPtr, textLen);
+ DigestCtxUpdate(&hmac->digest, textPtr, textLen);
return CSSM_OK;
}
CSSM_RETURN hmacFinal(
hmacContextRef hmac,
- void *resultPtr) // caller mallocs, must be HMACSHA1_OUT_SIZE bytes
+ void *resultPtr) // caller mallocs, must be appropriate output size for
+ // current digest algorithm
{
- memcpy (resultPtr, sha1Digest (hmac->sha1Context), kSHA1DigestSize);
- sha1Reinit (hmac->sha1Context);
- /* Perform outer SHA1 */
- sha1AddData (hmac->sha1Context, hmac->k_opad, kSHA1BlockSize);
- sha1AddData (hmac->sha1Context, (UInt8*)resultPtr, kSHA1DigestSize);
- memcpy (resultPtr, sha1Digest (hmac->sha1Context), kSHA1DigestSize);
+ UInt32 digestSize = hmac->digest.isSha1 ? kSHA1DigestSize : kHMACMD5DigestSize;
+
+ DigestCtxFinal(&hmac->digest, resultPtr);
+ DigestCtxInit(&hmac->digest, hmac->digest.isSha1);
+ /* Perform outer digest */
+ DigestCtxUpdate(&hmac->digest, hmac->k_opad, kSHA1BlockSize);
+ DigestCtxUpdate(&hmac->digest, resultPtr, digestSize);
+ DigestCtxFinal(&hmac->digest, resultPtr);
return CSSM_OK;
}
void *resultPtr)
{
hmacContextRef hmac = hmacAlloc();
- hmacInit(hmac, keyPtr, keyLen);
+ hmacInit(hmac, keyPtr, keyLen, CSSM_TRUE);
hmacUpdate(hmac, textPtr, textLen);
hmacFinal(hmac, resultPtr);
hmacFree(hmac);
/*
File: HMACSHA1.h
- Contains: Apple Data Security Services HMACSHA1 function declaration.
+ Contains: Apple Data Security Services HMAC{SHA1,MD5} function declaration.
Copyright: (C) 1999 by Apple Computer, Inc., all rights reserved
Written by: Michael Brouwer <mb@apple.com>
*/
#endif
#define kHMACSHA1DigestSize 20
+#define kHMACMD5DigestSize 16
/* XXX These should really be in SHA1.h */
#define kSHA1DigestSize 20
#define kSHA1BlockSize 64
-/* This function create an HMACSHA1 digest of kHMACSHA1DigestSize and outputs
- it to resultPtr. See RFC 2104 for details. */
+/* This function create an HMACSHA1 digest of kHMACSHA1DigestSizestSize bytes
+ * and outputs it to resultPtr. See RFC 2104 for details. */
void
hmacsha1 (const void *keyPtr, UInt32 keyLen,
const void *textPtr, UInt32 textLen,
/*
* Staged version.
*
- * Opaque reference to an hmacsha1 session
+ * Opaque reference to an hmac session
*/
struct hmacContext;
typedef struct hmacContext *hmacContextRef;
CSSM_RETURN hmacInit(
hmacContextRef hmac,
const void *keyPtr,
- UInt32 keyLen);
+ UInt32 keyLen,
+ CSSM_BOOL sha1Digest); // true -> SHA1; false -> MD5
CSSM_RETURN hmacUpdate(
hmacContextRef hmac,
const void *textPtr,
#include "RSA_DSA_signature.h" /* raw signer */
#include <MiscCSPAlgs/SHA1_MD5_Object.h> /* raw digest */
#include <AppleCSP/SignatureContext.h>
-#include <AppleCSP/NullDigest.h>
-#include "RSA_DSA_Keys.h"
+#include <Security/digestobject.h>
+#include "RSA_DSA_keys.h"
#include "RSA_asymmetric.h"
#include <MiscCSPAlgs/MD2Object.h>
#include <Security/cssmapple.h>
* RSA_DSA_Keys.cpp - RSA, DSA related asymmetric key pair classes.
*/
-#include "RSA_DSA_Keys.h"
+#include "RSA_DSA_keys.h"
#include <opensslUtils/opensslUtils.h>
#include <opensslUtils/openRsaSnacc.h>
#include <Security/cssmdata.h>
RSAKeyInfoProvider::RSAKeyInfoProvider(
const CssmKey &cssmKey) :
CSPKeyInfoProvider(cssmKey)
+{
+}
+
+CSPKeyInfoProvider *RSAKeyInfoProvider::provider(
+ const CssmKey &cssmKey)
{
switch(cssmKey.algorithm()) {
case CSSM_ALGID_RSA:
break;
default:
- CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ return NULL;
}
switch(cssmKey.keyClass()) {
case CSSM_KEYCLASS_PUBLIC_KEY:
case CSSM_KEYCLASS_PRIVATE_KEY:
break;
default:
- CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ return NULL;
}
/* OK, we'll handle this one */
- return;
+ return new RSAKeyInfoProvider(cssmKey);
}
/* Given a raw key, cook up a Binary key */
const CssmKey &cssmKey) :
CSPKeyInfoProvider(cssmKey)
{
+
+}
+CSPKeyInfoProvider *DSAKeyInfoProvider::provider(
+ const CssmKey &cssmKey)
+{
switch(cssmKey.algorithm()) {
case CSSM_ALGID_DSA:
break;
default:
- CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ return NULL;
}
switch(cssmKey.keyClass()) {
case CSSM_KEYCLASS_PUBLIC_KEY:
case CSSM_KEYCLASS_PRIVATE_KEY:
break;
default:
- CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+ return NULL;
}
/* OK, we'll handle this one */
- return;
+ return new DSAKeyInfoProvider(cssmKey);
}
/* Given a raw key, cook up a Binary key */
*/
class RSAKeyInfoProvider : public CSPKeyInfoProvider
{
-public:
+private:
RSAKeyInfoProvider(
const CssmKey &cssmKey);
+public:
+ static CSPKeyInfoProvider *provider(
+ const CssmKey &cssmKey);
~RSAKeyInfoProvider() { }
void CssmKeyToBinary(
BinaryKey **binKey); // RETURNED
*/
class DSAKeyInfoProvider : public CSPKeyInfoProvider
{
-public:
+private:
DSAKeyInfoProvider(
const CssmKey &cssmKey);
+public:
+ static CSPKeyInfoProvider *provider(
+ const CssmKey &cssmKey);
~DSAKeyInfoProvider() { }
void CssmKeyToBinary(
BinaryKey **binKey); // RETURNED
{
setIsSigning(isSigning);
keyFromContext(context);
+
+ /* optional padding attribute */
+ uint32 padding;
+ bool padPresent = context.getInt(CSSM_ATTRIBUTE_PADDING, padding);
+ if(padPresent) {
+ /* padding specified in context, convert to openssl style */
+ switch(padding) {
+ case CSSM_PADDING_NONE:
+ mPadding = RSA_NO_PADDING;
+ break;
+ case CSSM_PADDING_PKCS1:
+ mPadding = RSA_PKCS1_PADDING;
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+ }
+ }
setInitFlag(true);
}
(unsigned char *)encodedInfo.data(),
(unsigned char *)sig,
mRsaKey,
- RSA_PKCS1_PADDING);
+ mPadding);
if(irtn < 0) {
throwRsaDsa("RSA_private_encrypt");
}
(unsigned char *)sig,
decryptSig,
mRsaKey,
- RSA_PKCS1_PADDING);
+ mPadding);
if(irtn < 0) {
op = "RSA_public_decrypt";
throwSigVerify = true;
#include <AppleCSP/RawSigner.h>
#include <AppleCSP/AppleCSPSession.h>
+#define RSA_SIG_PADDING_DEFAULT RSA_PKCS1_PADDING
+
class RSASigner : public RawSigner {
public:
RSASigner(
RawSigner(alloc, digestAlg),
mRsaKey(NULL),
mWeMallocdRsaKey(false),
- mSession(session) { }
+ mSession(session),
+ mPadding(RSA_SIG_PADDING_DEFAULT) { }
~RSASigner();
RSA *mRsaKey;
bool mWeMallocdRsaKey;
AppleCSPSession &mSession;
+ int mPadding; // RSA_NO_PADDING, RSA_PKCS1_PADDING
};
class DSASigner : public RawSigner {
#define rsaMiscDebug(args...) debug("rsaMisc", ## args)
-void throwRsaDsa(
- const char *op)
-{
- unsigned long e = logSslErrInfo(op);
- CSSM_RETURN cerr = CSSM_OK;
-
- /* try to parse into something meaningful */
- int reason = ERR_GET_REASON(e);
- int lib = ERR_GET_LIB(e);
-
- /* first try the global ones */
- switch(reason) {
- case ERR_R_MALLOC_FAILURE:
- cerr = CSSMERR_CSP_MEMORY_ERROR; break;
- case ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED:
- /* internal */ break;
- case ERR_R_PASSED_NULL_PARAMETER:
- cerr = CSSMERR_CSP_INVALID_POINTER; break;
- case ERR_R_NESTED_ASN1_ERROR:
- case ERR_R_BAD_ASN1_OBJECT_HEADER:
- case ERR_R_BAD_GET_ASN1_OBJECT_CALL:
- case ERR_R_EXPECTING_AN_ASN1_SEQUENCE:
- case ERR_R_ASN1_LENGTH_MISMATCH:
- case ERR_R_MISSING_ASN1_EOS:
- /* ASN - shouldn't happen, right? */
- cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
- default:
- break;
- }
- if(cerr != CSSM_OK) {
- CssmError::throwMe(cerr);
- }
-
- /* now the lib-specific ones */
- switch(lib) {
- case ERR_R_BN_LIB:
- /* all indicate serious internal error...right? */
- cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
- case ERR_R_RSA_LIB:
- switch(reason) {
- case RSA_R_ALGORITHM_MISMATCH:
- cerr = CSSMERR_CSP_ALGID_MISMATCH; break;
- case RSA_R_BAD_SIGNATURE:
- cerr = CSSMERR_CSP_VERIFY_FAILED; break;
- case RSA_R_DATA_TOO_LARGE:
- case RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:
- case RSA_R_DATA_TOO_SMALL:
- case RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE:
- case RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY:
- cerr = CSSMERR_CSP_INPUT_LENGTH_ERROR; break;
- case RSA_R_KEY_SIZE_TOO_SMALL:
- cerr = CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH; break;
- case RSA_R_PADDING_CHECK_FAILED:
- cerr = CSSMERR_CSP_INVALID_DATA; break;
- case RSA_R_RSA_OPERATIONS_NOT_SUPPORTED:
- cerr = CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED; break;
- case RSA_R_UNKNOWN_ALGORITHM_TYPE:
- cerr = CSSMERR_CSP_INVALID_ALGORITHM; break;
- case RSA_R_WRONG_SIGNATURE_LENGTH:
- cerr = CSSMERR_CSP_VERIFY_FAILED; break;
- default:
- cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
- }
- break;
- case ERR_R_DSA_LIB:
- switch(reason) {
- case DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:
- cerr = CSSMERR_CSP_INPUT_LENGTH_ERROR; break;
- default:
- cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
- }
- break;
- default:
- cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
- }
- CssmError::throwMe(cerr);
-}
-
-/*
- * given an openssl-style error, throw appropriate CssmError.
- */
-void throwOpensslErr(int irtn)
-{
- /* FIXME */
- CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
-}
-
/*
* Given a Context:
* -- obtain CSSM key (there must only be one)
extern "C" {
#endif
-void throwRsaDsa(
- const char *op);
-
-/*
- * given an openssl-style error, throw appropriate CssmError.
- */
-void throwOpensslErr(
- int irtn);
-
/*
* Given a Context:
* -- obtain CSSM key (there must only be one)
#include "RSA_asymmetric.h"
#include "RSA_DSA_utils.h"
#include <Security/debugging.h>
+#include <open_ssl/opensslUtils/opensslUtils.h>
#define rsaCryptDebug(args...) debug("rsaCrypt", ## args)
#define rbprintf(args...) debug("rsaBuf", ## args)
assert(opStarted());
}
- /* validate context - TBD */
+ unsigned cipherBlockSize = RSA_size(mRsaKey);
+ unsigned plainBlockSize;
+
+ /* padding - not present means value zero, CSSM_PADDING_NONE */
+ uint32 padding = context.getInt(CSSM_ATTRIBUTE_PADDING);
+ switch(padding) {
+ case CSSM_PADDING_NONE:
+ mPadding = RSA_NO_PADDING;
+ plainBlockSize = cipherBlockSize;
+ break;
+ case CSSM_PADDING_PKCS1:
+ mPadding = RSA_PKCS1_PADDING;
+ plainBlockSize = cipherBlockSize - 11;
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+ }
/* finally, have BlockCryptor set up its stuff. */
- unsigned cipherBlockSize = RSA_size(mRsaKey);
- unsigned plainBlockSize = cipherBlockSize - 11;
setup(encoding ? plainBlockSize : cipherBlockSize, // blockSizeIn
encoding ? cipherBlockSize : plainBlockSize, // blockSizeOut
false, // pkcs5Pad
(unsigned char *)plainText,
(unsigned char *)cipherText,
mRsaKey,
- RSA_PKCS1_PADDING);
+ mPadding);
}
else {
irtn = RSA_private_encrypt(plainTextLen,
(unsigned char *)plainText,
(unsigned char *)cipherText,
mRsaKey,
- RSA_PKCS1_PADDING);
+ mPadding);
}
if(irtn < 0) {
throwRsaDsa("RSA_public_encrypt");
(unsigned char *)cipherText,
(unsigned char *)plainText,
mRsaKey,
- RSA_PKCS1_PADDING);
+ mPadding);
}
else {
irtn = RSA_private_decrypt(inBlockSize(),
(unsigned char *)cipherText,
(unsigned char *)plainText,
mRsaKey,
- RSA_PKCS1_PADDING);
+ mPadding);
}
if(irtn < 0) {
throwRsaDsa("RSA_private_decrypt");
#include <AppleCSP/BlockCryptor.h>
#include <openssl/rsa.h>
+#define RSA_ASYM_PADDING_DEFAULT RSA_PKCS1_PADDING
+
class RSA_CryptContext : public BlockCryptor {
public:
RSA_CryptContext(AppleCSPSession &session) :
BlockCryptor(session),
mRsaKey(NULL),
mAllocdRsaKey(false),
- mInitFlag(false) { }
+ mInitFlag(false),
+ mPadding(RSA_ASYM_PADDING_DEFAULT) { }
~RSA_CryptContext();
RSA *mRsaKey;
bool mAllocdRsaKey;
bool mInitFlag; // allows easy reuse
+ int mPadding; // RSA_NO_PADDING, RSA_PKCS1_PADDING
}; /* RSA_CryptContext */
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>Capabilities</key>
+ <string>file:csp_capabilities_common.mds</string>
+ <key>MdsFileDescription</key>
+ <string>Built-in CSP Capabilities</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE</string>
+ <key>ModuleID</key>
+ <string>{87191ca2-0fc9-11d4-849a000502b52122}</string>
+ <key>SSID</key>
+ <integer>0</integer>
+</dict>
+</plist>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<array>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>SHA1 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>16</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>MD5 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>16</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>MD2 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RSA Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <integer>64</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>DES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_3DES_3KEY</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <integer>192</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>3DES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC2 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC4</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC4 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC5 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>SHA1HMAC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_AES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>128</integer>
+ <integer>192</integer>
+ <integer>256</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>AES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_ASC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>ASC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>31</integer>
+ <integer>127</integer>
+ <integer>128</integer>
+ <integer>161</integer>
+ <integer>192</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>FEE Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>DSA Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>DES Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_3DES_3KEY_EDE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>3DES EDE Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_AES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>AES Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC4</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>0</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>RC4 Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>RC5 Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>RSA Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEEDEXP</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>FEEDExp Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEED</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>FEED Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD5 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD2WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD2 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 With DSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw DSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD5 with FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 with FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithECDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 with ECDSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_ECDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw ECDSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_MAC</string>
+ <key>Description</key>
+ <string>SHA1HMAC MAC</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC_LEGACY</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_MAC</string>
+ <key>Description</key>
+ <string>SHA1HMAC MAC Legacy</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_APPLE_YARROW</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_RANDOMGEN</string>
+ <key>Description</key>
+ <string>Yarrow PRNG</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+</array>
+</plist>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>BuiltIn</key>
+ <true/>
+ <key>CDSAVersion</key>
+ <string>2.0</string>
+ <key>Desc</key>
+ <string>Apple built-in CSP</string>
+ <key>DynamicFlag</key>
+ <false/>
+ <key>MdsFileDescription</key>
+ <string>Built-in CSP Common info</string>
+ <key>MdsFileType</key>
+ <string>PluginCommon</string>
+ <key>ModuleID</key>
+ <string>{87191ca2-0fc9-11d4-849a000502b52122}</string>
+ <key>ModuleName</key>
+ <string>AppleCSP</string>
+ <key>MultiThreadFlag</key>
+ <true/>
+ <key>ProductVersion</key>
+ <string>1.0</string>
+ <key>ServiceMask</key>
+ <string>CSSM_SERVICE_CSP</string>
+</dict>
+</plist>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array/>
+ <key>AuthTags</key>
+ <array/>
+ <key>CspCustomFlags</key>
+ <integer>0</integer>
+ <key>CspFlags</key>
+ <string></string>
+ <key>CspType</key>
+ <string>CSSM_CSP_SOFTWARE</string>
+ <key>MdsFileDescription</key>
+ <string>Built-in CSP Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE</string>
+ <key>ModuleID</key>
+ <string>{87191ca2-0fc9-11d4-849a000502b52122}</string>
+ <key>ModuleName</key>
+ <string>AppleCSP</string>
+ <key>ProductVersion</key>
+ <string>1.0</string>
+ <key>SSID</key>
+ <integer>0</integer>
+ <key>SampleTypes</key>
+ <array/>
+ <key>UseeTags</key>
+ <array/>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
{ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"},
{ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"},
{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0), "BN_mod_exp_mont"},
+{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0), "BN_mod_exp_mont_word"},
{ERR_PACK(0,BN_F_BN_MOD_INVERSE,0), "BN_mod_inverse"},
{ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0), "BN_mod_mul_reciprocal"},
{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"},
{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"},
{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"},
+{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"},
{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"},
{0,NULL}
};
{BN_R_ENCODING_ERROR ,"encoding error"},
{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"},
{BN_R_INVALID_LENGTH ,"invalid length"},
+{BN_R_INVALID_RANGE ,"invalid range"},
{BN_R_NOT_INITIALIZED ,"not initialized"},
{BN_R_NO_INVERSE ,"no inverse"},
{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"},
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/* crypto/bn/bn_exp.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
#include <stdio.h>
#include "cryptlib.h"
# include <dlfcn.h>
#endif
-#define TABLE_SIZE 16
+
+#define TABLE_SIZE 32
/* slow but works */
int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
return(r);
}
-#if 0
-/* this one works - simple but works */
-int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, BN_CTX *ctx)
- {
- int i,bits,ret=0;
- BIGNUM *v,*tmp;
-
- BN_CTX_start(ctx);
- v = BN_CTX_get(ctx);
- tmp = BN_CTX_get(ctx);
- if (v == NULL || tmp == NULL) goto err;
-
- if (BN_copy(v,a) == NULL) goto err;
- bits=BN_num_bits(p);
-
- if (BN_is_odd(p))
- { if (BN_copy(r,a) == NULL) goto err; }
- else { if (!BN_one(r)) goto err; }
-
- for (i=1; i<bits; i++)
- {
- if (!BN_sqr(tmp,v,ctx)) goto err;
- if (!BN_mod(v,tmp,m,ctx)) goto err;
- if (BN_is_bit_set(p,i))
- {
- if (!BN_mul(tmp,r,v,ctx)) goto err;
- if (!BN_mod(r,tmp,m,ctx)) goto err;
- }
- }
- ret=1;
-err:
- BN_CTX_end(ctx);
- return(ret);
- }
-
-#endif
/* this one works - simple but works */
int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)
return(ret);
}
+
#ifdef ATALLA
/*
}
#endif /* def ATALLA */
+
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx)
{
/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
if (BN_is_odd(m))
- { ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); }
+ {
+ if (a->top == 1)
+ {
+ BN_ULONG A = a->d[0];
+ ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
+ }
+ else
+ ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
+ }
else
#endif
#ifdef RECP_MUL_MOD
return(ret);
}
-/* #ifdef RECP_MUL_MOD */
+
int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
ts=1;
if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */
- if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
- goto err; /* 2 */
-
- if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
- window=1;
- else if (bits >= 256)
- window=5; /* max size of window */
- else if (bits >= 128)
- window=4;
- else
- window=3;
- j=1<<(window-1);
- for (i=1; i<j; i++)
+ window = BN_window_bits_for_exponent_size(bits);
+ if (window > 1)
{
- BN_init(&val[i]);
- if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx))
- goto err;
+ if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
+ goto err; /* 2 */
+ j=1<<(window-1);
+ for (i=1; i<j; i++)
+ {
+ BN_init(&val[i]);
+ if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx))
+ goto err;
+ }
+ ts=i;
}
- ts=i;
-
+
start=1; /* This is used to avoid multiplication etc
* when there is only the value '1' in the
* buffer. */
BN_RECP_CTX_free(&recp);
return(ret);
}
-/* #endif */
-/* #ifdef MONT_MUL_MOD */
+
int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
/* If this is not done, things will break in the montgomery
* part */
-#if 1
if (in_mont != NULL)
mont=in_mont;
else
-#endif
{
if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
ts=1;
if (BN_ucmp(a,m) >= 0)
{
- BN_mod(&(val[0]),a,m,ctx);
+ if (!BN_mod(&(val[0]),a,m,ctx))
+ goto err;
aa= &(val[0]);
}
else
aa=a;
if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */
- if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
-
- if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */
- window=1;
- else if (bits >= 256)
- window=5; /* max size of window */
- else if (bits >= 128)
- window=4;
- else
- window=3;
- j=1<<(window-1);
- for (i=1; i<j; i++)
+ window = BN_window_bits_for_exponent_size(bits);
+ if (window > 1)
{
- BN_init(&(val[i]));
- if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx))
- goto err;
+ if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
+ j=1<<(window-1);
+ for (i=1; i<j; i++)
+ {
+ BN_init(&(val[i]));
+ if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx))
+ goto err;
+ }
+ ts=i;
}
- ts=i;
start=1; /* This is used to avoid multiplication etc
* when there is only the value '1' in the
wstart=bits-1; /* The top bit of the window */
wend=0; /* The bottom bit of the window */
- if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+ if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
for (;;)
{
if (BN_is_bit_set(p,wstart) == 0)
start=0;
if (wstart < 0) break;
}
- BN_from_montgomery(rr,r,mont,ctx);
+ if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
ret=1;
err:
if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
BN_clear_free(&(val[i]));
return(ret);
}
-/* #endif */
+
+int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+ BN_MONT_CTX *mont = NULL;
+ int b, bits, ret=0;
+ int r_is_one;
+ BN_ULONG w, next_w;
+ BIGNUM *d, *r, *t;
+ BIGNUM *swap_tmp;
+#define BN_MOD_MUL_WORD(r, w, m) \
+ (BN_mul_word(r, (w)) && \
+ (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \
+ (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
+ /* BN_MOD_MUL_WORD is only used with 'w' large,
+ * so the BN_ucmp test is probably more overhead
+ * than always using BN_mod (which uses BN_copy if
+ * a similar test returns true). */
+#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
+ (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+
+ bn_check_top(p);
+ bn_check_top(m);
+
+ if (!(m->d[0] & 1))
+ {
+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
+ return(0);
+ }
+ bits = BN_num_bits(p);
+ if (bits == 0)
+ {
+ BN_one(rr);
+ return(1);
+ }
+ BN_CTX_start(ctx);
+ d = BN_CTX_get(ctx);
+ r = BN_CTX_get(ctx);
+ t = BN_CTX_get(ctx);
+ if (d == NULL || r == NULL || t == NULL) goto err;
+
+#ifdef ATALLA
+ if (!tried_atalla)
+ {
+ BN_set_word(t, a);
+ if (BN_mod_exp_atalla(rr, t, p, m))
+ {
+ BN_CTX_end(ctx);
+ return 1;
+ }
+ }
+/* If it fails, try the other methods */
+#endif
+
+ if (in_mont != NULL)
+ mont=in_mont;
+ else
+ {
+ if ((mont = BN_MONT_CTX_new()) == NULL) goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;
+ }
+
+ r_is_one = 1; /* except for Montgomery factor */
+
+ /* bits-1 >= 0 */
+
+ /* The result is accumulated in the product r*w. */
+ w = a; /* bit 'bits-1' of 'p' is always set */
+ for (b = bits-2; b >= 0; b--)
+ {
+ /* First, square r*w. */
+ next_w = w*w;
+ if ((next_w/w) != w) /* overflow */
+ {
+ if (r_is_one)
+ {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+ r_is_one = 0;
+ }
+ else
+ {
+ if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+ }
+ next_w = 1;
+ }
+ w = next_w;
+ if (!r_is_one)
+ {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;
+ }
+
+ /* Second, multiply r*w by 'a' if exponent bit is set. */
+ if (BN_is_bit_set(p, b))
+ {
+ next_w = w*a;
+ if ((next_w/a) != w) /* overflow */
+ {
+ if (r_is_one)
+ {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+ r_is_one = 0;
+ }
+ else
+ {
+ if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+ }
+ next_w = a;
+ }
+ w = next_w;
+ }
+ }
+
+ /* Finally, set r:=r*w. */
+ if (w != 1)
+ {
+ if (r_is_one)
+ {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+ r_is_one = 0;
+ }
+ else
+ {
+ if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+ }
+ }
+
+ if (r_is_one) /* can happen only if a == 1*/
+ {
+ if (!BN_one(rr)) goto err;
+ }
+ else
+ {
+ if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;
+ }
+ ret = 1;
+err:
+ if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ BN_CTX_end(ctx);
+ return(ret);
+ }
+
/* The old fallback, simple version :-) */
int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
BN_init(&(val[0]));
ts=1;
if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */
- if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
- goto err; /* 2 */
-
- if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
- window=1;
- else if (bits >= 256)
- window=5; /* max size of window */
- else if (bits >= 128)
- window=4;
- else
- window=3;
- j=1<<(window-1);
- for (i=1; i<j; i++)
+ window = BN_window_bits_for_exponent_size(bits);
+ if (window > 1)
{
- BN_init(&(val[i]));
- if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
- goto err;
+ if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
+ goto err; /* 2 */
+ j=1<<(window-1);
+ for (i=1; i<j; i++)
+ {
+ BN_init(&(val[i]));
+ if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
+ goto err;
+ }
+ ts=i;
}
- ts=i;
start=1; /* This is used to avoid multiplication etc
* when there is only the value '1' in the
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/* crypto/bn/bn_lcl.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#ifndef HEADER_BN_LCL_H
#define HEADER_BN_LCL_H
extern "C" {
#endif
+
+/*
+ * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
+ *
+ *
+ * For window size 'w' (w >= 2) and a random 'b' bits exponent,
+ * the number of multiplications is a constant plus on average
+ *
+ * 2^(w-1) + (b-w)/(w+1);
+ *
+ * here 2^(w-1) is for precomputing the table (we actually need
+ * entries only for windows that have the lowest bit set), and
+ * (b-w)/(w+1) is an approximation for the expected number of
+ * w-bit windows, not counting the first one.
+ *
+ * Thus we should use
+ *
+ * w >= 6 if b > 671
+ * w = 5 if 671 > b > 239
+ * w = 4 if 239 > b > 79
+ * w = 3 if 79 > b > 23
+ * w <= 2 if 23 > b
+ *
+ * (with draws in between). Very small exponents are often selected
+ * with low Hamming weight, so we use w = 1 for b <= 23.
+ */
+#if 1
+#define BN_window_bits_for_exponent_size(b) \
+ ((b) > 671 ? 6 : \
+ (b) > 239 ? 5 : \
+ (b) > 79 ? 4 : \
+ (b) > 23 ? 3 : 1)
+#else
+/* Old SSLeay/OpenSSL table.
+ * Maximum window size was 5, so this table differs for b==1024;
+ * but it coincides for other interesting values (b==160, b==512).
+ */
+#define BN_window_bits_for_exponent_size(b) \
+ ((b) > 255 ? 5 : \
+ (b) > 127 ? 4 : \
+ (b) > 17 ? 3 : 1)
+#endif
+
+
+
/* Pentium pro 16,16,16,32,64 */
/* Alpha 16,16,16,16.64 */
#define BN_MULL_SIZE_NORMAL (16) /* 32 */
/* This is used for internal error checking and is not normally used */
#ifdef BN_DEBUG
# include <assert.h>
-# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->max);
+# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax);
#else
# define bn_check_top(a)
#endif
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/* crypto/bn/bn_rand.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
{
unsigned char *buf=NULL;
int ret=0,bit,bytes,mask;
- #ifndef __APPLE__
time_t tim;
- #endif
-
+
+ if (bits == 0)
+ {
+ BN_zero(rnd);
+ return 1;
+ }
+
bytes=(bits+7)/8;
bit=(bits-1)%8;
- mask=0xff<<bit;
+ mask=0xff<<(bit+1);
buf=(unsigned char *)Malloc(bytes);
if (buf == NULL)
}
/* make a random number and set the top and bottom bits */
- #ifndef __APPLE__
- /* we really don't need to do this, we have a good RNG */
time(&tim);
RAND_add(&tim,sizeof(tim),0);
- #endif /* __APPLE__ */
-
+
if (pseudorand)
{
if (RAND_pseudo_bytes(buf, bytes) == -1)
goto err;
}
- if (top)
+#if 1
+ if (pseudorand == 2)
{
- if (bit == 0)
+ /* generate patterns that are more likely to trigger BN
+ library bugs */
+ int i;
+ unsigned char c;
+
+ for (i = 0; i < bytes; i++)
{
- buf[0]=1;
- buf[1]|=0x80;
+ RAND_pseudo_bytes(&c, 1);
+ if (c >= 128 && i > 0)
+ buf[i] = buf[i-1];
+ else if (c < 42)
+ buf[i] = 0;
+ else if (c < 84)
+ buf[i] = 255;
+ }
+ }
+#endif
+
+ if (top != -1)
+ {
+ if (top)
+ {
+ if (bit == 0)
+ {
+ buf[0]=1;
+ buf[1]|=0x80;
+ }
+ else
+ {
+ buf[0]|=(3<<(bit-1));
+ }
}
else
{
- buf[0]|=(3<<(bit-1));
- buf[0]&= ~(mask<<1);
+ buf[0]|=(1<<bit);
}
}
- else
- {
- buf[0]|=(1<<bit);
- buf[0]&= ~(mask<<1);
- }
- if (bottom) /* set bottom bits to whatever odd is */
+ buf[0] &= ~mask;
+ if (bottom) /* set bottom bit if requested */
buf[bytes-1]|=1;
if (!BN_bin2bn(buf,bytes,rnd)) goto err;
ret=1;
{
return bnrand(1, rnd, bits, top, bottom);
}
+
+#if 1
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+ {
+ return bnrand(2, rnd, bits, top, bottom);
+ }
+#endif
+
+/* random number r: 0 <= r < range */
+int BN_rand_range(BIGNUM *r, BIGNUM *range)
+ {
+ int n;
+
+ if (range->neg || BN_is_zero(range))
+ {
+ BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+ return 0;
+ }
+
+ n = BN_num_bits(range); /* n > 0 */
+
+ if (n == 1)
+ {
+ if (!BN_zero(r)) return 0;
+ }
+ else if (BN_is_bit_set(range, n - 2))
+ {
+ do
+ {
+ /* range = 11..._2, so each iteration succeeds with probability >= .75 */
+ if (!BN_rand(r, n, -1, 0)) return 0;
+ }
+ while (BN_cmp(r, range) >= 0);
+ }
+ else
+ {
+ /* range = 10..._2,
+ * so 3*range (= 11..._2) is exactly one bit longer than range */
+ do
+ {
+ if (!BN_rand(r, n + 1, -1, 0)) return 0;
+ /* If r < 3*range, use r := r MOD range
+ * (which is either r, r - range, or r - 2*range).
+ * Otherwise, iterate once more.
+ * Since 3*range = 11..._2, each iteration succeeds with
+ * probability >= .75. */
+ if (BN_cmp(r ,range) >= 0)
+ {
+ if (!BN_sub(r, r, range)) return 0;
+ if (BN_cmp(r, range) >= 0)
+ if (!BN_sub(r, r, range)) return 0;
+ }
+ }
+ while (BN_cmp(r, range) >= 0);
+ }
+
+ return 1;
+ }
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/* crypto/dh/dh_check.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+/* Check that p is a safe prime and
+ * if g is 2, 3 or 5, check that is is a suitable generator
+ * where
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5
+ * for 5, p mod 10 == 3 or 7
+ * should hold.
+ */
+
+int DH_check(DH *dh, int *ret)
+ {
+ int ok=0;
+ BN_CTX *ctx=NULL;
+ BN_ULONG l;
+ BIGNUM *q=NULL;
+
+ *ret=0;
+ ctx=BN_CTX_new();
+ if (ctx == NULL) goto err;
+ q=BN_new();
+ if (q == NULL) goto err;
+
+ if (BN_is_word(dh->g,DH_GENERATOR_2))
+ {
+ l=BN_mod_word(dh->p,24);
+ if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
+ }
+#if 0
+ else if (BN_is_word(dh->g,DH_GENERATOR_3))
+ {
+ l=BN_mod_word(dh->p,12);
+ if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
+ }
+#endif
+ else if (BN_is_word(dh->g,DH_GENERATOR_5))
+ {
+ l=BN_mod_word(dh->p,10);
+ if ((l != 3) && (l != 7))
+ *ret|=DH_NOT_SUITABLE_GENERATOR;
+ }
+ else
+ *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
+
+ if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
+ *ret|=DH_CHECK_P_NOT_PRIME;
+ else
+ {
+ if (!BN_rshift1(q,dh->p)) goto err;
+ if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
+ *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
+ }
+ ok=1;
+err:
+ if (ctx != NULL) BN_CTX_free(ctx);
+ if (q != NULL) BN_free(q);
+ return(ok);
+ }
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/* crypto/dh/dh_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/dh.h>
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA DH_str_functs[]=
+ {
+{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0), "DHparams_print"},
+{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0), "DHparams_print_fp"},
+{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"},
+{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"},
+{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"},
+{ERR_PACK(0,DH_F_DH_NEW,0), "DH_new"},
+{0,NULL}
+ };
+
+static ERR_STRING_DATA DH_str_reasons[]=
+ {
+{DH_R_NO_PRIVATE_VALUE ,"no private value"},
+{0,NULL}
+ };
+
+#endif
+
+void ERR_load_DH_strings(void)
+ {
+ static int init=1;
+
+ if (init)
+ {
+ init=0;
+#ifndef NO_ERR
+ ERR_load_strings(ERR_LIB_DH,DH_str_functs);
+ ERR_load_strings(ERR_LIB_DH,DH_str_reasons);
+#endif
+
+ }
+ }
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/* crypto/dh/dh_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+/* We generate DH parameters as follows
+ * find a prime q which is prime_len/2 bits long.
+ * p=(2*q)+1 or (p-1)/2 = q
+ * For this case, g is a generator if
+ * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
+ * Since the factors of p-1 are q and 2, we just need to check
+ * g^2 mod p != 1 and g^q mod p != 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
+ * for 5, p mod 10 == 3 or 7
+ *
+ * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
+ * special generators and for answering some of my questions.
+ *
+ * I've implemented the second simple method :-).
+ * Since DH should be using a safe prime (both p and q are prime),
+ * this generator function can take a very very long time to run.
+ */
+
+DH *DH_generate_parameters(int prime_len, int generator,
+ void (*callback)(int,int,void *), void *cb_arg)
+ {
+ BIGNUM *p=NULL,*t1,*t2;
+ DH *ret=NULL;
+ int g,ok= -1;
+ BN_CTX *ctx=NULL;
+
+ ret=DH_new();
+ if (ret == NULL) goto err;
+ ctx=BN_CTX_new();
+ if (ctx == NULL) goto err;
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ t2 = BN_CTX_get(ctx);
+ if (t1 == NULL || t2 == NULL) goto err;
+
+ if (generator == DH_GENERATOR_2)
+ {
+ BN_set_word(t1,24);
+ BN_set_word(t2,11);
+ g=2;
+ }
+#ifdef undef /* does not work for safe primes */
+ else if (generator == DH_GENERATOR_3)
+ {
+ BN_set_word(t1,12);
+ BN_set_word(t2,5);
+ g=3;
+ }
+#endif
+ else if (generator == DH_GENERATOR_5)
+ {
+ BN_set_word(t1,10);
+ BN_set_word(t2,3);
+ /* BN_set_word(t3,7); just have to miss
+ * out on these ones :-( */
+ g=5;
+ }
+ else
+ g=generator;
+
+ p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
+ if (p == NULL) goto err;
+ if (callback != NULL) callback(3,0,cb_arg);
+ ret->p=p;
+ ret->g=BN_new();
+ if (!BN_set_word(ret->g,g)) goto err;
+ ok=1;
+err:
+ if (ok == -1)
+ {
+ DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB);
+ ok=0;
+ }
+
+ if (ctx != NULL)
+ {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (!ok && (ret != NULL))
+ {
+ DH_free(ret);
+ ret=NULL;
+ }
+ return(ret);
+ }
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/* crypto/dh/dh_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/dh.h>
+
+static int generate_key(DH *dh);
+static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+static int dh_init(DH *dh);
+static int dh_finish(DH *dh);
+
+int DH_generate_key(DH *dh)
+ {
+ return dh->meth->generate_key(dh);
+ }
+
+int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
+ {
+ return dh->meth->compute_key(key, pub_key, dh);
+ }
+
+static DH_METHOD dh_ossl = {
+"OpenSSL DH Method",
+generate_key,
+compute_key,
+dh_bn_mod_exp,
+dh_init,
+dh_finish,
+0,
+NULL
+};
+
+DH_METHOD *DH_OpenSSL(void)
+{
+ return &dh_ossl;
+}
+
+static int generate_key(DH *dh)
+ {
+ int ok=0;
+ BN_CTX ctx;
+ BN_MONT_CTX *mont;
+ BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+ BN_CTX_init(&ctx);
+
+ if (dh->priv_key == NULL)
+ {
+ priv_key=BN_new();
+ if (priv_key == NULL) goto err;
+ do
+ if (!BN_rand_range(priv_key, dh->p)) goto err;
+ while (BN_is_zero(priv_key));
+ }
+ else
+ priv_key=dh->priv_key;
+
+ if (dh->pub_key == NULL)
+ {
+ pub_key=BN_new();
+ if (pub_key == NULL) goto err;
+ }
+ else
+ pub_key=dh->pub_key;
+
+ if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+ {
+ if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+ if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
+ dh->p,&ctx)) goto err;
+ }
+ mont=(BN_MONT_CTX *)dh->method_mont_p;
+
+ if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
+ goto err;
+
+ dh->pub_key=pub_key;
+ dh->priv_key=priv_key;
+ ok=1;
+err:
+ if (ok != 1)
+ DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
+
+ if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key);
+ if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
+ BN_CTX_free(&ctx);
+ return(ok);
+ }
+
+static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
+ {
+ BN_CTX ctx;
+ BN_MONT_CTX *mont;
+ BIGNUM *tmp;
+ int ret= -1;
+
+ BN_CTX_init(&ctx);
+ BN_CTX_start(&ctx);
+ tmp = BN_CTX_get(&ctx);
+
+ if (dh->priv_key == NULL)
+ {
+ DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
+ goto err;
+ }
+ if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+ {
+ if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+ if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
+ dh->p,&ctx)) goto err;
+ }
+
+ mont=(BN_MONT_CTX *)dh->method_mont_p;
+ if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
+ {
+ DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
+ goto err;
+ }
+
+ ret=BN_bn2bin(tmp,key);
+err:
+ BN_CTX_end(&ctx);
+ BN_CTX_free(&ctx);
+ return(ret);
+ }
+
+static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+ {
+ if (a->top == 1)
+ {
+ BN_ULONG A = a->d[0];
+ return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
+ }
+ else
+ return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
+ }
+
+
+static int dh_init(DH *dh)
+ {
+ dh->flags |= DH_FLAG_CACHE_MONT_P;
+ return(1);
+ }
+
+static int dh_finish(DH *dh)
+ {
+ if(dh->method_mont_p)
+ BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
+ return(1);
+ }
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/* crypto/dh/dh_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+
+static DH_METHOD *default_DH_method;
+static int dh_meth_num = 0;
+static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
+
+void DH_set_default_method(DH_METHOD *meth)
+{
+ default_DH_method = meth;
+}
+
+DH_METHOD *DH_get_default_method(void)
+{
+ if(!default_DH_method) default_DH_method = DH_OpenSSL();
+ return default_DH_method;
+}
+
+DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
+{
+ DH_METHOD *mtmp;
+ mtmp = dh->meth;
+ if (mtmp->finish) mtmp->finish(dh);
+ dh->meth = meth;
+ if (meth->init) meth->init(dh);
+ return mtmp;
+}
+
+DH *DH_new(void)
+{
+ return DH_new_method(NULL);
+}
+
+DH *DH_new_method(DH_METHOD *meth)
+ {
+ DH *ret;
+ ret=(DH *)Malloc(sizeof(DH));
+
+ if (ret == NULL)
+ {
+ DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ if(meth) ret->meth = meth;
+ else ret->meth = DH_get_default_method();
+ ret->pad=0;
+ ret->version=0;
+ ret->p=NULL;
+ ret->g=NULL;
+ ret->length=0;
+ ret->pub_key=NULL;
+ ret->priv_key=NULL;
+ ret->q=NULL;
+ ret->j=NULL;
+ ret->seed = NULL;
+ ret->seedlen = 0;
+ ret->counter = NULL;
+ ret->method_mont_p=NULL;
+ ret->references = 1;
+ ret->flags=ret->meth->flags;
+ CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+ {
+ CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
+ Free(ret);
+ ret=NULL;
+ }
+ return(ret);
+ }
+
+void DH_free(DH *r)
+ {
+ int i;
+ if(r == NULL) return;
+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
+#ifdef REF_PRINT
+ REF_PRINT("DH",r);
+#endif
+ if (i > 0) return;
+#ifdef REF_CHECK
+ if (i < 0)
+ {
+ fprintf(stderr,"DH_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ if(r->meth->finish) r->meth->finish(r);
+
+ CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
+
+ if (r->p != NULL) BN_clear_free(r->p);
+ if (r->g != NULL) BN_clear_free(r->g);
+ if (r->q != NULL) BN_clear_free(r->q);
+ if (r->j != NULL) BN_clear_free(r->j);
+ if (r->seed) Free(r->seed);
+ if (r->counter != NULL) BN_clear_free(r->counter);
+ if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+ if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+ Free(r);
+ }
+
+int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+ {
+ dh_meth_num++;
+ return(CRYPTO_get_ex_new_index(dh_meth_num-1,
+ &dh_meth,argl,argp,new_func,dup_func,free_func));
+ }
+
+int DH_set_ex_data(DH *d, int idx, void *arg)
+ {
+ return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
+ }
+
+void *DH_get_ex_data(DH *d, int idx)
+ {
+ return(CRYPTO_get_ex_data(&d->ex_data,idx));
+ }
+
+int DH_size(DH *dh)
+ {
+ return(BN_num_bytes(dh->p));
+ }
void BN_CTX_end(BN_CTX *ctx);
int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG);
BIGNUM *BN_new(void);
const BIGNUM *m,BN_CTX *ctx);
int BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx);
int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
#define BN_F_BN_DIV 107
#define BN_F_BN_EXPAND2 108
#define BN_F_BN_MOD_EXP_MONT 109
+#define BN_F_BN_MOD_EXP_MONT_WORD 117
#define BN_F_BN_MOD_INVERSE 110
#define BN_F_BN_MOD_MUL_RECIPROCAL 111
#define BN_F_BN_MPI2BN 112
#define BN_F_BN_NEW 113
#define BN_F_BN_RAND 114
+#define BN_F_BN_RAND_RANGE 122
#define BN_F_BN_USUB 115
/* Reason codes. */
#define BN_R_ENCODING_ERROR 104
#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105
#define BN_R_INVALID_LENGTH 106
+#define BN_R_INVALID_RANGE 115
#define BN_R_NOT_INITIALIZED 107
#define BN_R_NO_INVERSE 108
#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/* crypto/dh/dh.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_DH_H
+#define HEADER_DH_H
+
+#ifdef NO_DH
+#error DH is disabled.
+#endif
+
+#ifndef NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+
+#define DH_FLAG_CACHE_MONT_P 0x01
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct dh_st DH;
+
+typedef struct dh_method {
+ const char *name;
+ /* Methods here */
+ int (*generate_key)(DH *dh);
+ int (*compute_key)(unsigned char *key,BIGNUM *pub_key,DH *dh);
+ int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx); /* Can be null */
+
+ int (*init)(DH *dh);
+ int (*finish)(DH *dh);
+ int flags;
+ char *app_data;
+} DH_METHOD;
+
+struct dh_st
+ {
+ /* This first argument is used to pick up errors when
+ * a DH is passed instead of a EVP_PKEY */
+ int pad;
+ int version;
+ BIGNUM *p;
+ BIGNUM *g;
+ int length; /* optional */
+ BIGNUM *pub_key; /* g^x */
+ BIGNUM *priv_key; /* x */
+
+ int flags;
+ char *method_mont_p;
+ /* Place holders if we want to do X9.42 DH */
+ BIGNUM *q;
+ BIGNUM *j;
+ unsigned char *seed;
+ int seedlen;
+ BIGNUM *counter;
+
+ int references;
+ CRYPTO_EX_DATA ex_data;
+ DH_METHOD *meth;
+ };
+
+#define DH_GENERATOR_2 2
+/* #define DH_GENERATOR_3 3 */
+#define DH_GENERATOR_5 5
+
+/* DH_check error codes */
+#define DH_CHECK_P_NOT_PRIME 0x01
+#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
+#define DH_UNABLE_TO_CHECK_GENERATOR 0x04
+#define DH_NOT_SUITABLE_GENERATOR 0x08
+
+/* primes p where (p-1)/2 is prime too are called "safe"; we define
+ this for backward compatibility: */
+#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
+
+#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \
+ (char *(*)())d2i_DHparams,(char *)(x))
+#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+ (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
+#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
+ (unsigned char *)(x))
+#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
+ (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
+#ifdef __cplusplus
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \
+ (unsigned char *)(x))
+#else
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
+ (unsigned char *)(x))
+#endif
+
+DH_METHOD *DH_OpenSSL(void);
+
+void DH_set_default_method(DH_METHOD *meth);
+DH_METHOD *DH_get_default_method(void);
+DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
+DH *DH_new_method(DH_METHOD *meth);
+
+DH * DH_new(void);
+void DH_free(DH *dh);
+int DH_size(DH *dh);
+int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int DH_set_ex_data(DH *d, int idx, void *arg);
+void *DH_get_ex_data(DH *d, int idx);
+DH * DH_generate_parameters(int prime_len,int generator,
+ void (*callback)(int,int,void *),void *cb_arg);
+int DH_check(DH *dh,int *codes);
+int DH_generate_key(DH *dh);
+int DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh);
+DH * d2i_DHparams(DH **a,unsigned char **pp, long length);
+int i2d_DHparams(DH *a,unsigned char **pp);
+#ifndef NO_FP_API
+int DHparams_print_fp(FILE *fp, DH *x);
+#endif
+#ifndef NO_BIO
+int DHparams_print(BIO *bp, DH *x);
+#else
+int DHparams_print(char *bp, DH *x);
+#endif
+void ERR_load_DH_strings(void );
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the DH functions. */
+
+/* Function codes. */
+#define DH_F_DHPARAMS_PRINT 100
+#define DH_F_DHPARAMS_PRINT_FP 101
+#define DH_F_DH_COMPUTE_KEY 102
+#define DH_F_DH_GENERATE_KEY 103
+#define DH_F_DH_GENERATE_PARAMETERS 104
+#define DH_F_DH_NEW 105
+
+/* Reason codes. */
+#define DH_R_NO_PRIVATE_VALUE 100
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
*/
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
/*
* opensslconf.h - hand-rolled config #defines for openssl code used in AppleCSP
* Written by Doug Mitchell 4/3/2001
*/
#define _OPENSSL_APPLE_CDSA_ 1
-#define NO_DH 1
#define NO_MD5 1
#define NO_RIPEMD 1
#define NO_DES 1
snaccAlgId.parameters->value = cbuf;
}
+/*
+ * int --> BigIntegerStr
+ */
+void snaccIntToBigIntegerStr(
+ int i,
+ BigIntegerStr &bigInt)
+{
+ char c[4];
+ int dex;
+ int numChars;
+
+ if(i >= 0x1000000) {
+ numChars = 4;
+ }
+ else if(i > 0x10000) {
+ numChars = 3;
+ }
+ else if(i > 0x100) {
+ numChars = 2;
+ }
+ else {
+ numChars = 1;
+ }
+ /* i ==> DER */
+ for(dex=numChars-1; dex>=0; dex--) {
+ c[dex] = i & 0xff;
+ i >>= 8;
+ }
+
+ bigInt.ReSet(c, 4);
+}
/*
* Replacements for d2i_RSAPublicKey, etc.
}
return 0;
}
+
+CSSM_RETURN DHPrivateKeyDecode(
+ DH *openKey,
+ unsigned char *p,
+ unsigned length)
+{
+ DHPrivateKey snaccPrivKey;
+ CssmData cData(p, length);
+ try {
+ SC_decodeAsnObj(cData, snaccPrivKey);
+ }
+ catch(...) {
+ return CSSMERR_CSP_INVALID_KEY;
+ }
+
+ /* verify alg identifier */
+ if(snaccPrivKey.dHOid != dhKeyAgreement) {
+ sslSnaccDebug("DHPrivateKeyDecode: bad privateKeyAlgorithm");
+ return CSSMERR_CSP_ALGID_MISMATCH;
+ }
+
+ DHParameter *params = snaccPrivKey.params;
+ if(params == NULL) {
+ /* not optional */
+ sslSnaccDebug("DHPrivateKeyDecode: missing key params");
+ return CSSMERR_CSP_INVALID_KEY;
+ }
+
+ /* convert snaccPrivKey fields to DH key fields */
+ try {
+ openKey->priv_key = bigIntStrToBn(snaccPrivKey.secretPart);
+ openKey->p = bigIntStrToBn(params->prime);
+ openKey->g = bigIntStrToBn(params->base);
+ /* TBD - ignore privateValueLength for now */
+ }
+ catch(...) {
+ /* FIXME - bad sig? memory? */
+ return CSSMERR_CSP_MEMORY_ERROR;
+ }
+ return 0;
+}
+
+CSSM_RETURN DHPrivateKeyEncode(
+ DH *openKey,
+ CssmOwnedData &encodedKey)
+{
+ /* First convert into a snacc-style private key */
+ DHPrivateKey snaccPrivKey;
+ snaccPrivKey.params = new DHParameter;
+ DHParameter *params = snaccPrivKey.params;
+
+ try {
+ snaccPrivKey.dHOid.Set(dhKeyAgreement_arc);
+ bnToBigIntStr(openKey->priv_key, snaccPrivKey.secretPart);
+ bnToBigIntStr(openKey->p, params->prime);
+ bnToBigIntStr(openKey->g, params->base);
+ if(openKey->length) {
+ /* actually currently not supported */
+ params->privateValueLength = new BigIntegerStr();
+ snaccIntToBigIntegerStr(openKey->length, *params->privateValueLength);
+ }
+ }
+ catch(...) {
+ /* ? */
+ return CSSMERR_CSP_MEMORY_ERROR;
+ }
+
+ /* conservative guess for max size of encoded key */
+ unsigned maxSize = sizeofBigInt(snaccPrivKey.secretPart) +
+ sizeofBigInt(params->prime) +
+ sizeofBigInt(params->base) +
+ 60; // includes dHOid, tags, lenghts
+ if(openKey->length) {
+ maxSize += sizeofBigInt(*params->privateValueLength);
+ }
+
+ /* DER encode */
+ try {
+ SC_encodeAsnObj(snaccPrivKey, encodedKey, maxSize);
+ }
+ catch(...) {
+ /* ? */
+ return CSSMERR_CSP_MEMORY_ERROR;
+ }
+ return 0;
+}
+
#include <openssl/rsa.h>
#include <openssl/dsa.h>
+#include <openssl/dh.h>
#include <Security/cssmtype.h>
#include <Security/cssmdata.h>
#include <Security/asn-incl.h>
unsigned sizeofBigInt(
BigIntegerStr &bigInt);
+/*
+ * int --> BigIntegerStr
+ */
+void snaccIntToBigIntegerStr(
+ int i,
+ BigIntegerStr &bigInt);
+
/*
* Replacements for d2i_RSAPublicKey, etc.
*/
const void *p,
unsigned length);
+CSSM_RETURN DHPrivateKeyDecode(
+ DH *openKey,
+ unsigned char *p,
+ unsigned length);
+CSSM_RETURN DHPrivateKeyEncode(
+ DH *openKey,
+ CssmOwnedData &encodedKey);
+
#ifdef __cplusplus
}
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/sha.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
#include <Security/debugging.h>
#include <Security/cssmerr.h>
#include "opensslUtils.h"
return md;
}
+void throwRsaDsa(
+ const char *op)
+{
+ unsigned long e = logSslErrInfo(op);
+ CSSM_RETURN cerr = CSSM_OK;
+
+ /* try to parse into something meaningful */
+ int reason = ERR_GET_REASON(e);
+ int lib = ERR_GET_LIB(e);
+
+ /* first try the global ones */
+ switch(reason) {
+ case ERR_R_MALLOC_FAILURE:
+ cerr = CSSMERR_CSP_MEMORY_ERROR; break;
+ case ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED:
+ /* internal */ break;
+ case ERR_R_PASSED_NULL_PARAMETER:
+ cerr = CSSMERR_CSP_INVALID_POINTER; break;
+ case ERR_R_NESTED_ASN1_ERROR:
+ case ERR_R_BAD_ASN1_OBJECT_HEADER:
+ case ERR_R_BAD_GET_ASN1_OBJECT_CALL:
+ case ERR_R_EXPECTING_AN_ASN1_SEQUENCE:
+ case ERR_R_ASN1_LENGTH_MISMATCH:
+ case ERR_R_MISSING_ASN1_EOS:
+ /* ASN - shouldn't happen, right? */
+ cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
+ default:
+ break;
+ }
+ if(cerr != CSSM_OK) {
+ CssmError::throwMe(cerr);
+ }
+
+ /* now the lib-specific ones */
+ switch(lib) {
+ case ERR_R_BN_LIB:
+ /* all indicate serious internal error...right? */
+ cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
+ case ERR_R_RSA_LIB:
+ switch(reason) {
+ case RSA_R_ALGORITHM_MISMATCH:
+ cerr = CSSMERR_CSP_ALGID_MISMATCH; break;
+ case RSA_R_BAD_SIGNATURE:
+ cerr = CSSMERR_CSP_VERIFY_FAILED; break;
+ case RSA_R_DATA_TOO_LARGE:
+ case RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:
+ case RSA_R_DATA_TOO_SMALL:
+ case RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE:
+ case RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY:
+ cerr = CSSMERR_CSP_INPUT_LENGTH_ERROR; break;
+ case RSA_R_KEY_SIZE_TOO_SMALL:
+ cerr = CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH; break;
+ case RSA_R_PADDING_CHECK_FAILED:
+ cerr = CSSMERR_CSP_INVALID_DATA; break;
+ case RSA_R_RSA_OPERATIONS_NOT_SUPPORTED:
+ cerr = CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED; break;
+ case RSA_R_UNKNOWN_ALGORITHM_TYPE:
+ cerr = CSSMERR_CSP_INVALID_ALGORITHM; break;
+ case RSA_R_WRONG_SIGNATURE_LENGTH:
+ cerr = CSSMERR_CSP_VERIFY_FAILED; break;
+ default:
+ cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
+ }
+ break;
+ case ERR_R_DSA_LIB:
+ switch(reason) {
+ case DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:
+ cerr = CSSMERR_CSP_INPUT_LENGTH_ERROR; break;
+ default:
+ cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
+ }
+ break;
+ case ERR_R_DH_LIB:
+ /* actually none of the DH errors make sense at the CDSA level */
+ cerr = CSSMERR_CSP_INTERNAL_ERROR;
+ break;
+ default:
+ cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
+ }
+ CssmError::throwMe(cerr);
+}
+
+/*
+ * given an openssl-style error, throw appropriate CssmError.
+ */
+void throwOpensslErr(int irtn)
+{
+ /* FIXME */
+ CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
+}
+
unsigned long logSslErrInfo(const char *op);
+void throwRsaDsa(
+ const char *op);
+
+/*
+ * given an openssl-style error, throw appropriate CssmError.
+ */
+void throwOpensslErr(
+ int irtn);
+
#ifdef __cplusplus
}
+++ /dev/null
-// !$*UTF8*$!
-{
- archiveVersion = 1;
- classes = {
- };
- objectVersion = 32;
- objects = {
- 01278A2FFEDB186711CD283A = {
- isa = PBXFileReference;
- path = SSContext.cpp;
- refType = 4;
- };
- 01278A30FEDB186711CD283A = {
- isa = PBXFileReference;
- path = SSKey.cpp;
- refType = 4;
- };
- 01278A31FEDB186711CD283A = {
- fileRef = 01278A2FFEDB186711CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 01278A32FEDB186711CD283A = {
- fileRef = 01278A30FEDB186711CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 01278A33FEDB4D5611CD283A = {
- isa = PBXFileReference;
- path = SSFactory.cpp;
- refType = 4;
- };
- 01278A34FEDB4D5611CD283A = {
- isa = PBXFileReference;
- path = SSFactory.h;
- refType = 4;
- };
- 01278A35FEDB4D5611CD283A = {
- fileRef = 01278A34FEDB4D5611CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 01278A36FEDB4D5611CD283A = {
- fileRef = 01278A33FEDB4D5611CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 01278A37FEDB676A11CD283A = {
- isa = PBXFileReference;
- path = SSCSPSession.cpp;
- refType = 4;
- };
- 01278A38FEDB676A11CD283A = {
- isa = PBXFileReference;
- path = SSCSPSession.h;
- refType = 4;
- };
- 01278A39FEDB676A11CD283A = {
- fileRef = 01278A38FEDB676A11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 01278A3AFEDB676A11CD283A = {
- fileRef = 01278A37FEDB676A11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 023E3602001F8E8611CD283A = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- OTHER_LDFLAGS = "\U0001-dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Security:$(SYMROOT)/Security.framework/Versions/A/Security\"";
- };
- isa = PBXBuildStyle;
- name = "Build Folder";
- };
- 049EAD58FEF6E7E511CD283A = {
- isa = PBXFileReference;
- path = SSDLSession.cpp;
- refType = 4;
- };
- 049EAD59FEF6E7E511CD283A = {
- isa = PBXFileReference;
- path = SSDLSession.h;
- refType = 4;
- };
- 049EAD5AFEF6E7E511CD283A = {
- fileRef = 049EAD59FEF6E7E511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 049EAD5BFEF6E7E511CD283A = {
- fileRef = 049EAD58FEF6E7E511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 050E4183FEFED76611CD283A = {
- isa = PBXFileReference;
- path = SSDatabase.cpp;
- refType = 4;
- };
- 050E4184FEFED76611CD283A = {
- isa = PBXFileReference;
- path = SSDatabase.h;
- refType = 4;
- };
- 050E4185FEFED76611CD283A = {
- fileRef = 050E4184FEFED76611CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 050E4186FEFED76611CD283A = {
- fileRef = 050E4183FEFED76611CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 089C1669FE841209C02AAC07 = {
- buildStyles = (
- 1B60AA6AFFD84BD911CD296C,
- 1B60AA6BFFD84BD911CD296C,
- 023E3602001F8E8611CD283A,
- );
- isa = PBXProject;
- mainGroup = 089C166AFE841209C02AAC07;
- projectDirPath = .;
- targets = (
- 089C1673FE841209C02AAC07,
- );
- };
- 089C166AFE841209C02AAC07 = {
- children = (
- 08FB77AFFE84173DC02AAC07,
- 089C1671FE841209C02AAC07,
- 19C28FB6FE9D52B211CA2CBB,
- );
- isa = PBXGroup;
- name = CFPlugInBundle;
- refType = 4;
- };
- 089C1671FE841209C02AAC07 = {
- children = (
- 2AD52209FFF3DF1811CD283A,
- );
- isa = PBXGroup;
- name = "External Frameworks and Libraries";
- path = "";
- refType = 3;
- };
- 089C1673FE841209C02AAC07 = {
- buildPhases = (
- 089C1674FE841209C02AAC07,
- 089C1675FE841209C02AAC07,
- 089C1676FE841209C02AAC07,
- 089C1677FE841209C02AAC07,
- 089C1679FE841209C02AAC07,
- );
- buildSettings = {
- DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O2 -fno-inline";
- EXPORTED_SYMBOLS_FILE = cssmplugin.exp;
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security";
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "-O2 -fno-inline";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "-bundle -undefined error -lstdc++";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = AppleCSPDL;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = bundle;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXBundleTarget;
- name = AppleCSPDL;
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/Security";
- productName = AppleCSPDL;
- productReference = 1B60AA69FFD84BD911CD296C;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict>
- <key>CFBundleExecutable</key>
- <string>AppleCSPDL</string>
- <key>CFBundleGetInfoString</key>
- <string></string>
- <key>CFBundleIdentifier</key>
- <string>com.apple.applecspdl</string>
- <key>CFBundleName</key>
- <string>AppleCSPDL</string>
- <key>CFBundlePackageType</key>
- <string>BNDL</string>
- <key>CFBundleShortVersionString</key>
- <string>1.0</string>
- <key>CFBundleSignature</key>
- <string>????</string>
- <key>CFBundleVersion</key>
- <string>AppleCSPDL 1.0</string>
-</dict>
-</plist>
-";
- shouldUseHeadermap = 1;
- };
- 089C1674FE841209C02AAC07 = {
- buildActionMask = 2147483647;
- files = (
- 11996865FF0456D211CD283A,
- 17C156A2FEA7954611CD283A,
- 634531E5FF09563011CD283A,
- 71F5C646FED611A911CD283A,
- 09C51A18FEF19D5311CD283A,
- 01278A39FEDB676A11CD283A,
- 050E4185FEFED76611CD283A,
- 049EAD5AFEF6E7E511CD283A,
- 01278A35FEDB4D5611CD283A,
- 71F5C648FED61A6411CD283A,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 089C1675FE841209C02AAC07 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 089C1676FE841209C02AAC07 = {
- buildActionMask = 2147483647;
- files = (
- 11996866FF0456D211CD283A,
- 17C156A5FEA7954611CD283A,
- 634531E6FF09563011CD283A,
- 01278A31FEDB186711CD283A,
- 09C51A19FEF19D5311CD283A,
- 01278A3AFEDB676A11CD283A,
- 050E4186FEFED76611CD283A,
- 049EAD5BFEF6E7E511CD283A,
- 01278A36FEDB4D5611CD283A,
- 01278A32FEDB186711CD283A,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 089C1677FE841209C02AAC07 = {
- buildActionMask = 2147483647;
- files = (
- 2AD5220AFFF3DF1811CD283A,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 089C1679FE841209C02AAC07 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 08FB77AFFE84173DC02AAC07 = {
- children = (
- 17C1569CFEA7954611CD283A,
- 17C1569DFEA7954611CD283A,
- 17C1569EFEA7954611CD283A,
- 17C1569FFEA7954611CD283A,
- 634531E3FF09563011CD283A,
- 634531E4FF09563011CD283A,
- 01278A2FFEDB186711CD283A,
- 71F5C645FED611A911CD283A,
- 61D315C0FEF05D5211CD283A,
- 61D315C1FEF05D5211CD283A,
- 01278A37FEDB676A11CD283A,
- 01278A38FEDB676A11CD283A,
- 050E4183FEFED76611CD283A,
- 050E4184FEFED76611CD283A,
- 049EAD58FEF6E7E511CD283A,
- 049EAD59FEF6E7E511CD283A,
- 01278A33FEDB4D5611CD283A,
- 01278A34FEDB4D5611CD283A,
- 01278A30FEDB186711CD283A,
- 71F5C647FED61A6411CD283A,
- 1DF71D5EFF310FB211CD283A,
- );
- isa = PBXGroup;
- name = Source;
- refType = 4;
- };
- 09C51A18FEF19D5311CD283A = {
- fileRef = 61D315C1FEF05D5211CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 09C51A19FEF19D5311CD283A = {
- fileRef = 61D315C0FEF05D5211CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 11996865FF0456D211CD283A = {
- fileRef = 17C1569DFEA7954611CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 11996866FF0456D211CD283A = {
- fileRef = 17C1569CFEA7954611CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 17C1569CFEA7954611CD283A = {
- isa = PBXFileReference;
- path = CSPDLDatabase.cpp;
- refType = 4;
- };
- 17C1569DFEA7954611CD283A = {
- isa = PBXFileReference;
- path = CSPDLDatabase.h;
- refType = 4;
- };
- 17C1569EFEA7954611CD283A = {
- isa = PBXFileReference;
- path = CSPDLPlugin.cpp;
- refType = 4;
- };
- 17C1569FFEA7954611CD283A = {
- isa = PBXFileReference;
- path = CSPDLPlugin.h;
- refType = 4;
- };
- 17C156A2FEA7954611CD283A = {
- fileRef = 17C1569FFEA7954611CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 17C156A5FEA7954611CD283A = {
- fileRef = 17C1569EFEA7954611CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 19C28FB6FE9D52B211CA2CBB = {
- children = (
- 1B60AA69FFD84BD911CD296C,
- );
- isa = PBXGroup;
- name = Products;
- refType = 4;
- };
- 1B60AA69FFD84BD911CD296C = {
- isa = PBXBundleReference;
- path = AppleCSPDL.bundle;
- refType = 3;
- };
- 1B60AA6AFFD84BD911CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- };
- isa = PBXBuildStyle;
- name = Development;
- };
- 1B60AA6BFFD84BD911CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = YES;
- };
- isa = PBXBuildStyle;
- name = Deployment;
- };
- 1DF71D5EFF310FB211CD283A = {
- isa = PBXFileReference;
- path = cssmplugin.exp;
- refType = 4;
- };
- 2AD52209FFF3DF1811CD283A = {
- isa = PBXFrameworkReference;
- path = Security.framework;
- refType = 3;
- };
- 2AD5220AFFF3DF1811CD283A = {
- fileRef = 2AD52209FFF3DF1811CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 61D315C0FEF05D5211CD283A = {
- isa = PBXFileReference;
- path = SSCSPDLSession.cpp;
- refType = 4;
- };
- 61D315C1FEF05D5211CD283A = {
- isa = PBXFileReference;
- path = SSCSPDLSession.h;
- refType = 4;
- };
- 634531E3FF09563011CD283A = {
- isa = PBXFileReference;
- path = Schema.cpp;
- refType = 4;
- };
- 634531E4FF09563011CD283A = {
- isa = PBXFileReference;
- path = Schema.h;
- refType = 4;
- };
- 634531E5FF09563011CD283A = {
- fileRef = 634531E4FF09563011CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 634531E6FF09563011CD283A = {
- fileRef = 634531E3FF09563011CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 71F5C645FED611A911CD283A = {
- isa = PBXFileReference;
- path = SSContext.h;
- refType = 4;
- };
- 71F5C646FED611A911CD283A = {
- fileRef = 71F5C645FED611A911CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 71F5C647FED61A6411CD283A = {
- isa = PBXFileReference;
- path = SSKey.h;
- refType = 4;
- };
- 71F5C648FED61A6411CD283A = {
- fileRef = 71F5C647FED61A6411CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- };
- rootObject = 089C1669FE841209C02AAC07;
-}
// Make and break the plugin object
//
CSPDLPlugin::CSPDLPlugin()
+ : mRawCsp(gGuidAppleCSP)
{
}
subserviceType,
attachFlags,
upcalls,
- mSSCSPDLSession);
+ mSSCSPDLSession,
+ mRawCsp);
case CSSM_SERVICE_DL:
return new SSDLSession(handle,
*this,
#include "SSCSPDLSession.h"
#include "CSPDLDatabase.h"
#include "SSFactory.h"
-
+#include <Security/cspclient.h>
#include <Security/cssmplugin.h>
class SSCSPSession;
SSCSPDLSession mSSCSPDLSession;
CSPDLDatabaseManager mDatabaseManager;
SSFactory mSSFactory;
+ CssmClient::CSP mRawCsp; // raw (nonsecure) CSP connection
};
# Created and modified by checkpoint; do not edit
# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:51 mb Exp $
-# $Name: Security-30~1 $
+# $Name: $
ProjectName: AppleCSPDL
ProjectVersion: 15
divert(-1)
changecom(/*, */)
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
{'
divert(2)dnl
// $1 attributes
-static const CSSM_DB_SCHEMA_ATTRIBUTE_INFO $1SchemaAttributeList[] =
+const CSSM_DB_SCHEMA_ATTRIBUTE_INFO $1SchemaAttributeList[] =
{
divert(3)dnl
// $1 indices
-static const CSSM_DB_SCHEMA_INDEX_INFO $1SchemaIndexList[] =
+const CSSM_DB_SCHEMA_INDEX_INFO $1SchemaIndexList[] =
{')
define(`endClass',
// SSCSPDLSession -- Security Server CSP session
//
SSCSPDLSession::SSCSPDLSession()
-// @@@ FIXME allocators needs to change.
-: mClientSession(CssmAllocator::standard(), CssmAllocator::standard())
{
}
SSKey &
SSCSPDLSession::lookupKey(const CssmKey &inKey)
{
- if (inKey.blobType() == CSSM_KEYBLOB_REFERENCE)
- return find<SSKey>(inKey);
- else if (inKey.blobType() == CSSM_KEYBLOB_RAW)
- {
- // @@@ How can we deal with this?
+ /* for now we only allow ref keys */
+ if(inKey.blobType() != CSSM_KEYBLOB_REFERENCE) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
}
-
- CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
+
+ /* fetch key (this is just mapping the value in inKey.KeyData to an SSKey) */
+ SSKey &theKey = find<SSKey>(inKey);
+
+ #ifdef someday
+ /*
+ * Make sure caller hasn't changed any crucial header fields.
+ * Some fields were changed by makeReferenceKey, so make a local copy....
+ */
+ CSSM_KEYHEADER localHdr = cssmKey.KeyHeader;
+ get binKey-like thing from SSKey, maybe SSKey should keep a copy of
+ hdr...but that's' not supersecure....;
+
+ localHdr.BlobType = binKey->mKeyHeader.BlobType;
+ localHdr.Format = binKey->mKeyHeader.Format;
+ if(memcmp(&localHdr, &binKey->mKeyHeader, sizeof(CSSM_KEYHEADER))) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ }
+ #endif
+ return theKey;
}
public:
SSCSPDLSession();
- SecurityServer::ClientSession &clientSession() { return mClientSession; }
-
void makeReferenceKey(SSCSPSession &session,
SecurityServer::KeyHandle inKeyHandle,
CssmKey &outKey, SSDatabase &inSSDatabase,
uint32 inKeyAttr, const CssmData *inKeyLabel);
SSKey &lookupKey(const CssmKey &inKey);
-
-private:
- SecurityServer::ClientSession mClientSession;
};
CSSM_SERVICE_TYPE subserviceType,
CSSM_ATTACH_FLAGS attachFlags,
const CSSM_UPCALLS &upcalls,
- SSCSPDLSession &ssCSPDLSession)
+ SSCSPDLSession &ssCSPDLSession,
+ CssmClient::CSP &rawCsp)
: CSPFullPluginSession(handle, plug, version, subserviceId, subserviceType,
attachFlags, upcalls),
mSSCSPDLSession(ssCSPDLSession),
- mSSFactory(plug.mSSFactory)
+ mSSFactory(plug.mSSFactory),
+ mRawCsp(rawCsp),
+ mClientSession(CssmAllocator::standard(), *this)
{
}
CSSM_PRIVILEGE Privilege)
{
SSDatabase database = getDatabase(context);
+ validateKeyAttr(KeyAttr);
const AccessCredentials *cred = NULL;
const AclEntryInput *owner = NULL;
if (CredAndAclEntry)
const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry,
CssmKey &derivedKey)
{
- unimplemented();
+ SSDatabase database = getDatabase(context);
+ validateKeyAttr(keyAttr);
+ const AccessCredentials *cred = NULL;
+ const AclEntryInput *owner = NULL;
+ if (credAndAclEntry)
+ {
+ cred = AccessCredentials::overlay(credAndAclEntry->AccessCred);
+ owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry);
+ }
+
+ /* optional BaseKey */
+ const CssmKey *keyInContext =
+ context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY);
+ KeyHandle contextKeyHandle =
+ keyInContext ? lookupKey(*keyInContext).keyHandle() : noKey;
+ KeyHandle keyHandle;
+ clientSession().deriveKey(database.dbHandle(), context, contextKeyHandle, keyUsage,
+ keyAttr, param, cred, owner, keyHandle, derivedKey.header());
+ makeReferenceKey(keyHandle, derivedKey, database, keyAttr, keyLabel);
}
void
CSSM_PRIVILEGE privilege)
{
SSDatabase database = getDatabase(context);
+ validateKeyAttr(keyAttr);
const AccessCredentials *cred = NULL;
const AclEntryInput *owner = NULL;
if (credAndAclEntry)
CSSM_PRIVILEGE privilege)
{
SSDatabase database = getDatabase(context);
+ validateKeyAttr(publicKeyAttr);
+ validateKeyAttr(privateKeyAttr);
const AccessCredentials *cred = NULL;
const AclEntryInput *owner = NULL;
if (credAndAclEntry)
{
unimplemented();
}
+
+/* Validate requested key attr flags for newly generated keys */
+void SSCSPSession::validateKeyAttr(uint32 reqKeyAttr)
+{
+ if(reqKeyAttr & (CSSM_KEYATTR_RETURN_DATA)) {
+ /* CSPDL only supports reference keys */
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK);
+ }
+ if(reqKeyAttr & (CSSM_KEYATTR_ALWAYS_SENSITIVE |
+ CSSM_KEYATTR_NEVER_EXTRACTABLE)) {
+ /* invalid for any CSP */
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+ }
+ /* There may be more, but we'll leave it to SS and CSP to decide */
+}
+
public:
SSCSPDLSession &mSSCSPDLSession;
SSFactory &mSSFactory;
-
+ CssmClient::CSP &mRawCsp;
+
SSCSPSession(CSSM_MODULE_HANDLE handle,
CSPDLPlugin &plug,
const CSSM_VERSION &version,
CSSM_SERVICE_TYPE subserviceType,
CSSM_ATTACH_FLAGS attachFlags,
const CSSM_UPCALLS &upcalls,
- SSCSPDLSession &ssCSPDLSession);
+ SSCSPDLSession &ssCSPDLSession,
+ CssmClient::CSP &rawCsp);
SecurityServer::ClientSession &clientSession()
- { return mSSCSPDLSession.clientSession(); }
+ { return mClientSession; }
CSPContext *contextCreate(CSSM_CC_HANDLE handle, const Context &context);
#if 0
uint32 PassThroughId,
const void *InData,
void **OutData);
+private:
+ /* Validate requested key attr flags for newly generated keys */
+ void validateKeyAttr(uint32 reqKeyAttr);
+
+ SecurityServer::ClientSession mClientSession;
+
};
#include "SSCSPSession.h"
#include "SSKey.h"
+#include <Security/debugging.h>
+
+#define ssCryptDebug(args...) debug("ssCrypt", ## args)
using namespace SecurityServer;
{
}
+void SSContext::clearOutBuf()
+{
+ if(mOutBuf.Data) {
+ mSession.free(mOutBuf.Data);
+ mOutBuf.clear();
+ }
+}
+
+void SSContext::copyOutBuf(CssmData &out)
+{
+ if(out.length() < mOutBuf.length()) {
+ CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
+ }
+ memmove(out.Data, mOutBuf.Data, mOutBuf.Length);
+ out.Length = mOutBuf.Length;
+ clearOutBuf();
+}
+
void
SSContext::init(const Context &context,
bool /* encoding */) // @@@ should be removed from API since it's already in mDirection
{
mContext = &context;
+ clearOutBuf();
}
SecurityServer::ClientSession &
}
-//
-// SSSignContext -- Context for signing and GenerateMac operations
-//
-SSSignContext::SSSignContext(SSCSPSession &session) : SSContext(session) {}
+// signature contexts
+SSSignatureContext::SSSignatureContext(SSCSPSession &session)
+ : SSContext(session),
+ mKeyHandle(noKey),
+ mNullDigest(NULL),
+ mDigest(NULL)
+{
+ /* nothing else for now */
+}
-void
-SSSignContext::update(const CssmData &data)
+SSSignatureContext::~SSSignatureContext()
{
+ delete mNullDigest;
+ delete mDigest;
}
-size_t
-SSSignContext::outputSize(bool final, size_t inSize)
+void SSSignatureContext::init(const Context &context, bool signing)
{
- return 0;
+ SSContext::init(context, signing);
+
+ /* reusable: skip everything except resetting digest state */
+ if((mNullDigest != NULL) || (mDigest != NULL)) {
+ if(mNullDigest != NULL) {
+ mNullDigest->digestInit();
+ }
+ return;
+ }
+
+ /* snag key from context */
+ const CssmKey &keyInContext =
+ context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
+ CSSMERR_CSP_MISSING_ATTR_KEY);
+ mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
+
+ /* get digest alg and sig alg from Context.algorithm */
+ switch(context.algorithm()) {
+ /*** DSA ***/
+ case CSSM_ALGID_SHA1WithDSA:
+ mDigestAlg = CSSM_ALGID_SHA1;
+ mSigAlg = CSSM_ALGID_DSA;
+ break;
+ case CSSM_ALGID_DSA: // Raw
+ mDigestAlg = CSSM_ALGID_NONE;
+ mSigAlg = CSSM_ALGID_DSA;
+ break;
+ /*** RSA ***/
+ case CSSM_ALGID_SHA1WithRSA:
+ mDigestAlg = CSSM_ALGID_SHA1;
+ mSigAlg = CSSM_ALGID_RSA;
+ break;
+ case CSSM_ALGID_MD5WithRSA:
+ mDigestAlg = CSSM_ALGID_MD5;
+ mSigAlg = CSSM_ALGID_RSA;
+ break;
+ case CSSM_ALGID_MD2WithRSA:
+ mDigestAlg = CSSM_ALGID_MD2;
+ mSigAlg = CSSM_ALGID_RSA;
+ break;
+ case CSSM_ALGID_RSA: // Raw
+ mDigestAlg = CSSM_ALGID_NONE;
+ mSigAlg = CSSM_ALGID_RSA;
+ break;
+ /*** FEE ***/
+ case CSSM_ALGID_FEE_SHA1:
+ mDigestAlg = CSSM_ALGID_SHA1;
+ mSigAlg = CSSM_ALGID_FEE;
+ break;
+ case CSSM_ALGID_FEE_MD5:
+ mDigestAlg = CSSM_ALGID_MD5;
+ mSigAlg = CSSM_ALGID_FEE;
+ break;
+ case CSSM_ALGID_FEE: // Raw
+ mDigestAlg = CSSM_ALGID_NONE;
+ mSigAlg = CSSM_ALGID_FEE;
+ break;
+ /*** ECDSA ***/
+ case CSSM_ALGID_SHA1WithECDSA:
+ mDigestAlg = CSSM_ALGID_SHA1;
+ mSigAlg = CSSM_ALGID_ECDSA;
+ break;
+ case CSSM_ALGID_ECDSA: // Raw
+ mDigestAlg = CSSM_ALGID_NONE;
+ mSigAlg = CSSM_ALGID_ECDSA;
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+
+ /* set up mNullDigest or mDigest */
+ if(mDigestAlg == CSSM_ALGID_NONE) {
+ mNullDigest = new NullDigest();
+ }
+ else {
+ mDigest = new CssmClient::Digest(mSession.mRawCsp, mDigestAlg);
+ }
}
-void
-SSSignContext::final(CssmData &out)
+/*
+ * for raw sign/verify - optionally called after init.
+ * Note that in init (in this case), we set mDigestAlg to ALGID_NONE and set up
+ * a NullDigest. We now overwrite mDigestAlg, and we'll useÊthis
+ * new value when we do the actual sign/vfy.
+ */
+void SSSignatureContext::setDigestAlgorithm(CSSM_ALGORITHMS digestAlg)
+{
+ mDigestAlg = digestAlg;
+}
+
+void SSSignatureContext::update(const CssmData &data)
+{
+ /* Note that for this context, we really can not deal with an out-of-sequence
+ * update --> final(true, 0) --> update since we lose the pending digest state
+ * when we perform the implied final() during outputSize(true, 0). */
+ assert(mOutBuf.Data == NULL);
+
+ /* add incoming data to digest or accumulator */
+ if(mNullDigest) {
+ mNullDigest->digestUpdate(data.data(), data.length());
+ }
+ else {
+ mDigest->digest(data);
+ }
+}
+
+size_t SSSignatureContext::outputSize(bool final, size_t inSize)
{
+ if(!final) {
+ ssCryptDebug("===sig outputSize !final\n");
+ return 0;
+ }
+ if(!encoding()) {
+ ssCryptDebug("===sig outputSize final, !encoding\n");
+ /* don't see why this is even called... */
+ return 0;
+ }
+ if(inSize == 0) {
+ /*
+ * This is the implied signal to go for it. Note that in this case,
+ * we can not go back and re-do the op in case of an unexpected
+ * sequence of update/outputSize(final, 0)/final - we lose the digest
+ * state. Perhaps we should save the digest...? But still it would
+ * be impossible to do another update.
+ */
+ clearOutBuf();
+ sign(mOutBuf);
+ ssCryptDebug("===sig outputSize(pre-op) %u", (unsigned)mOutBuf.Length);
+ return (size_t)mOutBuf.Length;
+ }
+ else {
+ /* out-of-band case, ask CSP via SS */
+ uint32 outSize = clientSession().getOutputSize(*mContext,
+ mKeyHandle,
+ /* FIXME - what to use for inSize here - we don't want to
+ * interrogate mDigest, as that would result in another RPC...
+ * and signature size is not related to input size...right? */
+ inSize,
+ true);
+ ssCryptDebug("===sig outputSize(RPC) %u", (unsigned)outSize);
+ return (size_t)outSize;
+ }
}
+/* sign */
-//
-// SSVerifyContext -- Context for Verify and VerifyMac operations
-//
-SSVerifyContext::SSVerifyContext(SSCSPSession &session) : SSContext(session) {}
+/* first the common routine shared by final and outputSize */
+void SSSignatureContext::sign(CssmData &sig)
+{
+ /* we have to pass down a modified Context, thus.... */
+ Context tempContext = *mContext;
+ tempContext.AlgorithmType = mSigAlg;
+
+ if(mNullDigest) {
+ CssmData dData(const_cast<void *>(mNullDigest->digestPtr()),
+ mNullDigest->digestSizeInBytes());
+ clientSession().generateSignature(tempContext,
+ mKeyHandle,
+ dData,
+ sig,
+ mDigestAlg);
+ }
+ else {
+ clientSession().generateSignature(tempContext,
+ mKeyHandle,
+ (*mDigest)(),
+ sig,
+ mDigestAlg);
+ }
+}
-void
-SSVerifyContext::update(const CssmData &data)
+/* this is the one called by CSPFullPluginSession */
+void SSSignatureContext::final(CssmData &sig)
{
+ if(mOutBuf.Data) {
+ /* normal final case in which the actual RPC via SS was done in the
+ * previous outputSize() call. */
+ ssCryptDebug("===final via pre-op and copy");
+ copyOutBuf(sig);
+ return;
+ }
+
+ ssCryptDebug("===final via RPC");
+ sign(sig);
}
+/* verify */
void
-SSVerifyContext::final(const CssmData &in)
+SSSignatureContext::final(const CssmData &sig)
{
+ /* we have to pass down a modified Context, thus.... */
+ Context tempContext = *mContext;
+ tempContext.AlgorithmType = mSigAlg;
+
+ if(mNullDigest) {
+ CssmData dData(const_cast<void *>(mNullDigest->digestPtr()),
+ mNullDigest->digestSizeInBytes());
+ clientSession().verifySignature(tempContext,
+ mKeyHandle,
+ dData,
+ sig,
+ mDigestAlg);
+ }
+ else {
+ clientSession().verifySignature(tempContext,
+ mKeyHandle,
+ (*mDigest)(),
+ sig,
+ mDigestAlg);
+ }
}
// SSCryptContext -- Context for Encrypt and Decrypt operations
//
SSCryptContext::SSCryptContext(SSCSPSession &session)
-: SSContext(session), mKeyHandle(noKey), mCurrent(0), mCapacity(0),
-mBuffer(NULL)
+ : SSContext(session), mKeyHandle(noKey)
{
+ /* nothing for now */
}
SSCryptContext::~SSCryptContext()
{
- freeBuffer();
-}
-
-void
-SSCryptContext::freeBuffer()
-{
- // @@@ We should probably use CssmAllocator::standard(sensitive) instead of malloc/realloc/free here
- if (mBuffer)
- {
- // Zero out buffer (only on decrypt?)
- if (mCapacity /* && !encoding() */)
- {
- memset(mBuffer, 0, mCapacity);
- }
-
- free(mBuffer);
- mBuffer = NULL;
- mCapacity = 0;
- }
+ /* nothing for now */
}
void
SSCryptContext::init(const Context &context, bool encoding)
{
+ ssCryptDebug("===init");
SSContext::init(context, encoding);
- freeBuffer();
- mCurrent = 0;
- mCapacity = 0;
+ /* reusable; reset accumulator */
+ mNullDigest.digestInit();
const CssmKey &keyInContext =
context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
CSSMERR_CSP_MISSING_ATTR_KEY);
-
- // @@@ Should return SSKey.
mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
}
size_t
SSCryptContext::inputSize(size_t outSize)
{
+ ssCryptDebug("===inputSize outSize=%u", (unsigned)outSize);
return UINT_MAX;
}
size_t
SSCryptContext::outputSize(bool final, size_t inSize)
{
- if (!final)
- {
- mCapacity = mCurrent + inSize;
- mBuffer = realloc(mBuffer, mCapacity);
+ ssCryptDebug("===outputSize final %d inSize=%u", final, (unsigned)inSize);
+ if(!final) {
+ /* we buffer until final; no intermediate output */
return 0;
}
-
- // There should not be any remaining input data left when final is true;
- assert(!inSize);
-
- // Do the actual operation.
- const CssmData in(mBuffer, mCurrent);
- CssmData out;
- if (encoding())
- clientSession().encrypt(*mContext, mKeyHandle, in, out);
- else
- clientSession().decrypt(*mContext, mKeyHandle, in, out);
-
- freeBuffer();
- mBuffer = out.Data;
- mCapacity = out.Length;
- mCurrent = 0;
- return mCapacity;
+ size_t inBufSize = mNullDigest.digestSizeInBytes();
+ if(inSize == 0) {
+ /* This is the implied signal to go for it */
+ clearOutBuf();
+ if(inBufSize == 0) {
+ return 0;
+ }
+ const CssmData in(const_cast<void *>(mNullDigest.digestPtr()), inBufSize);
+ if (encoding()) {
+ clientSession().encrypt(*mContext, mKeyHandle, in, mOutBuf);
+ }
+ else {
+ clientSession().decrypt(*mContext, mKeyHandle, in, mOutBuf);
+ }
+ /* leave the accumulator as is in case of unexpected sequence */
+ ssCryptDebug(" ===outSize(pre-op) %u", (unsigned)mOutBuf.Length);
+ return mOutBuf.Length;
+ }
+ else {
+ /* out-of-band case, ask CSP via SS */
+ uint32 outSize = clientSession().getOutputSize(*mContext,
+ mKeyHandle,
+ inBufSize + inSize,
+ encoding());
+ ssCryptDebug(" ===outSize(RPC) %u", (unsigned)outSize);
+ return (size_t)outSize;
+ }
}
void
SSCryptContext::minimumProgress(size_t &in, size_t &out)
{
- // This should never be called.
- assert(false);
+ in = 1;
+ out = 0;
}
void
SSCryptContext::update(void *inp, size_t &inSize, void *outp, size_t &outSize)
{
+ ssCryptDebug("===update inSize=%u", (unsigned)inSize);
+ /* add incoming data to accumulator */
+ mNullDigest.digestUpdate(inp, inSize);
outSize = 0;
- assert(inSize);
- assert(mCurrent + inSize <= mCapacity);
- memcpy(&reinterpret_cast<uint8 *>(mBuffer)[mCurrent], inp, inSize);
- mCurrent += inSize;
+ clearOutBuf();
}
void
SSCryptContext::final(CssmData &out)
{
- if(!out.Length) return;
- assert(out.Data && out.Length);
- uint32 todo = min(out.Length, mCapacity - mCurrent);
- memcpy(out.Data, &reinterpret_cast<uint8 *>(mBuffer)[mCurrent], todo);
- mCurrent += todo;
- out.Length = todo;
+ if(mOutBuf.Data != NULL) {
+ /* normal final case in which the actual RPC via SS was done in the
+ * previous outputSize() call. A memcpy is needed here because
+ * CSPFullPluginSession has just allocated the buf size we need. */
+ ssCryptDebug("===final via pre-op and copy");
+ copyOutBuf(out);
+ return;
+ }
+
+ /* when is this path taken...? */
+ ssCryptDebug("===final via RPC");
+ size_t inSize = mNullDigest.digestSizeInBytes();
+ if(!inSize) return;
+
+ const CssmData in(const_cast<void *>(mNullDigest.digestPtr()), inSize);
+ unsigned origOutSize = out.length();
+ if (encoding()) {
+ clientSession().encrypt(*mContext, mKeyHandle, in, out);
+ }
+ else {
+ clientSession().decrypt(*mContext, mKeyHandle, in, out);
+ }
+ assert(out.length() <= origOutSize);
+ mNullDigest.digestInit();
+}
- freeBuffer();
+// Digest, using raw CSP
+SSDigestContext::SSDigestContext(SSCSPSession &session)
+ : SSContext(session), mDigest(NULL)
+{
+
}
+SSDigestContext::~SSDigestContext()
+{
+ delete mDigest;
+}
-#if 0
-//
-// SSKeyPairGenContext -- Context for key pair generation
-//
-SSKeyPairGenContext::SSKeyPairGenContext(SSCSPSession &session)
-: SSContext(session) {}
+void SSDigestContext::init(const Context &context, bool encoding)
+{
+ CSSM_ALGORITHMS alg;
+
+ SSContext::init(context, encoding);
+ alg = context.algorithm();
+ mDigest = new CssmClient::Digest(mSession.mRawCsp, alg);
+}
-void
-SSKeyPairGenContext::generate(const Context &context,
- CssmKey &pubKey,
- SSKey *pubBinKey,
- CssmKey &privKey,
- SSKey *privBinKey)
+void SSDigestContext::update(const CssmData &data)
{
+ mDigest->digest(data);
}
-void
-SSKeyPairGenContext::generate(const Context &context,
- SSKey &pubBinKey,
- SSKey &privBinKey,
- uint32 &keySize)
+void SSDigestContext::final(CssmData &out)
{
+ (*mDigest)(out);
}
+size_t SSDigestContext::outputSize(bool final, size_t inSize)
+{
+ if(!final) {
+ return 0;
+ }
+ else {
+ return (size_t)mDigest->getOutputSize(inSize);
+ }
+}
-//
-// SSSymmKeyGenContext -- Context for symmetric key generation
-//
-SSSymmKeyGenContext::SSSymmKeyGenContext(SSCSPSession &session,
- uint32 minSize,
- uint32 maxSize,
- bool byteSized)
-: SSContext(session),
- minSizeInBits(minSize),
- maxSizeInBits(maxSize),
- mustBeByteSized(byteSized)
+// MACContext - common class for MAC generate, verify
+SSMACContext::SSMACContext(SSCSPSession &session)
+ : SSContext(session), mKeyHandle(noKey)
{
+
}
-
-void
-SSSymmKeyGenContext::generateSymKey(const Context &context, CssmKey &cssmKey)
+
+void SSMACContext::init(const Context &context, bool encoding)
{
+ SSContext::init(context, encoding);
+
+ /* reusable; reset accumulator */
+ mNullDigest.digestInit();
+
+ /* snag key from context */
+ const CssmKey &keyInContext =
+ context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY,
+ CSSMERR_CSP_MISSING_ATTR_KEY);
+ mKeyHandle = mSession.lookupKey(keyInContext).keyHandle();
+}
+
+void SSMACContext::update(const CssmData &data)
+{
+ /* add incoming data to accumulator */
+ mNullDigest.digestUpdate(data.data(), data.length());
+}
+
+size_t SSMACContext::outputSize(bool final, size_t inSize)
+{
+ if(!final) {
+ ssCryptDebug("===mac outputSize !final\n");
+ return 0;
+ }
+ if(!encoding()) {
+ ssCryptDebug("===mac outputSize final, !encoding\n");
+ /* don't see why this is even called... */
+ return 0;
+ }
+ if(inSize == 0) {
+ /*
+ * This is the implied signal to go for it.
+ */
+ clearOutBuf();
+ genMac(mOutBuf);
+ ssCryptDebug("===mac outputSize(pre-op) %u", (unsigned)mOutBuf.Length);
+ return (size_t)mOutBuf.Length;
+ }
+ else {
+ /* out-of-band case, ask CSP via SS */
+ uint32 outSize = clientSession().getOutputSize(*mContext,
+ mKeyHandle,
+ inSize + mNullDigest.digestSizeInBytes(),
+ true);
+ ssCryptDebug("===mac outputSize(RPC) %u", (unsigned)outSize);
+ return (size_t)outSize;
+ }
+}
+
+/* generate */
+
+/* first the common routine used by final() and outputSize() */
+void SSMACContext::genMac(CssmData &mac)
+{
+ CssmData allData(const_cast<void *>(mNullDigest.digestPtr()),
+ mNullDigest.digestSizeInBytes());
+ clientSession().generateMac(*mContext, mKeyHandle, allData, mac);
+}
+
+void SSMACContext::final(CssmData &mac)
+{
+ genMac(mac);
+}
+
+/* verify */
+void SSMACContext::final(const CssmData &mac)
+{
+ CssmData allData(const_cast<void *>(mNullDigest.digestPtr()),
+ mNullDigest.digestSizeInBytes());
+ clientSession().verifyMac(*mContext, mKeyHandle, allData, mac);
}
-#endif
#include <Security/CSPsession.h>
#include <Security/SecurityServerClient.h>
+#include <Security/digestobject.h>
+#include <Security/utilities.h>
//
// Parent class for all CSPContexts implemented in this CSP. Currently the
{
public:
SSContext(SSCSPSession &session);
+ ~SSContext() { clearOutBuf(); }
virtual void init(const Context &context, bool encoding);
protected:
SecurityServer::ClientSession &clientSession();
SSCSPSession &mSession;
-
- // We remeber a pointer to the passed in context and assume it will
+
+ // mOutBuf provides a holding tank for implied final() operations
+ // resulting from an outputSize(true, 0). This form of outputSize()
+ // is understood to only occur just prior to the final() call. To avoid
+ // an extra RPC (just to perform the outputSize(), most subclasses of
+ // SSContext actually perform the final() operation at this time,
+ // storing the result in mOutBuf. At final(), mOutBuf() is just copied
+ // to the caller's supplied output buffer.
+ CssmData mOutBuf;
+
+ // We remember a pointer to the passed in context and assume it will
// remain a valid from init(), update() all the way though the call to
// final().
const Context *mContext;
+
+ void clearOutBuf();
+ void copyOutBuf(CssmData &out);
};
-// SSSignContext -- Context for Sign, and GenerateMac operations
-class SSSignContext : public SSContext
+// context for signature (sign and verify)
+class SSSignatureContext : public SSContext
{
public:
- SSSignContext(SSCSPSession &session);
+ SSSignatureContext(SSCSPSession &session);
+ ~SSSignatureContext();
+ virtual void init(const Context &context, bool signing);
virtual void update(const CssmData &data);
virtual size_t outputSize(bool final, size_t inSize);
+
+ /* sign */
+ void sign(CssmData &sig);
virtual void final(CssmData &out);
-};
-
-// SSVerifyContext -- Context for Verify, and VerifyMac operations
-class SSVerifyContext : public SSContext
-{
-public:
- SSVerifyContext(SSCSPSession &session);
- virtual void update(const CssmData &data);
+
+ /* verify */
virtual void final(const CssmData &in);
+
+ /* for raw sign/verify - optionally called after init */
+ virtual void setDigestAlgorithm(CSSM_ALGORITHMS digestAlg);
+
+private:
+ /* stash the context's key for final sign/verify */
+ SecurityServer::KeyHandle mKeyHandle;
+
+ /* alg-dependent, calculated at init time */
+ CSSM_ALGORITHMS mSigAlg; // raw signature alg
+ CSSM_ALGORITHMS mDigestAlg; // digest
+ CSSM_ALGORITHMS mOrigAlg; // caller's context alg
+
+ /* exactly one of these is used to collect updates */
+ NullDigest *mNullDigest;
+ CssmClient::Digest *mDigest;
};
// Context for GenerateRandom operations
virtual void init(const Context &context, bool);
virtual size_t outputSize(bool final, size_t inSize);
virtual void final(CssmData &out);
-
+
private:
- uint32 mOutSize;
+ uint32 mOutSize; // spec'd in context at init() time
};
// Context for Encrypt and Decrypt operations
virtual void final(CssmData &out);
private:
- void freeBuffer();
-
SecurityServer::KeyHandle mKeyHandle;
- uint32 mCurrent;
- uint32 mCapacity;
- void *mBuffer;
+ NullDigest mNullDigest; // accumulator
};
-#if 0
-// Context for key (pair) generation
-class SSKeyGenContext : public SSContext
+// Digest, using raw CSP
+class SSDigestContext : public SSContext
{
public:
- SSKeyGenContext(SSCSPSession &session);
-
- // Subclass implements generate(const Context &, CssmKey &,
- // CssmKey &). That method allocates two subclass-specific
- // SSKeys and calls this method. This will call down to
- // generate(const Context &, SSKey &, SSKey &)
- // and optionally to SSKey::generateKeyBlob.
- void generate(const Context &context,
- CssmKey &pubKey,
- SSKey *pubBinKey,
- CssmKey &privKey,
- SSKey *privBinKey);
+ SSDigestContext(SSCSPSession &session);
+ ~SSDigestContext();
+ virtual void init(const Context &context, bool);
+ virtual void update(const CssmData &data);
+ virtual void final(CssmData &out);
+ virtual size_t outputSize(bool final, size_t inSize);
-protected:
- // @@@ Subclasses must implement this. It cooks up a key pair.
- virtual void generate(const Context &context,
- SSKey &pubBinKey, // valid on successful return
- SSKey &privBinKey, // ditto
- uint32 &keySize); // ditto
+private:
+ CssmClient::Digest *mDigest;
+};
+// common class for MAC generate, verify
+class SSMACContext : public SSContext
+{
public:
- void generateSymKey(const Context &context, CssmKey &outCssmKey);
+ SSMACContext(SSCSPSession &session);
+ virtual void init(const Context &context, bool);
+ virtual void update(const CssmData &data);
+ virtual size_t outputSize(bool final, size_t inSize);
+
+ /* sign */
+ void genMac(CssmData &mac);
+ virtual void final(CssmData &out);
+ /* verify */
+ virtual void final(const CssmData &in);
+
+private:
+ SecurityServer::KeyHandle mKeyHandle;
+ NullDigest mNullDigest; // accumulator
};
-#endif // 0
#endif // _H_SS_CONTEXT
: DLPluginSession(handle, plug, version, subserviceId, subserviceType,
attachFlags, upcalls, databaseManager),
mSSCSPDLSession(ssCSPDLSession),
- mDL(Module(gGuidAppleFileDL, Cssm::standard()))
+ mDL(Module(gGuidAppleFileDL, Cssm::standard())),
+ mClientSession(CssmAllocator::standard(), static_cast<PluginSession &>(*this))
{
// @@@ mDL.allocator(*static_cast<DatabaseSession *>(this));
mDL->allocator(allocator());
const CSSM_NET_ADDRESS *inDbLocation,
const AccessCredentials *inAccessCred)
{
- SSDatabase db(mSSCSPDLSession.clientSession(), mDL, inDbName, inDbLocation);
+ SSDatabase db(mClientSession, mDL, inDbName, inDbLocation);
db->accessCredentials(inAccessCred);
db->deleteDb();
}
const void *inOpenParameters,
CSSM_DB_HANDLE &outDbHandle)
{
- SSDatabase db(mSSCSPDLSession.clientSession(), mDL, inDbName, inDbLocation);
+ SSDatabase db(mClientSession, mDL, inDbName, inDbLocation);
db->dbInfo(&inDBInfo);
db->accessRequest(inAccessRequest);
db->resourceControlContext(inCredAndAclEntry);
const void *inOpenParameters,
CSSM_DB_HANDLE &outDbHandle)
{
- SSDatabase db(mSSCSPDLSession.clientSession(), mDL, inDbName, inDbLocation);
+ SSDatabase db(mClientSession, mDL, inDbName, inDbLocation);
db->accessRequest(inAccessRequest);
db->accessCredentials(inAccessCred);
db->openParameters(inOpenParameters);
{
SSDatabase db = findDbHandle(inDbHandle);
const SSUniqueRecord uniqueId = findSSUniqueRecord(inUniqueRecord);
- CSSM_RETURN result = CSSM_DL_DataGetFromUniqueRecordId(db->handle(), uniqueId, inoutAttributes, inoutData);
+
+ // Setup so we always retrive the attributes even if the client
+ // doesn't want them so we can figure out if we just retrived a key.
+ CSSM_DB_RECORD_ATTRIBUTE_DATA attributes;
+ CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR pAttributes;
+ if (inoutAttributes)
+ pAttributes = inoutAttributes;
+ else
+ {
+ pAttributes = &attributes;
+ memset(pAttributes, 0, sizeof(attributes));
+ }
+
+ CSSM_RETURN result = CSSM_DL_DataGetFromUniqueRecordId(db->handle(),
+ uniqueId, pAttributes, inoutData);
if (result)
CssmError::throwMe(result);
- // @@@ If this is a key do the right thing.
+
+ if (inoutData)
+ {
+ if (pAttributes->DataRecordType == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ || pAttributes->DataRecordType == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ || pAttributes->DataRecordType == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
+ {
+ // This record is a key, do the right thing (tm).
+ // Allocate storage for the key.
+ CssmKey *outKey = allocator().alloc<CssmKey>();
+ new SSKey(*this, *outKey, db, uniqueId, pAttributes->DataRecordType, *inoutData);
+
+ // Free the data we retrived (keyblob)
+ allocator().free(inoutData->Data);
+
+ // Set the length and data on the data we return to the client
+ inoutData->Length = sizeof(*outKey);
+ inoutData->Data = reinterpret_cast<uint8 *>(outKey);
+ }
+ }
}
void
SSCSPDLSession &ssCSPDLSession);
~SSDLSession();
+ SecurityServer::ClientSession &clientSession()
+ { return mClientSession; }
void GetDbNames(CSSM_NAME_LIST_PTR &NameList);
void FreeNameList(CSSM_NAME_LIST &NameList);
void DbDelete(const char *DbName,
SSUniqueRecordMap mSSUniqueRecordMap;
CssmClient::DL mDL;
+ SecurityServer::ClientSession mClientSession;
};
switch (context.type())
{
case CSSM_ALGCLASS_SIGNATURE:
+ cspCtx = new SSSignatureContext(session);
+ return true;
case CSSM_ALGCLASS_MAC:
- cspCtx = encoding ? new SSSignContext(session) : new SSVerifyContext(session);
+ cspCtx = new SSMACContext(session);
+ return true;
+ case CSSM_ALGCLASS_DIGEST:
+ cspCtx = new SSDigestContext(session);
return true;
case CSSM_ALGCLASS_SYMMETRIC:
case CSSM_ALGCLASS_ASYMMETRIC:
SSDatabase &inSSDatabase, uint32 inKeyAttr,
const CssmData *inKeyLabel)
: ReferencedKey(session.mSSCSPDLSession),
-mAllocator(session), mKeyHandle(keyHandle)
+mAllocator(session), mKeyHandle(keyHandle),
+mClientSession(session.clientSession())
{
CssmKey::Header &header = ioKey.header();
if (inKeyAttr & CSSM_KEYATTR_PERMANENT)
CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_DL_DB_HANDLE);
// EncodeKey and store it in the db.
- CssmDataContainer blob(clientSession().returnAllocator);
+ CssmDataContainer blob(mAllocator);
clientSession().encodeKey(keyHandle, blob);
assert(header.HeaderVersion == CSSM_KEYHEADER_VERSION);
CssmData &keyBlob)
: ReferencedKey(session.mSSCSPDLSession),
mAllocator(session.allocator()), mKeyHandle(noKey), mUniqueId(uniqueId),
-mRecordType(recordType)
+mRecordType(recordType),
+mClientSession(session.clientSession())
{
CssmKey::Header &header = ioKey.header();
memset(&header, 0, sizeof(header)); // Clear key header
SecurityServer::ClientSession &
SSKey::clientSession()
{
- return keyPool<SSCSPDLSession>().clientSession();
+ return mClientSession;
}
KeyHandle
if (!mUniqueId || !mUniqueId->database())
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
- CssmDataContainer blob;
+ CssmDataContainer blob(mAllocator);
mUniqueId->get(NULL, &blob);
CssmKey::Header dummyHeader; // @@@ Unused
mKeyHandle =
if (mUniqueId == true)
{
// The key is persistant, make the change on disk.
- CssmDataContainer keyBlob(clientSession().returnAllocator);
+ CssmDataContainer keyBlob(mAllocator);
clientSession().encodeKey(keyHandle(), keyBlob);
mUniqueId->modify(mRecordType, NULL, &keyBlob,
CSSM_DB_MODIFY_ATTRIBUTE_NONE);
if (mUniqueId == true)
{
// The key is persistant, make the change on disk.
- CssmDataContainer keyBlob(clientSession().returnAllocator);
+ CssmDataContainer keyBlob(mAllocator);
clientSession().encodeKey(keyHandle(), keyBlob);
mUniqueId->modify(mRecordType, NULL, &keyBlob,
CSSM_DB_MODIFY_ATTRIBUTE_NONE);
SSDatabase mSSDatabase;
SSUniqueRecord mUniqueId;
CSSM_DB_RECORDTYPE mRecordType;
+ SecurityServer::ClientSession &mClientSession;
};
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>BuiltIn</key>
+ <true/>
+ <key>CDSAVersion</key>
+ <string>2.0</string>
+ <key>Desc</key>
+ <string>Apple built-in CSPDL</string>
+ <key>DynamicFlag</key>
+ <false/>
+ <key>MdsFileDescription</key>
+ <string>Built-in CSPDL Common info</string>
+ <key>MdsFileType</key>
+ <string>PluginCommon</string>
+ <key>ModuleID</key>
+ <string>{87191ca3-0fc9-11d4-849a000502b52122}</string>
+ <key>ModuleName</key>
+ <string>AppleCSPDL</string>
+ <key>MultiThreadFlag</key>
+ <false/>
+ <key>ProductVersion</key>
+ <string>1.0</string>
+ <key>ServiceMask</key>
+ <string>CSSM_SERVICE_CSP | CSSM_SERVICE_DL</string>
+</dict>
+</plist>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>Capabilities</key>
+ <string>file:csp_capabilities_common.mds</string>
+ <key>MdsFileDescription</key>
+ <string>Built-in CSPDL CSP Capabilities</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE</string>
+ <key>ModuleID</key>
+ <string>{87191ca3-0fc9-11d4-849a000502b52122}</string>
+ <key>SSID</key>
+ <integer>0</integer>
+</dict>
+</plist>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PUBLIC_KEY</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT</string>
+ </array>
+ <key>AuthTags</key>
+ <array>
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>CspCustomFlags</key>
+ <integer>0</integer>
+ <key>CspFlags</key>
+ <string>CSSM_CSP_STORES_PRIVATE_KEYS | CSSM_CSP_STORES_PUBLIC_KEYS | CSSM_CSP_STORES_SESSION_KEYS</string>
+ <key>CspType</key>
+ <string>CSSM_CSP_SOFTWARE</string>
+ <key>MdsFileDescription</key>
+ <string>Built-in CSPDL CSP Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE</string>
+ <key>ModuleID</key>
+ <string>{87191ca3-0fc9-11d4-849a000502b52122}</string>
+ <key>ModuleName</key>
+ <string>AppleCSPDL</string>
+ <key>ProductVersion</key>
+ <string>1.0</string>
+ <key>SSID</key>
+ <integer>0</integer>
+ <key>SampleTypes</key>
+ <array>
+ <string>CSSM_SAMPLE_TYPE_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_HASHED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_SIGNED_NONCE</string>
+ <string>CSSM_SAMPLE_TYPE_SIGNED_SECRET</string>
+ <string>CSSM_SAMPLE_TYPE_BIOMETRIC</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_BIOMETRIC</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_BIOMETRIC</string>
+ <string>CSSM_SAMPLE_TYPE_THRESHOLD</string>
+ <string>CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT</string>
+ <string>CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK</string>
+ <string>CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK</string>
+ <string>CSSM_SAMPLE_TYPE_PROCESS</string>
+ <string>CSSM_SAMPLE_TYPE_COMMENT</string>
+ <string>CSSM_SAMPLE_TYPE_RETRY_ID</string>
+ </array>
+ <key>UseeTags</key>
+ <array/>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PUBLIC_KEY</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT</string>
+ </array>
+ <key>AuthTags</key>
+ <array>
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>ConjunctiveOps</key>
+ <array>
+ <string>CSSM_DB_NONE</string>
+ <string>CSSM_DB_AND</string>
+ <string>CSSM_DB_OR</string>
+ </array>
+ <key>DLType</key>
+ <string>CSSM_DL_FFS</string>
+ <key>MdsFileDescription</key>
+ <string>Built-in CSPDL DL Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_DL_PRIMARY_RECORDTYPE</string>
+ <key>ModuleID</key>
+ <string>{87191ca3-0fc9-11d4-849a000502b52122}</string>
+ <key>ModuleName</key>
+ <string>AppleCSPDL</string>
+ <key>ProductVersion</key>
+ <string>1.0</string>
+ <key>QueryLimitsFlag</key>
+ <integer>0</integer>
+ <key>RelationalOps</key>
+ <array>
+ <string>CSSM_DB_EQUAL</string>
+ <string>CSSM_DB_LESS_THAN</string>
+ <string>CSSM_DB_GREATER_THAN</string>
+ <string>CSSM_DB_CONTAINS_FINAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS_INITIAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS</string>
+ <string></string>
+ </array>
+ <key>SSID</key>
+ <integer>1</integer>
+ <key>SampleTypes</key>
+ <array>
+ <string>CSSM_SAMPLE_TYPE_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_HASHED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_SIGNED_NONCE</string>
+ <string>CSSM_SAMPLE_TYPE_SIGNED_SECRET</string>
+ <string>CSSM_SAMPLE_TYPE_BIOMETRIC</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_BIOMETRIC</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_BIOMETRIC</string>
+ <string>CSSM_SAMPLE_TYPE_THRESHOLD</string>
+ <string>CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT</string>
+ <string>CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK</string>
+ <string>CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK</string>
+ <string>CSSM_SAMPLE_TYPE_PROCESS</string>
+ <string>CSSM_SAMPLE_TYPE_COMMENT</string>
+ <string>CSSM_SAMPLE_TYPE_RETRY_ID</string>
+ </array>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
+++ /dev/null
-// !$*UTF8*$!
-{
- archiveVersion = 1;
- classes = {
- };
- objectVersion = 32;
- objects = {
- 023E3605001F8F6B11CD283A = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- OTHER_LDFLAGS = "\U0001-dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Security:$(SYMROOT)/Security.framework/Versions/A/Security\"";
- };
- isa = PBXBuildStyle;
- name = "Build Folder";
- };
- 0FD07C9DFE8A174411CD283A = {
- buildStyles = (
- 1B60AA6DFFD84BFD11CD296C,
- 1B60AA6EFFD84BFD11CD296C,
- 023E3605001F8F6B11CD283A,
- );
- isa = PBXProject;
- mainGroup = 0FD07C9EFE8A174411CD283A;
- projectDirPath = .;
- targets = (
- 0FD07CA2FE8A183A11CD283A,
- );
- };
- 0FD07C9EFE8A174411CD283A = {
- children = (
- 0FD07CAAFE8A18AF11CD283A,
- 2B8B5BBCFFF3E33011CD283A,
- 0FD07CBFFE8A1A0011CD283A,
- );
- isa = PBXGroup;
- refType = 4;
- };
- 0FD07CA2FE8A183A11CD283A = {
- buildPhases = (
- 0FD07CA3FE8A183A11CD283A,
- 0FD07CA4FE8A183A11CD283A,
- 0FD07CA5FE8A183A11CD283A,
- 0FD07CA6FE8A183A11CD283A,
- 0FD07CA7FE8A183A11CD283A,
- );
- buildSettings = {
- DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O2 -fno-inline";
- EXPORTED_SYMBOLS_FILE = cssmplugin.exp;
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security";
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "-O2 -fno-inline";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "-bundle -undefined error -lstdc++";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = AppleFileDL;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = bundle;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXBundleTarget;
- name = AppleFileDL;
- productInstallPath = "\"$(SYSTEM_LIBRARY_DIR)/Security\"";
- productName = AppleFileDL;
- productReference = 1B60AA6CFFD84BFD11CD296C;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict>
- <key>CFBundleExecutable</key>
- <string>AppleFileDL</string>
- <key>CFBundleGetInfoString</key>
- <string></string>
- <key>CFBundleIdentifier</key>
- <string>com.apple.applefiledl</string>
- <key>CFBundleName</key>
- <string>AppleFileDL</string>
- <key>CFBundlePackageType</key>
- <string>BNDL</string>
- <key>CFBundleShortVersionString</key>
- <string>1.0</string>
- <key>CFBundleSignature</key>
- <string>????</string>
- <key>CFBundleVersion</key>
- <string>AppleFileDL 1.0</string>
-</dict>
-</plist>
-";
- shouldUseHeadermap = 1;
- };
- 0FD07CA3FE8A183A11CD283A = {
- buildActionMask = 2147483647;
- files = (
- 2295BBC2FEEF08A311CD28CA,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 0FD07CA4FE8A183A11CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 0FD07CA5FE8A183A11CD283A = {
- buildActionMask = 2147483647;
- files = (
- 2295BBC3FEEF08A311CD28CA,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 0FD07CA6FE8A183A11CD283A = {
- buildActionMask = 2147483647;
- files = (
- 2B8B5BBEFFF3E33011CD283A,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 0FD07CA7FE8A183A11CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 0FD07CAAFE8A18AF11CD283A = {
- children = (
- 2295BBC0FEEF08A311CD28CA,
- 2295BBC1FEEF08A311CD28CA,
- 1DF71D5DFF30EDAB11CD283A,
- 0FD07CB3FE8A18AF11CD283A,
- 0FD07CB4FE8A18AF11CD283A,
- 0FD07CB5FE8A18AF11CD283A,
- );
- isa = PBXGroup;
- name = AppleDL;
- path = "";
- refType = 4;
- };
- 0FD07CB3FE8A18AF11CD283A = {
- isa = PBXFileReference;
- path = FORMAT;
- refType = 4;
- };
- 0FD07CB4FE8A18AF11CD283A = {
- isa = PBXFileReference;
- path = ISSUES;
- refType = 4;
- };
- 0FD07CB5FE8A18AF11CD283A = {
- isa = PBXFileReference;
- path = TODO;
- refType = 4;
- };
- 0FD07CBFFE8A1A0011CD283A = {
- children = (
- 1B60AA6CFFD84BFD11CD296C,
- );
- isa = PBXGroup;
- name = Products;
- path = "";
- refType = 3;
- };
- 1B60AA6CFFD84BFD11CD296C = {
- isa = PBXBundleReference;
- path = AppleFileDL.bundle;
- refType = 3;
- };
- 1B60AA6DFFD84BFD11CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- };
- isa = PBXBuildStyle;
- name = Development;
- };
- 1B60AA6EFFD84BFD11CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = YES;
- };
- isa = PBXBuildStyle;
- name = Deployment;
- };
- 1DF71D5DFF30EDAB11CD283A = {
- isa = PBXFileReference;
- path = cssmplugin.exp;
- refType = 4;
- };
- 2295BBC0FEEF08A311CD28CA = {
- isa = PBXFileReference;
- path = AppleFileDL.cpp;
- refType = 4;
- };
- 2295BBC1FEEF08A311CD28CA = {
- isa = PBXFileReference;
- path = AppleFileDL.h;
- refType = 4;
- };
- 2295BBC2FEEF08A311CD28CA = {
- fileRef = 2295BBC1FEEF08A311CD28CA;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 2295BBC3FEEF08A311CD28CA = {
- fileRef = 2295BBC0FEEF08A311CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 2B8B5BBCFFF3E33011CD283A = {
- children = (
- 2B8B5BBDFFF3E33011CD283A,
- );
- isa = PBXGroup;
- name = "External Frameworks";
- refType = 4;
- };
- 2B8B5BBDFFF3E33011CD283A = {
- isa = PBXFrameworkReference;
- path = Security.framework;
- refType = 3;
- };
- 2B8B5BBEFFF3E33011CD283A = {
- fileRef = 2B8B5BBDFFF3E33011CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- };
- rootObject = 0FD07C9DFE8A174411CD283A;
-}
# Created and modified by checkpoint; do not edit
# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:52 mb Exp $
-# $Name: Security-30~1 $
+# $Name: $
ProjectName: AppleDL
ProjectVersion: 13
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>BuiltIn</key>
+ <true/>
+ <key>CDSAVersion</key>
+ <string>2.0</string>
+ <key>Desc</key>
+ <string>Apple built-in DL</string>
+ <key>DynamicFlag</key>
+ <false/>
+ <key>MdsFileDescription</key>
+ <string>Built-in DL Common info</string>
+ <key>MdsFileType</key>
+ <string>PluginCommon</string>
+ <key>ModuleID</key>
+ <string>{87191ca1-0fc9-11d4-849a000502b52122}</string>
+ <key>ModuleName</key>
+ <string>AppleDL</string>
+ <key>MultiThreadFlag</key>
+ <false/>
+ <key>ProductVersion</key>
+ <string>1.0</string>
+ <key>ServiceMask</key>
+ <string>CSSM_SERVICE_DL</string>
+</dict>
+</plist>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array/>
+ <key>AuthTags</key>
+ <array/>
+ <key>ConjunctiveOps</key>
+ <array>
+ <string>CSSM_DB_NONE</string>
+ <string>CSSM_DB_AND</string>
+ <string>CSSM_DB_OR</string>
+ </array>
+ <key>DLType</key>
+ <string>CSSM_DL_FFS</string>
+ <key>MdsFileDescription</key>
+ <string>Built-in DL Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_DL_PRIMARY_RECORDTYPE</string>
+ <key>ModuleID</key>
+ <string>{87191ca1-0fc9-11d4-849a000502b52122}</string>
+ <key>ModuleName</key>
+ <string>AppleDL</string>
+ <key>ProductVersion</key>
+ <string>1.0</string>
+ <key>QueryLimitsFlag</key>
+ <integer>0</integer>
+ <key>RelationalOps</key>
+ <array>
+ <string>CSSM_DB_EQUAL</string>
+ <string>CSSM_DB_LESS_THAN</string>
+ <string>CSSM_DB_GREATER_THAN</string>
+ <string>CSSM_DB_NOT_EQUAL</string>
+ <string>CSSM_DB_CONTAINS</string>
+ <string>CSSM_DB_CONTAINS_INITIAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS_FINAL_SUBSTRING</string>
+ </array>
+ <key>SSID</key>
+ <integer>0</integer>
+ <key>SampleTypes</key>
+ <array/>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
+++ /dev/null
-// !$*UTF8*$!
-{
- archiveVersion = 1;
- classes = {
- };
- objectVersion = 32;
- objects = {
- 00EDCDFCFF682165D0A17CE7 = {
- isa = PBXFileReference;
- path = CertExtensions.cpp;
- refType = 4;
- };
- 00EDCDFDFF682166D0A17CE7 = {
- fileRef = 00EDCDFCFF682165D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 00EDCDFEFF685DECD0A17CE7 = {
- isa = PBXFileReference;
- path = CertExtensions.h;
- refType = 4;
- };
- 00EDCDFFFF685DECD0A17CE7 = {
- fileRef = 00EDCDFEFF685DECD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0145E217FFEECAE67F000001 = {
- isa = PBXFileReference;
- path = CSPAttacher.h;
- refType = 4;
- };
- 0145E218FFEECAE67F000001 = {
- fileRef = 0145E217FFEECAE67F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0145E219FFEECB7D7F000001 = {
- isa = PBXFileReference;
- path = CSPAttacher.cpp;
- refType = 4;
- };
- 0145E21AFFEECB7D7F000001 = {
- fileRef = 0145E219FFEECB7D7F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 01B9A482FF51F881D0A17CE7 = {
- isa = PBXFileReference;
- path = CertBuilder.cpp;
- refType = 4;
- };
- 01B9A483FF51F881D0A17CE7 = {
- isa = PBXFileReference;
- path = CertBuilder.h;
- refType = 4;
- };
- 01B9A484FF51F882D0A17CE7 = {
- fileRef = 01B9A483FF51F881D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 01B9A485FF51F882D0A17CE7 = {
- fileRef = 01B9A482FF51F881D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 023E3604001F8F3611CD283A = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- OTHER_LDFLAGS = "\U0001-dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Security:$(SYMROOT)/Security.framework/Versions/A/Security\"";
- };
- isa = PBXBuildStyle;
- name = "Build Folder";
- };
- 026EACE1FF4315CCD0A17CE7 = {
- buildStyles = (
- 1C9129D5FFD8583A11CD296C,
- 1C9129D6FFD8583A11CD296C,
- 023E3604001F8F3611CD283A,
- );
- isa = PBXProject;
- mainGroup = 026EACE2FF4315CCD0A17CE7;
- productRefGroup = 026EACE3FF431640D0A17CE7;
- projectDirPath = .;
- targets = (
- 026EACE7FF431640D0A17CE7,
- );
- };
- 026EACE2FF4315CCD0A17CE7 = {
- children = (
- 026EACEDFF431781D0A17CE7,
- 026EACEEFF431781D0A17CE7,
- 01B9A482FF51F881D0A17CE7,
- 01B9A483FF51F881D0A17CE7,
- 00EDCDFCFF682165D0A17CE7,
- 00EDCDFEFF685DECD0A17CE7,
- 04CBC2A4FF487123D0A17CE7,
- 0A8DEDB2FF48916BD0A17CE7,
- 0A8DEDB0FF488BFED0A17CE7,
- 0145E219FFEECB7D7F000001,
- 0145E217FFEECAE67F000001,
- 08D5DEBCFF52F2F3D0A17CE7,
- 08D5DEBEFF52F335D0A17CE7,
- 0A8DEDBAFF49C621D0A17CE7,
- 0A8DEDBBFF49C621D0A17CE7,
- 0A8DEDB6FF499ACAD0A17CE7,
- 23C0B750FF4C5F61D0A17CE7,
- 23C0B751FF4C5F61D0A17CE7,
- 026EACFFFF43462AD0A17CE7,
- 026EAD00FF43462AD0A17CE7,
- 23715C3DFF4C5A26D0A17CE7,
- 23C0B758FF4C6EA0D0A17CE7,
- 23C0B759FF4C6EA0D0A17CE7,
- 026EACFDFF431F36D0A17CE7,
- 35D41EC6FFF3E85F11CD283A,
- 026EACE3FF431640D0A17CE7,
- );
- isa = PBXGroup;
- refType = 4;
- };
- 026EACE3FF431640D0A17CE7 = {
- children = (
- 1C9129D4FFD8583A11CD296C,
- );
- isa = PBXGroup;
- name = Products;
- refType = 4;
- };
- 026EACE7FF431640D0A17CE7 = {
- buildPhases = (
- 026EACE8FF431640D0A17CE7,
- 026EACE9FF431640D0A17CE7,
- 026EACEAFF431640D0A17CE7,
- 026EACEBFF431640D0A17CE7,
- 026EACECFF431640D0A17CE7,
- );
- buildSettings = {
- DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O2 -fno-inline";
- EXPORTED_SYMBOLS_FILE = cssmplugin.exp;
- FRAMEWORK_SEARCH_PATHS = "";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security";
- OPTIMIZATION_CFLAGS = "-O1";
- OTHER_CFLAGS = "-DVDADER_RULES";
- OTHER_LDFLAGS = "-bundle -undefined error -lstdc++";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = AppleX509CL;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-format -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = bundle;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXBundleTarget;
- name = AppleX509CL;
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/Security";
- productName = AppleX509CL;
- productReference = 1C9129D4FFD8583A11CD296C;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict>
- <key>CFBundleDevelopmentRegion</key>
- <string>English</string>
- <key>CFBundleExecutable</key>
- <string>AppleX509CL</string>
- <key>CFBundleGetInfoString</key>
- <string></string>
- <key>CFBundleIconFile</key>
- <string></string>
- <key>CFBundleIdentifier</key>
- <string>com.apple.applex509cl</string>
- <key>CFBundleInfoDictionaryVersion</key>
- <string>6.0</string>
- <key>CFBundleName</key>
- <string>AppleX509CL</string>
- <key>CFBundlePackageType</key>
- <string>BNDL</string>
- <key>CFBundleShortVersionString</key>
- <string>1.0</string>
- <key>CFBundleSignature</key>
- <string>????</string>
- <key>CFBundleVersion</key>
- <string>AppleX509CL 1.0</string>
-</dict>
-</plist>
-";
- shouldUseHeadermap = 1;
- };
- 026EACE8FF431640D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 026EACF5FF431781D0A17CE7,
- 0A8DEDB1FF488BFED0A17CE7,
- 0A8DEDB7FF499ACAD0A17CE7,
- 0A8DEDBCFF49C621D0A17CE7,
- 23C0B752FF4C5F61D0A17CE7,
- 23C0B75AFF4C6EA0D0A17CE7,
- 01B9A484FF51F882D0A17CE7,
- 08D5DEBFFF52F335D0A17CE7,
- 00EDCDFFFF685DECD0A17CE7,
- 0145E218FFEECAE67F000001,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 026EACE9FF431640D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 026EACEAFF431640D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 026EACF7FF431781D0A17CE7,
- 026EACFEFF431F36D0A17CE7,
- 026EAD01FF43462AD0A17CE7,
- 026EAD02FF43462AD0A17CE7,
- 04CBC2A5FF487123D0A17CE7,
- 0A8DEDB3FF48916BD0A17CE7,
- 0A8DEDBDFF49C621D0A17CE7,
- 23715C3EFF4C5A26D0A17CE7,
- 23C0B753FF4C5F61D0A17CE7,
- 23C0B75BFF4C6EA0D0A17CE7,
- 01B9A485FF51F882D0A17CE7,
- 08D5DEBDFF52F2F3D0A17CE7,
- 00EDCDFDFF682166D0A17CE7,
- 0145E21AFFEECB7D7F000001,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 026EACEBFF431640D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 35D41EC8FFF3E85F11CD283A,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 026EACECFF431640D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 026EACEDFF431781D0A17CE7 = {
- isa = PBXFileReference;
- path = AppleX509CL.cpp;
- refType = 4;
- };
- 026EACEEFF431781D0A17CE7 = {
- isa = PBXFileReference;
- path = AppleX509CL.h;
- refType = 4;
- };
- 026EACF5FF431781D0A17CE7 = {
- fileRef = 026EACEEFF431781D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 026EACF7FF431781D0A17CE7 = {
- fileRef = 026EACEDFF431781D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 026EACFDFF431F36D0A17CE7 = {
- isa = PBXFileReference;
- path = cssmplugin.exp;
- refType = 4;
- };
- 026EACFEFF431F36D0A17CE7 = {
- fileRef = 026EACFDFF431F36D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 026EACFFFF43462AD0A17CE7 = {
- isa = PBXFileReference;
- path = Session_Cert.cpp;
- refType = 4;
- };
- 026EAD00FF43462AD0A17CE7 = {
- isa = PBXFileReference;
- path = Session_CRL.cpp;
- refType = 4;
- };
- 026EAD01FF43462AD0A17CE7 = {
- fileRef = 026EACFFFF43462AD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 026EAD02FF43462AD0A17CE7 = {
- fileRef = 026EAD00FF43462AD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 04CBC2A4FF487123D0A17CE7 = {
- isa = PBXFileReference;
- path = CertFields.cpp;
- refType = 4;
- };
- 04CBC2A5FF487123D0A17CE7 = {
- fileRef = 04CBC2A4FF487123D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 08D5DEBCFF52F2F3D0A17CE7 = {
- isa = PBXFileReference;
- path = DecodedCert.cpp;
- refType = 4;
- };
- 08D5DEBDFF52F2F3D0A17CE7 = {
- fileRef = 08D5DEBCFF52F2F3D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 08D5DEBEFF52F335D0A17CE7 = {
- isa = PBXFileReference;
- path = DecodedCert.h;
- refType = 4;
- };
- 08D5DEBFFF52F335D0A17CE7 = {
- fileRef = 08D5DEBEFF52F335D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0A8DEDB0FF488BFED0A17CE7 = {
- isa = PBXFileReference;
- path = CLCachedEntry.h;
- refType = 4;
- };
- 0A8DEDB1FF488BFED0A17CE7 = {
- fileRef = 0A8DEDB0FF488BFED0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0A8DEDB2FF48916BD0A17CE7 = {
- isa = PBXFileReference;
- path = CLCachedEntry.cpp;
- refType = 4;
- };
- 0A8DEDB3FF48916BD0A17CE7 = {
- fileRef = 0A8DEDB2FF48916BD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0A8DEDB6FF499ACAD0A17CE7 = {
- isa = PBXFileReference;
- path = LockedMap.h;
- refType = 4;
- };
- 0A8DEDB7FF499ACAD0A17CE7 = {
- fileRef = 0A8DEDB6FF499ACAD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0A8DEDBAFF49C621D0A17CE7 = {
- isa = PBXFileReference;
- path = debugging.c;
- refType = 4;
- };
- 0A8DEDBBFF49C621D0A17CE7 = {
- isa = PBXFileReference;
- path = debugging.h;
- refType = 4;
- };
- 0A8DEDBCFF49C621D0A17CE7 = {
- fileRef = 0A8DEDBBFF49C621D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0A8DEDBDFF49C621D0A17CE7 = {
- fileRef = 0A8DEDBAFF49C621D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 1C9129D4FFD8583A11CD296C = {
- isa = PBXBundleReference;
- path = AppleX509CL.bundle;
- refType = 3;
- };
- 1C9129D5FFD8583A11CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- };
- isa = PBXBuildStyle;
- name = Development;
- };
- 1C9129D6FFD8583A11CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = YES;
- };
- isa = PBXBuildStyle;
- name = Deployment;
- };
- 23715C3DFF4C5A26D0A17CE7 = {
- isa = PBXFileReference;
- path = Session_Crypto.cpp;
- refType = 4;
- };
- 23715C3EFF4C5A26D0A17CE7 = {
- fileRef = 23715C3DFF4C5A26D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 23C0B750FF4C5F61D0A17CE7 = {
- isa = PBXFileReference;
- path = Session.h;
- refType = 4;
- };
- 23C0B751FF4C5F61D0A17CE7 = {
- isa = PBXFileReference;
- path = Session.cpp;
- refType = 4;
- };
- 23C0B752FF4C5F61D0A17CE7 = {
- fileRef = 23C0B750FF4C5F61D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 23C0B753FF4C5F61D0A17CE7 = {
- fileRef = 23C0B751FF4C5F61D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 23C0B758FF4C6EA0D0A17CE7 = {
- isa = PBXFileReference;
- path = SnaccUtils.cpp;
- refType = 4;
- };
- 23C0B759FF4C6EA0D0A17CE7 = {
- isa = PBXFileReference;
- path = SnaccUtils.h;
- refType = 4;
- };
- 23C0B75AFF4C6EA0D0A17CE7 = {
- fileRef = 23C0B759FF4C6EA0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 23C0B75BFF4C6EA0D0A17CE7 = {
- fileRef = 23C0B758FF4C6EA0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 35D41EC6FFF3E85F11CD283A = {
- children = (
- 35D41EC7FFF3E85F11CD283A,
- );
- isa = PBXGroup;
- name = "External Frameworks";
- path = ../Projects/SecurityX/AppleX509CL;
- refType = 3;
- };
- 35D41EC7FFF3E85F11CD283A = {
- isa = PBXFrameworkReference;
- path = Security.framework;
- refType = 3;
- };
- 35D41EC8FFF3E85F11CD283A = {
- fileRef = 35D41EC7FFF3E85F11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- };
- rootObject = 026EACE1FF4315CCD0A17CE7;
-}
#include "DecodedCert.h"
#include "LockedMap.h"
#include <Security/threading.h>
+#include <Security/cssmapple.h>
class AppleX509CLSession : public CLPluginSession {
void verifyData(
CSSM_CC_HANDLE ccHand,
const CssmData &tbs,
- const CssmData &sig);
-
+ const CssmData &sig);
+
+ /* routines in Session_CSR.cpp */
+ void generateCsr(
+ CSSM_CC_HANDLE CCHandle,
+ const CSSM_APPLE_CL_CSR_REQUEST *csrReq,
+ CSSM_DATA_PTR &csrPtr);
+ void verifyCsr(
+ const CSSM_DATA *csrPtr);
+
/*
* Maps of cached certs, CRLs, and active queries
* This one holds cached certs and CRLs.
if(snaccObj->authorityCertIssuer != NULL) {
/* GeneralNames, the hard one */
cdsaObj->generalNamesPresent = CSSM_TRUE;
- cdsaObj->generalNames = (CE_GeneralNames *)alloc.malloc(sizeof(CE_GeneralName));
+ cdsaObj->generalNames = (CE_GeneralNames *)alloc.malloc(sizeof(CE_GeneralNames));
CL_snaccGeneralNamesToCdsa(*snaccObj->authorityCertIssuer,
*cdsaObj->generalNames,
alloc);
}
if(cdsaObj->numNames) {
memset(cdsaObj->generalName, 0, cdsaObj->numNames * sizeof(CE_GeneralName));
+ alloc.free(cdsaObj->generalName);
}
memset(cdsaObj, 0, sizeof(CE_GeneralNames));
}
CE_AuthorityKeyID *cdsaObj = (CE_AuthorityKeyID *)cssmExt->value.parsedValue;
alloc.free(cdsaObj->keyIdentifier.Data);
freeFieldGeneralNames(cdsaObj->generalNames, alloc);
+ alloc.free(cdsaObj->generalNames);
alloc.free(cdsaObj->serialNumber.Data);
memset(cdsaObj, 0, sizeof(CE_AuthorityKeyID));
freeFieldExtenCommon(cssmExt, alloc); // frees extnId, parsedValue, BERvalue
# Created and modified by checkpoint; do not edit
# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:52 mb Exp $
-# $Name: Security-30~1 $
+# $Name: $
ProjectName: AppleX509CL
ProjectVersion: 3
#include "CertBuilder.h"
#include <Security/cssmerr.h>
#include <Security/utilities.h>
+#include "cldebugging.h"
#define BUF_ENC_EXTRA 64
abuf.Init(buf, bufLen);
abuf.ResetInWriteRvsMode();
AsnLen bytesEnc;
+ #if SNACC_ENABLE_PDU
dirStr.BEncPdu(abuf, bytesEnc);
- if(bytesEnc > bufLen) {
+ if(bytesEnc > bufLen)
+ #else
+ bytesEnc = dirStr.BEnc(abuf);
+ if(abuf.WriteError() || (bytesEnc > bufLen))
+ #endif /* SNACC_ENABLE_PDU */
+ {
#ifndef NDEBUG
printf("Whoops! Buffer overflow\n");
#endif
free(buf);
}
+void NameBuilder::addX509Name (
+ const CSSM_X509_NAME *x509Name)
+{
+ /*
+ * The main job here is extracting attr/value pairs in CSSM format
+ * from x509Name, and converting them into arguments for addATDV.
+ * Note that we're taking the default for primaryDistinguished,
+ * because the CDSA CSSM_X509_TYPE_VALUE_PAIR struct doesn't allow for
+ * it.
+ */
+ for(unsigned rdnDex=0; rdnDex<x509Name->numberOfRDNs; rdnDex++) {
+ CSSM_X509_RDN_PTR rdn = &x509Name->RelativeDistinguishedName[rdnDex];
+ if(rdn->numberOfPairs != 1) {
+ errorLog0("setField_RDN: only one a/v pair per RDN supported\n");
+ CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER);
+ }
+
+ CSSM_X509_TYPE_VALUE_PAIR_PTR atv = rdn->AttributeTypeAndValue;
+ AsnOid oid;
+ oid.Set(reinterpret_cast<char *>(atv->type.Data), atv->type.Length);
+
+ DirectoryString::ChoiceIdEnum stringType;
+ switch(atv->valueType) {
+ case BER_TAG_T61_STRING:
+ stringType = DirectoryString::teletexStringCid;
+ break;
+ case BER_TAG_PRINTABLE_STRING:
+ stringType = DirectoryString::printableStringCid;
+ break;
+ case BER_TAG_PKIX_UNIVERSAL_STRING:
+ stringType = DirectoryString::universalStringCid;
+ break;
+ case BER_TAG_PKIX_BMP_STRING:
+ stringType = DirectoryString::bmpStringCid;
+ break;
+ case BER_TAG_PKIX_UTF8_STRING:
+ stringType = DirectoryString::utf8StringCid;
+ break;
+ default:
+ errorLog1("setField_RDN: illegal tag(%d)\n", atv->valueType);
+ CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER);
+ }
+ addATDV(oid,
+ reinterpret_cast<char *>(atv->value.Data),
+ atv->value.Length,
+ stringType);
+ }
+}
+
+
/*
* Custom AsnOid, used for converting CssmOid to AsnOid. The Snacc class
* declaration doesn't provide a means to construct from, or set by,
DirectoryString::ChoiceIdEnum stringType, // printableStringCid, etc.
// from sm_x520sa
bool primaryDistinguished = true);
+
+ void addX509Name (
+ const CSSM_X509_NAME *x509Name);
};
AsnTag tag;
AsnLen elmtLen;
ENV_TYPE env;
- int val;
char *valData;
int valLength;
DirectoryString *dirStr = NULL;
buf.InstallData(cbuf->Access(), len);
- if ((val = setjmp (env)) == 0) {
+ try {
tag = BDecTag (buf, len, env);
elmtLen = BDecLen (buf, len, env);
}
- else {
+ catch(...) {
errorLog0("getField_RDN: malformed DirectoryString (1)\n");
/* FIXME - throw? Discard the whole cert? What? */
rdn->GoNext();
/* from sm_x520sa.h */
AsnLen dec;
dirStr = new DirectoryString;
- if((val = setjmp (env)) == 0) {
+ try {
dirStr->BDecContent(buf, tag, elmtLen, dec, env);
}
- else {
+ catch(...) {
errorLog0("getField_RDN: malformed DirectoryString (1)\n");
/* FIXME - throw? Discard the whole cert? What? */
rdn->GoNext();
return true;
}
-static void setField_RDN (
- NameBuilder &name,
- const CssmData &fieldValue)
-{
- /*
- * The main job here is extracting attr/value pairs in CSSM format
- * from fieldData, and converting them into arguments for NameBuilder.addATDV.
- * Note that we're taking the default for primaryDistinguished,
- * because the CDSA CSSM_X509_TYPE_VALUE_PAIR struct doesn't allow for
- * it.
- */
- CSSM_X509_NAME_PTR x509Name = (CSSM_X509_NAME_PTR)fieldValue.data();
- for(unsigned rdnDex=0; rdnDex<x509Name->numberOfRDNs; rdnDex++) {
- CSSM_X509_RDN_PTR rdn = &x509Name->RelativeDistinguishedName[rdnDex];
- if(rdn->numberOfPairs != 1) {
- errorLog0("setField_RDN: only one a/v pair per RDN supported\n");
- CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER);
- }
-
- CSSM_X509_TYPE_VALUE_PAIR_PTR atv = rdn->AttributeTypeAndValue;
- AsnOid oid;
- oid.Set(reinterpret_cast<char *>(atv->type.Data), atv->type.Length);
-
- DirectoryString::ChoiceIdEnum stringType;
- switch(atv->valueType) {
- case BER_TAG_T61_STRING:
- stringType = DirectoryString::teletexStringCid;
- break;
- case BER_TAG_PRINTABLE_STRING:
- stringType = DirectoryString::printableStringCid;
- break;
- case BER_TAG_PKIX_UNIVERSAL_STRING:
- stringType = DirectoryString::universalStringCid;
- break;
- case BER_TAG_PKIX_BMP_STRING:
- stringType = DirectoryString::bmpStringCid;
- break;
- case BER_TAG_PKIX_UTF8_STRING:
- stringType = DirectoryString::utf8StringCid;
- break;
- default:
- errorLog1("setField_RDN: illegal tag(%d)\n", atv->valueType);
- CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER);
- }
- name.addATDV(oid,
- reinterpret_cast<char *>(atv->value.Data),
- atv->value.Length,
- stringType);
-
- }
-}
-
/* common for issuer and subject */
static void freeField_RDN (
CssmOwnedData &fieldValue)
"IssuerName");
NameBuilder *issuer = new NameBuilder;
cert.certificateToSign->issuer = issuer;
- setField_RDN(*issuer, fieldValue);
+ const CSSM_X509_NAME *x509Name = (const CSSM_X509_NAME *)fieldValue.Data;
+ issuer->addX509Name(x509Name);
}
/*** subject ***/
"SubjectName");
NameBuilder *subject = new NameBuilder;
cert.certificateToSign->subject = subject;
- setField_RDN(*subject, fieldValue);
+ const CSSM_X509_NAME *x509Name = (const CSSM_X509_NAME *)fieldValue.Data;
+ subject->addX509Name(x509Name);
}
/***
/* actual public key blob - AsnBits */
snaccKeyInfo->subjectPublicKey.Set(reinterpret_cast<char *>
(cssmKeyInfo->subjectPublicKey.Data),
- cssmKeyInfo->subjectPublicKey.Length);
+ cssmKeyInfo->subjectPublicKey.Length * 8);
}
static void freeField_PublicKeyInfo (
/* actual public key blob - AsnBits */
/***
- *** TBD FIXME if this key is a ref key, null wrap it to a raw key
+ *** Note: ideally we'd like to just convert an incoming ref key to a raw
+ *** key here if necessary, but this occurs during CertCreateTemplate,
+ *** when we don't have a CSP handle. This conversion is the caller's
+ *** responsibility.
***/
if(cssmKey->KeyHeader.BlobType != CSSM_KEYBLOB_RAW) {
errorLog0("CL SetField: must specify RAW key blob\n");
CssmOwnedData &fieldValue)
{
CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR)fieldValue.data();
- DecodedCert::freeCSSMKey(cssmKey, fieldValue.allocator, false);
+ CL_freeCSSMKey(cssmKey, fieldValue.allocator, false);
}
/***
{
/* this is the max - some might be missing */
uint32 maxFields = NUM_STD_CERT_FIELDS + mNumExtensions;
- CSSM_FIELD_PTR outFields = (CSSM_FIELD_PTR)malloc(maxFields * sizeof(CSSM_FIELD));
+ CSSM_FIELD_PTR outFields = (CSSM_FIELD_PTR)alloc.malloc(maxFields * sizeof(CSSM_FIELD));
/*
* We'll be copying oids and values for fields we find into
DecodedCert::DecodedCert(
AppleX509CLSession &session)
- : alloc(CssmAllocator::standard()),
+ : alloc(session),
mSession(session)
{
certificateToSign = new CertificateToSign;
DecodedCert::DecodedCert(
AppleX509CLSession &session,
const CssmData &encodedCert)
- : alloc(CssmAllocator::standard()),
+ : alloc(session),
mSession(session)
{
reset();
(snaccKeyInfo->algorithm == NULL)) {
CssmError::throwMe(CSSMERR_CL_NO_FIELD_VALUES);
}
- CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR) alloc.malloc(sizeof(CSSM_KEY));
- memset(cssmKey, 0, sizeof(CSSM_KEY));
- CSSM_KEYHEADER &hdr = cssmKey->KeyHeader;
- CssmRemoteData keyData(alloc, cssmKey->KeyData);
- try {
- hdr.HeaderVersion = CSSM_KEYHEADER_VERSION;
- /* CspId blank */
- hdr.BlobType = CSSM_KEYBLOB_RAW;
- hdr.AlgorithmId = CL_snaccOidToCssmAlg(snaccKeyInfo->algorithm->algorithm);
-
- /*
- * Format inferred from AlgorithmId. I have never seen these defined
- * anywhere, e.g., whart's the format of an RSA public key in a cert?
- * X509 certainly doesn't say. However. the following two cases are known
- * to be correct.
- */
- switch(hdr.AlgorithmId) {
- case CSSM_ALGID_RSA:
- hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1;
- break;
- case CSSM_ALGID_DSA:
- hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186;
- break;
- case CSSM_ALGID_FEE:
- /* CSSM_KEYBLOB_RAW_FORMAT_NONE --> DER encoded */
- hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE;
- break;
- default:
- /* punt */
- hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE;
- }
- hdr.KeyClass = CSSM_KEYCLASS_PUBLIC_KEY;
-
- /* KeyUsage inferred from extensions */
- hdr.KeyUsage = inferKeyUsage();
-
- /* start/end date unknown, leave zero */
- hdr.WrapAlgorithmId = CSSM_ALGID_NONE;
- hdr.WrapMode = CSSM_ALGMODE_NONE;
-
- /*
- * subjectPublicKeyInfo.subjectPublicKey (AsnBits) ==> KeyData
- */
- SC_asnBitsToCssmData(snaccKeyInfo->subjectPublicKey, keyData);
- keyData.release();
-
- /*
- * LogicalKeySizeInBits - ask the CSP
- */
- CSSM_CSP_HANDLE cspHand = getGlobalCspHand(true);
- CSSM_KEY_SIZE keySize;
- CSSM_RETURN crtn;
- crtn = CSSM_QueryKeySizeInBits(cspHand, NULL, cssmKey, &keySize);
- if(crtn) {
- CssmError::throwMe(crtn);
- }
- cssmKey->KeyHeader.LogicalKeySizeInBits =
- keySize.LogicalKeySizeInBits;
- }
- catch (...) {
- alloc.free(cssmKey);
- throw;
- }
- return cssmKey;
-}
-
-void DecodedCert::freeCSSMKey(
- CSSM_KEY_PTR cssmKey,
- CssmAllocator &alloc,
- bool freeTop)
-{
- if(cssmKey == NULL) {
- return;
- }
- alloc.free(cssmKey->KeyData.Data);
- memset(cssmKey, 0, sizeof(CSSM_KEY));
- if(freeTop) {
- alloc.free(cssmKey);
- }
+ return CL_extractCSSMKey(*snaccKeyInfo, alloc, this);
}
CSSM_KEY_PTR extractCSSMKey(
CssmAllocator &alloc) const;
- static void freeCSSMKey(
- CSSM_KEY_PTR cssmKey,
- CssmAllocator &alloc,
- bool freeTop = true); // delete the actual key
- // as well as contents
+ CSSM_KEYUSE inferKeyUsage() const;
private:
/* encode mExtensions ==> tbs->Extensions */
void encodeExtensions();
- CSSM_KEYUSE inferKeyUsage() const;
-
/* called from decodeExtensions and setField* */
void addExtension(
AsnType *snaccThing, // e.g. KeyUsage
*lookupEntryLocked(KeyType key)
{
// don't create new entry if desired entry isn't there
- MapType::iterator it = mMap.find(key);
+ typename MapType::iterator it = mMap.find(key);
if(it == mMap.end()) {
return NULL;
}
*removeFirstEntry()
{
StLock<Mutex> _(mMapLock);
- MapType::iterator it = mMap.begin();
+ typename MapType::iterator it = mMap.begin();
if(it == mMap.end()) {
return NULL;
}
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// Session_CSP.cpp - CSR-related session functions.
+//
+
+#include "AppleX509CLSession.h"
+#include "DecodedCert.h"
+#include "SnaccUtils.h"
+#include "cldebugging.h"
+#include "CSPAttacher.h"
+#include "CertBuilder.h"
+#include <Security/oidscert.h>
+#include <Security/cssmapple.h>
+#include <Security/cssmerrno.h>
+#include <Security/cdsaUtils.h>
+#include <Security/pkcs10.h>
+
+/*
+ * Generate a DER-encoded CSR.
+ */
+void AppleX509CLSession::generateCsr(
+ CSSM_CC_HANDLE CCHandle,
+ const CSSM_APPLE_CL_CSR_REQUEST *csrReq,
+ CSSM_DATA_PTR &csrPtr)
+{
+ /*
+ * We use the full CertificationRequest here; we encode the
+ * CertificationRequestInfo component separately to calculate
+ * its signature, then we encode the whole CertificationRequest
+ * after dropping in the signature and SignatureAlgorithmIdentifier.
+ *
+ * CertificationRequestInfo, CertificationRequest from pkcs10
+ */
+ CertificationRequest certReq;
+ CertificationRequestInfo *reqInfo = new CertificationRequestInfo;
+ certReq.certificationRequestInfo = reqInfo;
+
+ /*
+ * Step 1: convert CSSM_APPLE_CL_CSR_REQUEST to CertificationRequestInfo.
+ */
+ reqInfo->version.Set(0);
+
+ /* subject Name */
+ NameBuilder *subject = new NameBuilder;
+ reqInfo->subject = subject;
+ subject->addX509Name(csrReq->subjectNameX509);
+
+ /* SubjectPublicKeyInfo, AlgorithmIdentifier from sm_x509af */
+ SubjectPublicKeyInfo *snaccKeyInfo = new SubjectPublicKeyInfo;
+ reqInfo->subjectPublicKeyInfo = snaccKeyInfo;
+ AlgorithmIdentifier *snaccAlgId = new AlgorithmIdentifier;
+ snaccKeyInfo->algorithm = snaccAlgId;
+ CL_cssmAlgToSnaccOid(csrReq->subjectPublicKey->KeyHeader.AlgorithmId,
+ snaccAlgId->algorithm);
+ /* FIXME - for now assume NULL alg params */
+ CL_nullAlgParams(*snaccAlgId);
+
+ /* actual public key blob - AsnBits */
+ snaccKeyInfo->subjectPublicKey.Set(reinterpret_cast<char *>
+ (csrReq->subjectPublicKey->KeyData.Data),
+ csrReq->subjectPublicKey->KeyData.Length * 8);
+
+ /* attributes - see sm_x501if - we support one, CSSMOID_ChallengePassword,
+ * as a printable string */
+ if(csrReq->challengeString) {
+ Attribute *attr = reqInfo->attributes.Append();
+ /* attr->type is an OID */
+ attr->type.Set(challengePassword_arc);
+ /* one value, spec'd as AsnAny, we have to encode first. */
+ PrintableString snaccStr(csrReq->challengeString);
+ CssmAutoData encChallenge(*this);
+ SC_encodeAsnObj(snaccStr, encChallenge,
+ strlen(csrReq->challengeString) + 32);
+ /* AttributeValue is an AsnAny as far as SNACC is concerned */
+ AttributeValue *av = attr->values.Append();
+ CSM_Buffer *cbuf = new CSM_Buffer((char *)encChallenge.data(),
+ encChallenge.length());
+ av->value = cbuf;
+ }
+
+ /*
+ * Step 2: DER-encode the CertificationRequestInfo.
+ */
+ CssmAutoData encReqInfo(*this);
+ SC_encodeAsnObj(*reqInfo, encReqInfo, 8 * 1024); // totally wild guess
+
+ /*
+ * Step 3: sign the encoded CertificationRequestInfo.
+ */
+ CssmAutoData sig(*this);
+ signData(CCHandle, encReqInfo, sig);
+
+ /*
+ * Step 4: finish up CertificationRequest - signatureAlgorithm, signature
+ */
+ certReq.signatureAlgorithm = new SignatureAlgorithmIdentifier;
+ certReq.signatureAlgorithm->algorithm.Set(reinterpret_cast<char *>(
+ csrReq->signatureOid.Data), csrReq->signatureOid.Length);
+ /* FIXME - for now assume NULL alg params */
+ CL_nullAlgParams(*certReq.signatureAlgorithm);
+ certReq.signature.Set((char *)sig.data(), sig.length() * 8);
+
+ /*
+ * Step 5: DER-encode the finished CertificationRequestSigned.
+ */
+ CssmAutoData encCsr(*this);
+ SC_encodeAsnObj(certReq, encCsr,
+ encReqInfo.length() + // size of the thing we signed
+ sig.length() + // size of signature
+ 100); // sigAlgId plus encoding overhead
+
+ /* TBD - enc64 the result, when we have this much working */
+ csrPtr = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA));
+ csrPtr->Data = (uint8 *)malloc(encCsr.length());
+ csrPtr->Length = encCsr.length();
+ memmove(csrPtr->Data, encCsr.data(), encCsr.length());
+}
+
+/*
+ * Verify CSR with its own public key.
+ */
+void AppleX509CLSession::verifyCsr(
+ const CSSM_DATA *csrPtr)
+{
+ /*
+ * 1. Extract the public key from the CSR. We do this by decoding
+ * the whole thing and getting a CSSM_KEY from the
+ * SubjectPublicKeyInfo.
+ */
+ CertificationRequest certReq;
+ const CssmData &csrEnc = CssmData::overlay(*csrPtr);
+ SC_decodeAsnObj(csrEnc, certReq);
+ CertificationRequestInfo *certReqInfo = certReq.certificationRequestInfo;
+ if(certReqInfo == NULL) {
+ CssmError::throwMe(CSSMERR_CL_INVALID_DATA);
+ }
+ CSSM_KEY_PTR cssmKey = CL_extractCSSMKey(*certReqInfo->subjectPublicKeyInfo,
+ *this, // alloc
+ NULL); // no DecodedCert
+
+ /*
+ * 2. Obtain signature algorithm and parameters.
+ */
+ SignatureAlgorithmIdentifier *snaccAlgId = certReq.signatureAlgorithm;
+ if(snaccAlgId == NULL) {
+ CssmError::throwMe(CSSMERR_CL_INVALID_DATA);
+ }
+ CSSM_ALGORITHMS vfyAlg = CL_snaccOidToCssmAlg(snaccAlgId->algorithm);
+
+ /*
+ * 3. Extract the raw bits to be verified and the signature. We
+ * decode the CSR as a CertificationRequestSigned for this, which
+ * avoids the decode of the CertificationRequestInfo.
+ */
+ CertificationRequestSigned certReqSigned;
+ SC_decodeAsnObj(csrEnc, certReqSigned);
+
+ CSM_Buffer *cbuf = certReqSigned.certificationRequestInfo.value;
+ char *cbufData = const_cast<char *>(cbuf->Access());
+ CssmData toVerify(cbufData, cbuf->Length());
+ AsnBits sigBits = certReqSigned.signature;
+ size_t sigBytes = (sigBits.BitLen() + 7) / 8;
+ CssmData sig(const_cast<char *>(sigBits.BitOcts()), sigBytes);
+
+ /*
+ * 4. Attach to CSP, cook up signature context, verify signature.
+ */
+ CSSM_CSP_HANDLE cspHand = getGlobalCspHand(true);
+ CSSM_RETURN crtn;
+ CSSM_CC_HANDLE ccHand;
+ crtn = CSSM_CSP_CreateSignatureContext(cspHand,
+ vfyAlg,
+ NULL, // Access Creds
+ cssmKey,
+ &ccHand);
+ if(crtn) {
+ CssmError::throwMe(crtn);
+ }
+ verifyData(ccHand, toVerify, sig);
+ CL_freeCSSMKey(cssmKey, *this);
+}
const void *InputParams,
void **OutputParams)
{
- unimplemented();
+ switch(PassThroughId) {
+ case CSSM_APPLEX509CL_OBTAIN_CSR:
+ {
+ /*
+ * Create a Cert Signing Request (CSR).
+ * Input is a CSSM_APPLE_CL_CSR_REQUEST.
+ * Output is a PEM-encoded CertSigningRequest (SNACC type
+ * CertificationRequest from pkcs10).
+ */
+ if(InputParams == NULL) {
+ CssmError::throwMe(CSSMERR_CL_INVALID_INPUT_POINTER);
+ }
+ if(OutputParams == NULL) {
+ CssmError::throwMe(CSSMERR_CL_INVALID_OUTPUT_POINTER);
+ }
+ CSSM_APPLE_CL_CSR_REQUEST *csrReq =
+ (CSSM_APPLE_CL_CSR_REQUEST *)InputParams;
+ if((csrReq->subjectNameX509 == NULL) ||
+ (csrReq->signatureOid.Data == NULL) ||
+ (csrReq->subjectPublicKey == NULL) ||
+ (csrReq->subjectPrivateKey == NULL)) {
+ CssmError::throwMe(CSSMERR_CL_INVALID_INPUT_POINTER);
+ }
+ CSSM_DATA_PTR csrPtr = NULL;
+ generateCsr(CCHandle, csrReq, csrPtr);
+ *OutputParams = csrPtr;
+ break;
+ }
+ case CSSM_APPLEX509CL_VERIFY_CSR:
+ {
+ /*
+ * Perform signature verify of a CSR.
+ * Input: CSSM_DATA referring to a DER-encoded CSR.
+ * Output: Nothing, throws CSSMERR_CL_VERIFICATION_FAILURE
+ * on failure.
+ */
+ if(InputParams == NULL) {
+ CssmError::throwMe(CSSMERR_CL_INVALID_INPUT_POINTER);
+ }
+ const CSSM_DATA *csrPtr = (const CSSM_DATA *)InputParams;
+ verifyCsr(csrPtr);
+ break;
+ }
+ default:
+ CssmError::throwMe(CSSMERR_CL_INVALID_PASSTHROUGH_ID);
+ }
}
+
#include "SnaccUtils.h"
#include "cldebugging.h"
#include "CSPAttacher.h"
+#include "CertBuilder.h"
#include <Security/oidscert.h>
#include <Security/cssmapple.h>
#include <Security/cssmerrno.h>
if(context != NULL) {
CSSM_FreeContext(context);
}
- DecodedCert::freeCSSMKey(signerPubKey, *this);
+ CL_freeCSSMKey(signerPubKey, *this);
if(ourCcHand != CSSM_INVALID_HANDLE) {
CSSM_DeleteContext(ourCcHand);
}
if(context != NULL) {
CSSM_FreeContext(context);
}
- DecodedCert::freeCSSMKey(signerPubKey, *this);
+ CL_freeCSSMKey(signerPubKey, *this);
if(ourCcHand != CSSM_INVALID_HANDLE) {
CSSM_DeleteContext(ourCcHand);
}
}
}
-
*/
#include "SnaccUtils.h"
+#include "CSPAttacher.h"
#include "cldebugging.h"
#include <Security/pkcs1oids.h>
#include <Security/cdsaUtils.h>
AsnLen totalLen; // including tag and ASN length
char *elemStart; // ptr to start of element, including tag
- int rtn;
ENV_TYPE env;
- if ((rtn = setjmp (env)) == 0) {
+ try {
tag = BDecTag (buf, bytesDecoded, env);
if (tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)) {
errorLog1("CL_CertDecodeComponents: bad first-level tag (0x%x)\n", tag);
* of indefinte-length data.
*/
}
- else {
- errorLog0("CL_CertDecodeComponents: longjmp during decode\n");
+ catch(...) {
+ errorLog0("CL_CertDecodeComponents: throw during decode\n");
TBSCert.reset();
algId.reset();
rawSig.reset();
oid.ReSet(md2WithRSAEncryption_arc);
break;
case CSSM_ALGID_MD5WithRSA:
- oid.ReSet(md2WithRSAEncryption_arc);
+ oid.ReSet(md5WithRSAEncryption_arc);
break;
case CSSM_ALGID_SHA1WithRSA:
oid.ReSet(sha1withRSAEncryption_arc);
char *src = NULL;
unsigned len = 0;
AsnType *toBeEncoded = NULL;
+ bool freeSrc = false;
switch(currSnaccName->choiceId) {
case GeneralName::otherNameCid:
/* OTHER_NAME, AsnOid */
src = aData;
len = aData.length();
aData.release();
+ freeSrc = true;
currCdsaName->berEncoded = CSSM_TRUE;
}
else {
currCdsaName->name.Data = (uint8 *)alloc.malloc(len);
currCdsaName->name.Length = len;
memmove(currCdsaName->name.Data, src, len);
-
+ if(freeSrc) {
+ alloc.free(src);
+ }
snaccObj.GoNext();
}
}
/* upper case */
while(pCh < pEos) {
- *pCh++ = toupper(*pCh);
+ *pCh = toupper(*pCh);
+ pCh++;
}
/* clean out whitespace */
} /* for each RDN */
}
+/*
+ * Obtain a CSSM_KEY from a SubjectPublicKeyInfo, inferring as much as we can
+ * from required fields (subjectPublicKeyInfo) and extensions (for
+ * KeyUse, obtained from the optional DecodedCert).
+ */
+CSSM_KEY_PTR CL_extractCSSMKey(
+ SubjectPublicKeyInfo &snaccKeyInfo,
+ CssmAllocator &alloc,
+ const DecodedCert *decodedCert) // optional
+{
+ CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR) alloc.malloc(sizeof(CSSM_KEY));
+ memset(cssmKey, 0, sizeof(CSSM_KEY));
+ CSSM_KEYHEADER &hdr = cssmKey->KeyHeader;
+ CssmRemoteData keyData(alloc, cssmKey->KeyData);
+ try {
+ hdr.HeaderVersion = CSSM_KEYHEADER_VERSION;
+ /* CspId blank */
+ hdr.BlobType = CSSM_KEYBLOB_RAW;
+ hdr.AlgorithmId = CL_snaccOidToCssmAlg(snaccKeyInfo.algorithm->algorithm);
+
+ /*
+ * Format inferred from AlgorithmId. I have never seen these defined
+ * anywhere, e.g., whart's the format of an RSA public key in a cert?
+ * X509 certainly doesn't say. However. the following two cases are known
+ * to be correct.
+ */
+ switch(hdr.AlgorithmId) {
+ case CSSM_ALGID_RSA:
+ hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1;
+ break;
+ case CSSM_ALGID_DSA:
+ hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186;
+ break;
+ case CSSM_ALGID_FEE:
+ /* CSSM_KEYBLOB_RAW_FORMAT_NONE --> DER encoded */
+ hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE;
+ break;
+ default:
+ /* punt */
+ hdr.Format = CSSM_KEYBLOB_RAW_FORMAT_NONE;
+ }
+ hdr.KeyClass = CSSM_KEYCLASS_PUBLIC_KEY;
+
+ /* KeyUsage inferred from extensions */
+ if(decodedCert) {
+ hdr.KeyUsage = decodedCert->inferKeyUsage();
+ }
+ else {
+ hdr.KeyUsage = CSSM_KEYUSE_ANY;
+ }
+
+ /* start/end date unknown, leave zero */
+ hdr.WrapAlgorithmId = CSSM_ALGID_NONE;
+ hdr.WrapMode = CSSM_ALGMODE_NONE;
+
+ /*
+ * subjectPublicKeyInfo.subjectPublicKey (AsnBits) ==> KeyData
+ */
+ SC_asnBitsToCssmData(snaccKeyInfo.subjectPublicKey, keyData);
+ keyData.release();
+
+ /*
+ * LogicalKeySizeInBits - ask the CSP
+ */
+ CSSM_CSP_HANDLE cspHand = getGlobalCspHand(true);
+ CSSM_KEY_SIZE keySize;
+ CSSM_RETURN crtn;
+ crtn = CSSM_QueryKeySizeInBits(cspHand, CSSM_INVALID_HANDLE, cssmKey, &keySize);
+ if(crtn) {
+ CssmError::throwMe(crtn);
+ }
+ cssmKey->KeyHeader.LogicalKeySizeInBits =
+ keySize.LogicalKeySizeInBits;
+ }
+ catch (...) {
+ alloc.free(cssmKey);
+ throw;
+ }
+ return cssmKey;
+}
+
+void CL_freeCSSMKey(
+ CSSM_KEY_PTR cssmKey,
+ CssmAllocator &alloc,
+ bool freeTop)
+{
+ if(cssmKey == NULL) {
+ return;
+ }
+ alloc.free(cssmKey->KeyData.Data);
+ memset(cssmKey, 0, sizeof(CSSM_KEY));
+ if(freeTop) {
+ alloc.free(cssmKey);
+ }
+}
#include <Security/x509defs.h>
#include <Security/certextensions.h>
#include <Security/cssmdata.h>
+#include "DecodedCert.h"
/* ghastly requirements of snacc-generated cert code */
#include <Security/asn-incl.h>
Name &name,
CssmAllocator &alloc);
+/*
+ * Obtain a CSSM_KEY from a SubjectPublicKeyInfo, inferring as much as we can
+ * from required fields (subjectPublicKeyInfo) and extensions (for
+ * KeyUse, obtained from the optional DecodedCert).
+ */
+CSSM_KEY_PTR CL_extractCSSMKey(
+ SubjectPublicKeyInfo &snaccKeyInfo,
+ CssmAllocator &alloc,
+ const DecodedCert *decodedCert); // optional
+
+/*
+ * Free key obtained in CL_extractCSSMKey().
+ */
+void CL_freeCSSMKey(
+ CSSM_KEY_PTR cssmKey,
+ CssmAllocator &alloc,
+ bool freeTop = true); // delete the actual key
+ // as well as contents
+
#ifdef __cplusplus
}
#endif
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>BuiltIn</key>
+ <true/>
+ <key>CDSAVersion</key>
+ <string>2.0</string>
+ <key>Desc</key>
+ <string>Apple built-in CL</string>
+ <key>DynamicFlag</key>
+ <false/>
+ <key>MdsFileDescription</key>
+ <string>Built-in X509 CL Common info</string>
+ <key>MdsFileType</key>
+ <string>PluginCommon</string>
+ <key>ModuleID</key>
+ <string>{87191ca4-0fc9-11d4-849a000502b52122}</string>
+ <key>ModuleName</key>
+ <string>AppleX509CL</string>
+ <key>MultiThreadFlag</key>
+ <true/>
+ <key>ProductVersion</key>
+ <string>1.0</string>
+ <key>ServiceMask</key>
+ <string>CSSM_SERVICE_CL</string>
+</dict>
+</plist>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>BundleTypeFormat</key>
+ <array/>
+ <key>CertFieldsNames</key>
+ <data>
+ </data>
+ <key>CertTypeFormat</key>
+ <string><<CSSM_CERT_X_509v3 | CSSM_CERT_ENCODING_DER</string>
+ <key>CrlTypeFormat_NONE</key>
+ <string>0</string>
+ <key>DefaultTemplateType</key>
+ <string>CSSM_CL_TEMPLATE_INTERMEDIATE_CERT</string>
+ <key>MdsFileDescription</key>
+ <string>Built-in X509CL Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CL_PRIMARY_RECORDTYPE</string>
+ <key>ModuleID</key>
+ <string>{87191ca4-0fc9-11d4-849a000502b52122}</string>
+ <key>ModuleName</key>
+ <string>AppleX509CL</string>
+ <key>ProductVersion</key>
+ <string>1.0</string>
+ <key>SSID</key>
+ <integer>0</integer>
+ <key>TemplateFieldNames</key>
+ <data>
+ </data>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+ <key>XlationTypeFormat</key>
+ <array/>
+</dict>
+</plist>
#if DEBUG_ENABLE || ERROR_LOG_ENABLE
#include <stdio.h>
+#include <stdlib.h>
#if !LOG_VIA_PRINTF
+++ /dev/null
-// !$*UTF8*$!
-{
- archiveVersion = 1;
- classes = {
- };
- objectVersion = 32;
- objects = {
- 00E007DFFF9267D6D0A17CE7 = {
- isa = PBXFileReference;
- path = certGroupUtils.cpp;
- refType = 4;
- };
- 00E007E0FF9267D6D0A17CE7 = {
- isa = PBXFileReference;
- path = certGroupUtils.h;
- refType = 4;
- };
- 00E007E1FF9267D6D0A17CE7 = {
- isa = PBXFileReference;
- path = iSignRootCerts.c;
- refType = 4;
- };
- 00E007E2FF9267D6D0A17CE7 = {
- isa = PBXFileReference;
- path = rootCerts.h;
- refType = 4;
- };
- 00E007E3FF9267D6D0A17CE7 = {
- isa = PBXFileReference;
- path = tpPolicies.cpp;
- refType = 4;
- };
- 00E007E4FF9267D6D0A17CE7 = {
- isa = PBXFileReference;
- path = tpPolicies.h;
- refType = 4;
- };
- 00E007E5FF9267D6D0A17CE7 = {
- fileRef = 00E007E0FF9267D6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 00E007E6FF9267D6D0A17CE7 = {
- fileRef = 00E007E2FF9267D6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 00E007E7FF9267D6D0A17CE7 = {
- fileRef = 00E007E4FF9267D6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 00E007E8FF9267D6D0A17CE7 = {
- fileRef = 00E007DFFF9267D6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 00E007E9FF9267D6D0A17CE7 = {
- fileRef = 00E007E1FF9267D6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 00E007EAFF9267D6D0A17CE7 = {
- fileRef = 00E007E3FF9267D6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 00E007EBFF926B7BD0A17CE7 = {
- isa = PBXFileReference;
- path = debugging.c;
- refType = 4;
- };
- 00E007ECFF926B7BD0A17CE7 = {
- isa = PBXFileReference;
- path = debugging.h;
- refType = 4;
- };
- 00E007EDFF926B7BD0A17CE7 = {
- fileRef = 00E007ECFF926B7BD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 00E007EEFF926B7BD0A17CE7 = {
- fileRef = 00E007EBFF926B7BD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 00E007EFFF937BBCD0A17CE7 = {
- isa = PBXFileReference;
- path = sslRootCerts.c;
- refType = 4;
- };
- 00E007F0FF937BBCD0A17CE7 = {
- fileRef = 00E007EFFF937BBCD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 023E3601001F8E2511CD283A = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- OTHER_LDFLAGS = "\U0001-dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Security:$(SYMROOT)/Security.framework/Versions/A/Security\"";
- };
- isa = PBXBuildStyle;
- name = "Build Folder";
- };
- 02B529DEFF8D3AA7D0A17CE7 = {
- buildStyles = (
- 1C9129D8FFD8585E11CD296C,
- 1C9129D9FFD8585E11CD296C,
- 023E3601001F8E2511CD283A,
- );
- isa = PBXProject;
- mainGroup = 02B529DFFF8D3AA7D0A17CE7;
- productRefGroup = 02B529E0FF8D3AFDD0A17CE7;
- projectDirPath = .;
- targets = (
- 02B529E3FF8D3AFDD0A17CE7,
- );
- };
- 02B529DFFF8D3AA7D0A17CE7 = {
- children = (
- 02B529EDFF8D3DB1D0A17CE7,
- 02B529EBFF8D3D43D0A17CE7,
- 02B529EFFF8D3E0AD0A17CE7,
- 02B529E9FF8D3C09D0A17CE7,
- 00E007DFFF9267D6D0A17CE7,
- 00E007E0FF9267D6D0A17CE7,
- 00E007EBFF926B7BD0A17CE7,
- 00E007ECFF926B7BD0A17CE7,
- 00E007E1FF9267D6D0A17CE7,
- 00E007E2FF9267D6D0A17CE7,
- 00E007EFFF937BBCD0A17CE7,
- 02B529F8FF8D458FD0A17CE7,
- 5F314875FFA4B878D0A17CE7,
- 5F314873FFA4B3D9D0A17CE7,
- 00E007E3FF9267D6D0A17CE7,
- 00E007E4FF9267D6D0A17CE7,
- 0B9ABCAFFF9395CDD0A17CE7,
- 0B9ABCB1FF9396DDD0A17CE7,
- 35D41EC9FFF3E99811CD283A,
- 02B529E0FF8D3AFDD0A17CE7,
- );
- isa = PBXGroup;
- refType = 4;
- };
- 02B529E0FF8D3AFDD0A17CE7 = {
- children = (
- 1C9129D7FFD8585E11CD296C,
- );
- isa = PBXGroup;
- name = Products;
- refType = 4;
- };
- 02B529E3FF8D3AFDD0A17CE7 = {
- buildPhases = (
- 02B529E4FF8D3AFDD0A17CE7,
- 02B529E5FF8D3AFDD0A17CE7,
- 02B529E6FF8D3AFDD0A17CE7,
- 02B529E7FF8D3AFDD0A17CE7,
- 02B529E8FF8D3AFDD0A17CE7,
- );
- buildSettings = {
- DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O2 -fno-inline";
- EXPORTED_SYMBOLS_FILE = cssmplugin.exp;
- FRAMEWORK_SEARCH_PATHS = "";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security";
- OPTIMIZATION_CFLAGS = "-O2 -fno-inline";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "-bundle -undefined suppress -lstdc++";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = AppleX509TP;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas -Wno-format";
- WRAPPER_EXTENSION = bundle;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXBundleTarget;
- name = AppleTP;
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/Security";
- productName = AppleX509TP;
- productReference = 1C9129D7FFD8585E11CD296C;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict>
- <key>CFBundleDevelopmentRegion</key>
- <string>English</string>
- <key>CFBundleExecutable</key>
- <string>AppleX509TP</string>
- <key>CFBundleGetInfoString</key>
- <string></string>
- <key>CFBundleIconFile</key>
- <string></string>
- <key>CFBundleIdentifier</key>
- <string>com.apple.applex509tp</string>
- <key>CFBundleInfoDictionaryVersion</key>
- <string>6.0</string>
- <key>CFBundleName</key>
- <string>AppleX509TP</string>
- <key>CFBundlePackageType</key>
- <string>BNDL</string>
- <key>CFBundleShortVersionString</key>
- <string>1.0</string>
- <key>CFBundleSignature</key>
- <string>????</string>
- <key>CFBundleVersion</key>
- <string>AppleX509TP 1.0</string>
-</dict>
-</plist>
-";
- shouldUseHeadermap = 1;
- };
- 02B529E4FF8D3AFDD0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 02B529EAFF8D3C09D0A17CE7,
- 02B529ECFF8D3D43D0A17CE7,
- 00E007E5FF9267D6D0A17CE7,
- 00E007E6FF9267D6D0A17CE7,
- 00E007E7FF9267D6D0A17CE7,
- 00E007EDFF926B7BD0A17CE7,
- 0B9ABCB2FF9396DDD0A17CE7,
- 5F314874FFA4B3D9D0A17CE7,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 02B529E5FF8D3AFDD0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 02B529E6FF8D3AFDD0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 02B529EEFF8D3DB1D0A17CE7,
- 02B529F0FF8D3E0AD0A17CE7,
- 02B529F9FF8D458FD0A17CE7,
- 00E007E8FF9267D6D0A17CE7,
- 00E007E9FF9267D6D0A17CE7,
- 00E007EAFF9267D6D0A17CE7,
- 00E007EEFF926B7BD0A17CE7,
- 00E007F0FF937BBCD0A17CE7,
- 0B9ABCB0FF9395CDD0A17CE7,
- 5F314876FFA4B878D0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 02B529E7FF8D3AFDD0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 35D41ECBFFF3E99811CD283A,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 02B529E8FF8D3AFDD0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 02B529E9FF8D3C09D0A17CE7 = {
- isa = PBXFileReference;
- path = AppleTPSession.h;
- refType = 4;
- };
- 02B529EAFF8D3C09D0A17CE7 = {
- fileRef = 02B529E9FF8D3C09D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 02B529EBFF8D3D43D0A17CE7 = {
- isa = PBXFileReference;
- path = AppleTP.h;
- refType = 4;
- };
- 02B529ECFF8D3D43D0A17CE7 = {
- fileRef = 02B529EBFF8D3D43D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 02B529EDFF8D3DB1D0A17CE7 = {
- isa = PBXFileReference;
- path = AppleTP.cpp;
- refType = 4;
- };
- 02B529EEFF8D3DB1D0A17CE7 = {
- fileRef = 02B529EDFF8D3DB1D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 02B529EFFF8D3E0AD0A17CE7 = {
- isa = PBXFileReference;
- path = AppleTPSession.cpp;
- refType = 4;
- };
- 02B529F0FF8D3E0AD0A17CE7 = {
- fileRef = 02B529EFFF8D3E0AD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 02B529F8FF8D458FD0A17CE7 = {
- isa = PBXFileReference;
- path = tpCertGroup.cpp;
- refType = 4;
- };
- 02B529F9FF8D458FD0A17CE7 = {
- fileRef = 02B529F8FF8D458FD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0B9ABCAFFF9395CDD0A17CE7 = {
- isa = PBXFileReference;
- path = tpTime.c;
- refType = 4;
- };
- 0B9ABCB0FF9395CDD0A17CE7 = {
- fileRef = 0B9ABCAFFF9395CDD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0B9ABCB1FF9396DDD0A17CE7 = {
- isa = PBXFileReference;
- path = tpTime.h;
- refType = 4;
- };
- 0B9ABCB2FF9396DDD0A17CE7 = {
- fileRef = 0B9ABCB1FF9396DDD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1C9129D7FFD8585E11CD296C = {
- isa = PBXBundleReference;
- path = AppleX509TP.bundle;
- refType = 3;
- };
- 1C9129D8FFD8585E11CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- };
- isa = PBXBuildStyle;
- name = Development;
- };
- 1C9129D9FFD8585E11CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = YES;
- };
- isa = PBXBuildStyle;
- name = Deployment;
- };
- 35D41EC9FFF3E99811CD283A = {
- children = (
- 35D41ECAFFF3E99811CD283A,
- );
- isa = PBXGroup;
- name = "External Frameworks";
- path = ../Projects/SecurityX/AppleX509TP;
- refType = 3;
- };
- 35D41ECAFFF3E99811CD283A = {
- isa = PBXFrameworkReference;
- path = Security.framework;
- refType = 3;
- };
- 35D41ECBFFF3E99811CD283A = {
- fileRef = 35D41ECAFFF3E99811CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 5F314873FFA4B3D9D0A17CE7 = {
- isa = PBXFileReference;
- path = TPCertInfo.h;
- refType = 4;
- };
- 5F314874FFA4B3D9D0A17CE7 = {
- fileRef = 5F314873FFA4B3D9D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 5F314875FFA4B878D0A17CE7 = {
- isa = PBXFileReference;
- path = TPCertInfo.cpp;
- refType = 4;
- };
- 5F314876FFA4B878D0A17CE7 = {
- fileRef = 5F314875FFA4B878D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- };
- rootObject = 02B529DEFF8D3AA7D0A17CE7;
-}
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
-void AppleTPSession::SubmitCredRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
- CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType,
- const CSSM_TP_REQUEST_SET &RequestInput,
- const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
- sint32 &EstimatedTime,
- CssmData &ReferenceIdentifier)
-{
- CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
-}
-
void AppleTPSession::FormRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
CSSM_TP_FORM_TYPE FormType,
CssmData &BlankForm)
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
-void AppleTPSession::RetrieveCredResult(const CssmData &ReferenceIdentifier,
- const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
- sint32 &EstimatedTime,
- CSSM_BOOL &ConfirmationRequired,
- CSSM_TP_RESULT_SET_PTR &RetrieveOutput)
-{
- CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
-}
-
-
CSSM_TP_RESULT_SET_PTR &RetrieveOutput);
private:
- void AppleTPSession::CertGroupConstructPriv(CSSM_CL_HANDLE clHand,
- CSSM_CSP_HANDLE cspHand,
- const CSSM_DL_DB_LIST &DBList,
- const void *ConstructParams,
- const CSSM_CERTGROUP &CertGroupFrag,
- CSSM_BOOL ignoreExpired,
- TPCertGroup *&CertGroup);
+ void CertGroupConstructPriv(CSSM_CL_HANDLE clHand,
+ CSSM_CSP_HANDLE cspHand,
+ const CSSM_DL_DB_LIST &DBList,
+ const void *ConstructParams,
+ const CSSM_CERTGROUP &CertGroupFrag,
+ CSSM_BOOL ignoreExpired,
+ const char *cssmTimeStr, // May be NULL
+ TPCertGroup *&CertGroup);
+
+ /* in tpCredRequest.cp */
+ CSSM_X509_NAME * buildX509Name(const CSSM_APPLE_TP_NAME_OID *nameArray,
+ unsigned numNames);
+ void freeX509Name(CSSM_X509_NAME *top);
+ CSSM_X509_TIME *buildX509Time(unsigned secondsFromNow);
+ void freeX509Time(CSSM_X509_TIME *xtime);
+ void refKeyToRaw(
+ CSSM_CSP_HANDLE cspHand,
+ const CSSM_KEY *refKey,
+ CSSM_KEY_PTR rawKey);
+ void makeCertTemplate(
+ /* required */
+ CSSM_CL_HANDLE clHand,
+ CSSM_CSP_HANDLE cspHand, // for converting ref to raw key
+ uint32 serialNumber,
+ const CSSM_X509_NAME *issuerName,
+ const CSSM_X509_NAME *subjectName,
+ const CSSM_X509_TIME *notBefore,
+ const CSSM_X509_TIME *notAfter,
+ const CSSM_KEY *subjectPubKey,
+ const CSSM_OID &sigOid, // e.g., CSSMOID_SHA1WithRSA
+ /* optional */
+ const CSSM_DATA *subjectUniqueId,
+ const CSSM_DATA *issuerUniqueId,
+ CSSM_X509_EXTENSION *extensions,
+ unsigned numExtensions,
+ CSSM_DATA_PTR &rawCert);
+
+ void SubmitCsrRequest(
+ const CSSM_TP_REQUEST_SET &RequestInput,
+ sint32 &EstimatedTime,
+ CssmData &ReferenceIdentifier);
+
+ /*
+ * Per-session storage of SubmitCredRequest results.
+ *
+ * A TpCredHandle is just an address of a cert, cast to a uint32. It's
+ * what ReferenceIdentifier.Data points to.
+ */
+ typedef uint32 TpCredHandle;
+ typedef std::map<TpCredHandle,
+ const CSSM_DATA * /* the actual cert */ > credMap;
+ credMap tpCredMap;
+ Mutex tpCredMapLock;
+
+ /* given a cert and a ReferenceIdentifier, fill in ReferenceIdentifier and
+ * add it and the cert to tpCredMap. */
+ void addCertToMap(
+ const CSSM_DATA *cert,
+ CSSM_DATA_PTR refId);
+
+ /* given a ReferenceIdentifier, obtain associated cert and remove from the map */
+ CSSM_DATA_PTR getCertFromMap(
+ const CSSM_DATA *refId);
};
# Created and modified by checkpoint; do not edit
# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:53 mb Exp $
-# $Name: Security-30~1 $
+# $Name: $
ProjectName: AppleX509TP
ProjectVersion: 3
#include <Security/threading.h> /* for Mutex */
#include <Security/globalizer.h>
#include <Security/debugging.h>
+#include <Security/cssmapple.h>
#define tpTimeDbg(args...) debug("tpTime", ## args)
TPCertInfo::TPCertInfo(
const CSSM_DATA *certData,
CSSM_CL_HANDLE clHand,
+ const char *cssmTimeStr, // = NULL
bool copyCertData) : // true: we copy, we free
// false - caller owns
mClHand(clHand),
mCacheHand(CSSM_INVALID_HANDLE),
mSubjectName(NULL),
- mIssuerName(NULL)
+ mIssuerName(NULL),
+ mIndex(0),
+ mIsAnchor(false),
+ mIsFromDb(false),
+ mNumStatusCodes(0),
+ mStatusCodes(NULL),
+ mUniqueRecord(NULL)
{
CSSM_RETURN crtn;
+ mDlDbHandle.DBHandle = 0;
+ mDlDbHandle.DLHandle = 0;
+
if(copyCertData) {
mCertData = tpMallocCopyCssmData(CssmAllocator::standard(), certData);
}
releaseResources();
CssmError::throwMe(crtn);
}
+
+ /* calculate other commonly used fields */
+ mIsRoot = tpCompareCssmData(mSubjectName, mIssuerName) ? true : false;
+ calculateCurrent(cssmTimeStr);
}
/* frees mSubjectName, mIssuerName, mCacheHand via mClHand */
if(mCacheHand != CSSM_INVALID_HANDLE) {
CSSM_CL_CertAbortCache(mClHand, mCacheHand);
}
+ if(mStatusCodes) {
+ free(mStatusCodes);
+ }
}
/* fetch arbitrary field from cached cert */
return mIssuerName;
}
-bool TPCertInfo::isSelfSigned() // i.e., subject == issuer
-{
- return tpCompareCssmData(mSubjectName, mIssuerName) ? true : false;
-}
-
/*
- * Verify validity (not before/after). Returns
- * CSSMERR_TP_CERT_NOT_VALID_YET
- * CSSMERR_TP_CERT_EXPIRED
- * CSSM_OK
- * CSSMERR_TP_INVALID_CERT_POINTER, other "bogus cert" errors
+ * Verify validity (not before/after). Only throws on gross error
+ * (CSSMERR_TP_INVALID_CERT_POINTER, etc.).
*
* We use some stdlib time calls over in tpTime.c; the stdlib function
* gmtime() is not thread-safe, so we do the protection here. Note that
* this makes *our* calls to gmtime() thread-safe, but if the app has
* other threads which are also calling gmtime, we're out of luck.
*/
-static ModuleNexus<Mutex> tpTimeLock;
+ModuleNexus<Mutex> tpTimeLock;
-CSSM_RETURN TPCertInfo::isCurrent(
- CSSM_BOOL allowExpired)
+void TPCertInfo::calculateCurrent(
+ const char *cssmTimeStr /* = NULL */)
{
CSSM_DATA_PTR notBeforeField = NULL;
CSSM_DATA_PTR notAfterField = NULL;
CSSM_RETURN crtn = CSSM_OK;
+ CSSM_X509_TIME *xNotAfter;
CASSERT(mCacheHand != CSSM_INVALID_HANDLE);
crtn = fetchField(&CSSMOID_X509V1ValidityNotBefore, ¬BeforeField);
if(crtn) {
- errorLog0("TPCertInfo::isCurrent: GetField error");
- return crtn;
+ errorLog0("TPCertInfo::calculateCurrent: GetField error");
+ CssmError::throwMe(crtn);
}
+ /* subsequent errors to errOut */
struct tm now;
- {
+ if(cssmTimeStr != NULL) {
+ /* caller specifies verification time base */
+ if(timeStringToTm(cssmTimeStr, strlen(cssmTimeStr), &now)) {
+ errorLog0("TPCertInfo::calculateCurrent: timeStringToTm error");
+ CssmError::throwMe(CSSMERR_TP_INVALID_TIMESTRING);
+ }
+ }
+ else {
+ /* time base = right now */
StLock<Mutex> _(tpTimeLock());
nowTime(&now);
}
if(timeStringToTm((char *)xNotBefore->time.Data, xNotBefore->time.Length,
¬Before)) {
- errorLog0("TPCertInfo::isCurrent: malformed notBefore time\n");
+ errorLog0("TPCertInfo::calculateCurrent: malformed notBefore time\n");
crtn = CSSMERR_TP_INVALID_CERT_POINTER;
goto errOut;
}
if(compareTimes(&now, ¬Before) < 0) {
- crtn = CSSMERR_TP_CERT_NOT_VALID_YET;
+ mNotValidYet = true;
tpTimeDbg("\nTP_CERT_NOT_VALID_YET:\n now y:%d m:%d d:%d h:%d m:%d",
now.tm_year, now.tm_mon, now.tm_mday, now.tm_hour,
now.tm_min);
tpTimeDbg(" notBefore y:%d m:%d d:%d h:%d m:%d",
notBefore.tm_year, notBefore.tm_mon, notBefore.tm_mday,
notBefore.tm_hour, notBefore.tm_min);
- struct tm now2;
- {
- StLock<Mutex> _(tpTimeLock());
- nowTime(&now2);
- }
- tpTimeDbg(" now2 y:%d m:%d d:%d h:%d m:%d",
- now2.tm_year, now2.tm_mon, now2.tm_mday, now2.tm_hour,
- now2.tm_min);
+ }
+ else {
+ mNotValidYet = false;
+ }
+
+ struct tm notAfter;
+ crtn = fetchField(&CSSMOID_X509V1ValidityNotAfter, ¬AfterField);
+ if(crtn) {
+ errorLog0("TPCertInfo::calculateCurrent: GetField error");
goto errOut;
}
- if(!allowExpired) {
- struct tm notAfter;
- crtn = fetchField(&CSSMOID_X509V1ValidityNotAfter, ¬AfterField);
- if(crtn) {
- errorLog0("TPCertInfo::isCurrent: GetField error");
- goto errOut;
- }
-
- CSSM_X509_TIME *xNotAfter = (CSSM_X509_TIME *)notAfterField->Data;
- if(timeStringToTm((char *)xNotAfter->time.Data, xNotAfter->time.Length,
- ¬After)) {
- errorLog0("TPCertInfo::isCurrent: malformed notAfter time\n");
- crtn = CSSMERR_TP_INVALID_CERT_POINTER;
- }
- else if(compareTimes(&now, ¬After) > 0) {
- crtn = CSSMERR_TP_CERT_EXPIRED;
- tpTimeDbg("\nTP_CERT_EXPIRED: \n now y:%d m:%d d:%d "
- "h:%d m:%d",
- now.tm_year, now.tm_mon, now.tm_mday,
- now.tm_hour, now.tm_min);
- tpTimeDbg(" notAfter y:%d m:%d d:%d h:%d m:%d",
- notAfter.tm_year, notAfter.tm_mon, notAfter.tm_mday,
- notAfter.tm_hour, notAfter.tm_min);
- struct tm now2;
- {
- StLock<Mutex> _(tpTimeLock());
- nowTime(&now2);
- }
- tpTimeDbg(" now2 y:%d m:%d d:%d h:%d m:%d",
- now2.tm_year, now2.tm_mon, now2.tm_mday, now2.tm_hour,
- now2.tm_min);
- }
- else {
- crtn = CSSM_OK;
- }
+ xNotAfter = (CSSM_X509_TIME *)notAfterField->Data;
+ if(timeStringToTm((char *)xNotAfter->time.Data, xNotAfter->time.Length,
+ ¬After)) {
+ errorLog0("TPCertInfo::calculateCurrent: malformed notAfter time\n");
+ crtn = CSSMERR_TP_INVALID_CERT_POINTER;
+ goto errOut;
+ }
+ else if(compareTimes(&now, ¬After) > 0) {
+ crtn = CSSMERR_TP_CERT_EXPIRED;
+ tpTimeDbg("\nTP_CERT_EXPIRED: \n now y:%d m:%d d:%d "
+ "h:%d m:%d",
+ now.tm_year, now.tm_mon, now.tm_mday,
+ now.tm_hour, now.tm_min);
+ tpTimeDbg(" notAfter y:%d m:%d d:%d h:%d m:%d",
+ notAfter.tm_year, notAfter.tm_mon, notAfter.tm_mday,
+ notAfter.tm_hour, notAfter.tm_min);
+ mExpired = true;
}
else {
- crtn = CSSM_OK;
+ mExpired = false;
}
+ crtn = CSSM_OK;
errOut:
if(notAfterField) {
freeField(&CSSMOID_X509V1ValidityNotAfter, notAfterField);
if(notBeforeField) {
freeField(&CSSMOID_X509V1ValidityNotBefore, notBeforeField);
}
- return crtn;
+ if(crtn != CSSM_OK) {
+ CssmError::throwMe(crtn);
+ }
+}
+
+CSSM_RETURN TPCertInfo::isCurrent(
+ CSSM_BOOL allowExpired)
+{
+ if(mNotValidYet) {
+ return CSSMERR_TP_CERT_NOT_VALID_YET;
+ }
+ if(allowExpired || !mExpired) {
+ return CSSM_OK;
+ }
+ else {
+ return CSSMERR_TP_CERT_EXPIRED;
+ }
+}
+
+void TPCertInfo::addStatusCode(CSSM_RETURN code)
+{
+ mNumStatusCodes++;
+ mStatusCodes = (CSSM_RETURN *)realloc(mStatusCodes,
+ mNumStatusCodes * sizeof(CSSM_RETURN));
+ mStatusCodes[mNumStatusCodes - 1] = code;
}
/***
CSSM_CERTGROUP_PTR cgrp =
(CSSM_CERTGROUP_PTR)mAlloc.malloc(sizeof(CSSM_CERTGROUP));
cgrp->NumCerts = mNumCerts;
- cgrp->CertGroupType = CSSM_CERTGROUP_ENCODED_CERT;
+ cgrp->CertGroupType = CSSM_CERTGROUP_DATA;
cgrp->CertType = CSSM_CERT_X_509v3;
cgrp->CertEncoding = CSSM_CERT_ENCODING_DER;
if(mNumCerts == 0) {
}
return cgrp;
}
+
+/* build a CSSM_TP_APPLE_EVIDENCE_INFO array */
+CSSM_TP_APPLE_EVIDENCE_INFO *TPCertGroup::buildCssmEvidenceInfo()
+{
+ CSSM_TP_APPLE_EVIDENCE_INFO *infoArray;
+
+ infoArray = (CSSM_TP_APPLE_EVIDENCE_INFO *)mAlloc.calloc(mNumCerts,
+ sizeof(CSSM_TP_APPLE_EVIDENCE_INFO));
+ for(unsigned i=0; i<mNumCerts; i++) {
+ TPCertInfo *certInfo = mCertInfo[i];
+ CSSM_TP_APPLE_EVIDENCE_INFO *evInfo = &infoArray[i];
+
+ /* first the booleans */
+ if(certInfo->isExpired()) {
+ evInfo->StatusBits |= CSSM_CERT_STATUS_EXPIRED;
+ }
+ if(certInfo->isNotValidYet()) {
+ evInfo->StatusBits |= CSSM_CERT_STATUS_NOT_VALID_YET;
+ }
+ if(certInfo->dlDbHandle().DLHandle == 0) {
+ if(certInfo->isAnchor()) {
+ evInfo->StatusBits |= CSSM_CERT_STATUS_IS_IN_ANCHORS;
+ }
+ else {
+ evInfo->StatusBits |= CSSM_CERT_STATUS_IS_IN_INPUT_CERTS;
+ }
+ }
+ if(certInfo->isSelfSigned()) {
+ evInfo->StatusBits |= CSSM_CERT_STATUS_IS_ROOT;
+ }
+
+ unsigned numCodes = certInfo->numStatusCodes();
+ if(numCodes) {
+ evInfo->NumStatusCodes = numCodes;
+ evInfo->StatusCodes = (CSSM_RETURN *)mAlloc.calloc(numCodes,
+ sizeof(CSSM_RETURN));
+ for(unsigned j=0; j<numCodes; j++) {
+ evInfo->StatusCodes[j] = (certInfo->statusCodes())[j];
+ }
+ }
+
+ evInfo->Index = certInfo->index();
+ evInfo->DlDbHandle = certInfo->dlDbHandle();
+ evInfo->UniqueRecord = certInfo->uniqueRecord();
+ }
+ return infoArray;
+}
+
+/* Given a status for basic construction of a cert group and a status
+ * of (optional) policy verification, plus the implicit notBefore/notAfter
+ * status in the certs, calculate a global return code. This just
+ * encapsulates a policy for CertGroupeConstruct and CertGroupVerify.
+ */
+CSSM_RETURN TPCertGroup::getReturnCode(
+ CSSM_RETURN constructStatus,
+ CSSM_BOOL allowExpired,
+ CSSM_RETURN policyStatus /* = CSSM_OK */)
+{
+ if(constructStatus) {
+ /* CSSMERR_TP_NOT_TRUSTED, CSSMERR_TP_INVALID_ANCHOR_CERT, gross errors */
+ return constructStatus;
+ }
+
+ /* check for expired, not valid yet */
+ bool expired = false;
+ bool notValid = false;
+ for(unsigned i=0; i<mNumCerts; i++) {
+ if(mCertInfo[i]->isExpired()) {
+ expired = true;
+ }
+ if(mCertInfo[i]->isNotValidYet()) {
+ notValid = true;
+ }
+ }
+ if(expired && !allowExpired) {
+ return CSSMERR_TP_CERT_EXPIRED;
+ }
+ if(notValid) {
+ return CSSMERR_TP_CERT_NOT_VALID_YET;
+ }
+ return policyStatus;
+}
#include <Security/cssmtype.h>
#include <Security/utilities.h>
#include <Security/cssmalloc.h>
+#include <Security/threading.h>
+#include <Security/globalizer.h>
+
+/*** Interim hack, disable not before/not after checking during cert chain processing ***/
+/*** code #ifdef'd with this gets ripped out later ***/
+#define TP_CERT_CURRENT_CHECK_INLINE 0
+
+/* protects TP-wide access to time() and gmtime() */
+extern ModuleNexus<Mutex> tpTimeLock;
/*
* Class representing one certificate. The raw cert data usually comes from
TPCertInfo(
const CSSM_DATA *certData,
CSSM_CL_HANDLE clHand,
+ const char *cssmTimeStr = NULL, // NULL ==> time base = right now
bool copyCertData = false); // true: we copy, we free
// false - caller owns
const CSSM_DATA *subjectName();
const CSSM_DATA *issuerName();
- bool isSelfSigned(); // i.e., subject == issuer
-
+ bool isSelfSigned() { return mIsRoot; }
+ bool isExpired() { return mExpired; }
+ bool isNotValidYet() { return mNotValidYet; }
+
+ unsigned index() { return mIndex; }
+ void index(unsigned dex) { mIndex = dex; }
+ bool isAnchor() { return mIsAnchor; }
+ void isAnchor(bool a) { mIsAnchor = a; }
+ unsigned numStatusCodes() { return mNumStatusCodes; }
+ CSSM_RETURN *statusCodes() { return mStatusCodes; }
+ void addStatusCode(CSSM_RETURN code);
+ CSSM_DL_DB_HANDLE dlDbHandle() { return mDlDbHandle; }
+ void dlDbHandle(CSSM_DL_DB_HANDLE hand)
+ { mDlDbHandle = hand; }
+ CSSM_DB_UNIQUE_RECORD_PTR uniqueRecord()
+ { return mUniqueRecord; }
+ void uniqueRecord(CSSM_DB_UNIQUE_RECORD_PTR rec)
+ { mUniqueRecord = rec; }
+
/*
* Verify validity (not before/after). Returns
* CSSMERR_TP_CERT_NOT_VALID_YET
CSSM_DATA_PTR mSubjectName; // always valid
CSSM_DATA_PTR mIssuerName; // always valid
+ /* maintained by caller, default at constructor 0/false */
+ unsigned mIndex;
+ bool mIsAnchor;
+ bool mIsFromDb;
+ unsigned mNumStatusCodes;
+ CSSM_RETURN *mStatusCodes;
+ CSSM_DL_DB_HANDLE mDlDbHandle;
+ CSSM_DB_UNIQUE_RECORD_PTR mUniqueRecord;
+
+ /* calculated implicitly at construction */
+ bool mExpired;
+ bool mNotValidYet;
+ bool mIsRoot; // i.e., subject == issuer
+
void releaseResources();
+ void calculateCurrent(
+ const char *cssmTimeStr = NULL); // set mExpired, mNotValidYet
- /* other field accessors here */
};
/*
* Convenience accessors for first and last cert, only valid when we have
* at least one cert.
*/
- TPCertInfo
- *firstCert();
- TPCertInfo
- *lastCert();
+ TPCertInfo *firstCert();
+ TPCertInfo *lastCert();
/* build a CSSM_CERTGROUP corresponding with our mCertInfo */
- CSSM_CERTGROUP_PTR
- buildCssmCertGroup();
+ CSSM_CERTGROUP_PTR buildCssmCertGroup();
+
+ /* build a CSSM_TP_APPLE_EVIDENCE_INFO array corresponding with our
+ * mCertInfo */
+ CSSM_TP_APPLE_EVIDENCE_INFO *buildCssmEvidenceInfo();
+
+ /* Given a status for basic construction of a cert group and a status
+ * of (optional) policy verification, plus the implicit notBefore/notAfter
+ * status in the certs, calculate a global return code. This just
+ * encapsulates a policy for CertGroupeConstruct and CertGroupVerify.
+ */
+ CSSM_RETURN getReturnCode(
+ CSSM_RETURN constructStatus,
+ CSSM_BOOL allowExpired,
+ CSSM_RETURN policyStatus = CSSM_OK);
+
+ CssmAllocator
+ &alloc() {return mAlloc; }
private:
CssmAllocator &mAlloc;
TPCertInfo *subjectCert,
TPCertInfo *issuerCert,
CSSM_BOOL checkIssuerCurrent,
- CSSM_BOOL allowExpired)
+ CSSM_BOOL allowExpired) // to be deleted
{
CSSM_RETURN crtn;
NULL, // VerifyScope
0); // ScopeSize
if(crtn == CSSM_OK) {
+ #if TP_CERT_CURRENT_CHECK_INLINE
if(checkIssuerCurrent) {
/* also verify validity of issuer */
crtn = issuerCert->isCurrent(allowExpired);
}
+ #endif
}
else {
/* general cert verify failure */
* certs can be found using the returned result handle.
*/
static CSSM_DB_UNIQUE_RECORD_PTR tpCertLookup(
- CSSM_TP_HANDLE tpHand,
CSSM_DL_DB_HANDLE dlDb,
- const CSSM_DATA_PTR subjectName, // DER-encoded
+ const CSSM_DATA *subjectName, // DER-encoded
CSSM_HANDLE_PTR resultHand,
CSSM_DATA_PTR cert) // RETURNED
{
CSSM_QUERY query;
CSSM_SELECTION_PREDICATE predicate;
- CSSM_BOOL EndOfDataStore;
- CSSM_DB_UNIQUE_RECORD_PTR record;
+ CSSM_DB_UNIQUE_RECORD_PTR record = NULL;
cert->Data = NULL;
cert->Length = 0;
+ /* SWAG until cert schema nailed down */
predicate.DbOperator = CSSM_DB_EQUAL;
predicate.Attribute.Info.AttributeNameFormat =
- CSSM_DB_ATTRIBUTE_NAME_AS_NUMBER; // may not be needed
- predicate.Attribute.Info.Attr.AttributeNumber = kSubjectKCItemAttr;
- predicate.Attribute.Value = *subjectName;
+ CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ predicate.Attribute.Info.Label.AttributeName = "Subject";
+ predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB;
+ predicate.Attribute.Value = const_cast<CSSM_DATA_PTR>(subjectName);
+ predicate.Attribute.NumberOfValues = 1;
- query.RecordType = CSSM_DL_DB_RECORD_CERT;
- query.NumSelectionPredicates = 1;
+ query.RecordType = CSSM_DL_DB_RECORD_X509_CERTIFICATE;
query.Conjunctive = CSSM_DB_NONE;
-
+ query.NumSelectionPredicates = 1;
query.SelectionPredicate = &predicate;
+ query.QueryLimits.TimeLimit = 0; // FIXME - meaningful?
+ query.QueryLimits.SizeLimit = 1; // FIXME - meaningful?
+ query.QueryFlags = 0; // FIXME - used?
- record = CSSM_DL_DataGetFirst(dlDb,
+ CSSM_DL_DataGetFirst(dlDb,
&query,
resultHand,
- &EndOfDataStore,
NULL, // don't fetch attributes
- cert);
+ cert,
+ &record);
return record;
}
/*
* Search a list of DBs for a cert which verifies specified subject cert.
* Just a boolean return - we found it, or not. If we did, we return
- * a pointer to the raw cert.
+ * TPCertInfo associated with the raw cert.
*
* Special case of subject cert expired indicated by *subjectExpired
* returned as something other than CSSM_OK.
*/
-CSSM_DATA_PTR tpFindIssuer(
- CSSM_TP_HANDLE tpHand,
+TPCertInfo *tpFindIssuer(
+ CssmAllocator &alloc,
CSSM_CL_HANDLE clHand,
CSSM_CSP_HANDLE cspHand,
- const CSSM_DATA_PTR subjectCert,
- const CSSM_DATA_PTR issuerName, // passed for convenience
- const CSSM_DB_LIST_PTR dbList,
+ TPCertInfo *subjectCert,
+ const CSSM_DATA *issuerName, // TBD - passed for convenience
+ const CSSM_DL_DB_LIST *dbList,
+ const char *cssmTimeStr, // may be NULL
CSSM_RETURN *issuerExpired) // RETURNED
{
uint32 dbDex;
CSSM_DATA_PTR cert; // we malloc
CSSM_DL_DB_HANDLE dlDb;
CSSM_DB_UNIQUE_RECORD_PTR record;
+ TPCertInfo *issuerCert = NULL;
- *subjectExpired = CSSM_OK;
+ *issuerExpired = CSSM_OK;
if(dbList == NULL) {
return NULL;
}
- cert = (CSSM_DATA_PTR)tpMalloc(tpHand, sizeof(CSSM_DATA));
+ cert = (CSSM_DATA_PTR)alloc.malloc(sizeof(CSSM_DATA));
cert->Data = NULL;
cert->Length = 0;
for(dbDex=0; dbDex<dbList->NumHandles; dbDex++) {
dlDb = dbList->DLDBHandle[dbDex];
- record = tpCertLookup(tpHand,
- dlDb,
+ record = tpCertLookup(dlDb,
issuerName,
&resultHand,
cert);
/* remember we have to abort this query regardless...*/
if(record != NULL) {
/* Found one. Does it verify the subject cert? */
- if(!tp_VerifyCert(tpHand,
- clHand,
+ issuerCert = new TPCertInfo(cert, clHand, cssmTimeStr, CSSM_TRUE);
+ if(tp_VerifyCert(clHand,
cspHand,
subjectCert,
- cert,
- issuerExpired)) {
+ issuerCert,
+ CSSM_FALSE, // check current, ignored
+ CSSM_FALSE)) { // allowExpired, ignored
+ delete issuerCert;
+ issuerCert = NULL;
+
/* special case - abort immediately if issuerExpired has expired */
if((*issuerExpired) != CSSM_OK) {
- CSSM_DL_AbortQuery(dlDb, resultHand);
+ CSSM_DL_DataAbortQuery(dlDb, resultHand);
goto abort;
}
* finding the holy grail or no more records found.
*/
for(;;) {
- CSSM_BOOL eod;
-
- tpFreeCssmData(tpHand, cert, CSSM_FALSE);
- record = CSSM_DL_DataGetNext(dlDb,
+ tpFreeCssmData(alloc, cert, CSSM_FALSE);
+ CSSM_RETURN crtn = CSSM_DL_DataGetNext(dlDb,
resultHand,
- &eod,
NULL, // no attrs
- cert);
- if(record == NULL) {
+ cert,
+ &record);
+ if(crtn) {
/* no more, done with this DB */
break;
}
/* found one - does it verify subject? */
- if(tp_VerifyCert(tpHand,
- clHand,
+ issuerCert = new TPCertInfo(cert, clHand, cssmTimeStr,
+ CSSM_TRUE);
+ if(tp_VerifyCert(clHand,
cspHand,
subjectCert,
- cert,
- issuerExpired)) {
+ issuerCert,
+ CSSM_FALSE,
+ CSSM_FALSE)) {
/* yes! */
break;
}
- else if((*issuerExpired) != CSSM_OK) {
- /* abort immediately */
- CSSM_DL_AbortQuery(dlDb, resultHand);
- goto abort;
- }
+ delete issuerCert;
+ issuerCert = NULL;
} /* searching subsequent records */
} /* verify fail */
/* else success! */
- if(record != NULL) {
+ if(issuerCert != NULL) {
/* successful return */
- CSSM_DL_AbortQuery(dlDb, resultHand);
- return cert;
+ CSSM_DL_DataAbortQuery(dlDb, resultHand);
+ issuerCert->dlDbHandle(dlDb);
+ issuerCert->uniqueRecord(record);
+ return issuerCert;
}
} /* tpCertLookup, i.e., CSSM_DL_DataGetFirst, succeeded */
/* in any case, abort the query for this db */
- CSSM_DL_AbortQuery(dlDb, resultHand);
+ CSSM_DL_DataAbortQuery(dlDb, resultHand);
} /* main loop searching dbList */
abort:
/* issuer not found */
- tpFreeCssmData(tpHand, cert, CSSM_TRUE);
+ tpFreeCssmData(alloc, cert, CSSM_TRUE);
return NULL;
}
/*
* Cheetah version of TP doesn't work with DLs.
*/
-#define TP_DL_ENABLE 0
+#define TP_DL_ENABLE 1
#ifdef __cplusplus
extern "C" {
CSSM_DATA_PTR value);
#if TP_DL_ENABLE
-CSSM_DATA_PTR
-tp_GetCertFromDBList( CSSM_TP_HANDLE hTP,
- CSSM_CL_HANDLE hCL,
- CSSM_SELECTION_PREDICATE_PTR pPredicate,
- uint32 NumberOfPredicates,
- const CSSM_DB_LIST_PTR pDBList );
-
-CSSM_DATA_PTR
-tp_GetCertFromDBListBySName( CSSM_TP_HANDLE hTP,
- CSSM_CL_HANDLE hCL,
- const CSSM_DATA_PTR pSubjectName,
- const CSSM_DB_LIST_PTR pDBList );
+TPCertInfo *tpFindIssuer(
+ CssmAllocator &alloc,
+ CSSM_CL_HANDLE clHand,
+ CSSM_CSP_HANDLE cspHand,
+ TPCertInfo *subjectCert,
+ const CSSM_DATA *issuerName, // passed for convenience
+ const CSSM_DL_DB_LIST *dbList,
+ const char *cssmTimeStr, // may be NULL
+ CSSM_RETURN *issuerExpired); // RETURNED
#endif /* TP_DL_ENABLE*/
const CSSM_DATA *cert1,
const CSSM_DATA *cert2);
-#if TP_DL_ENABLE
-/*
- * Search a list of DBs for a cert which verifies specified subject cert.
- * Just a boolean return - we found it, or not.
- */
-CSSM_DATA_PTR tpFindIssuer(
- CSSM_TP_HANDLE tpHand,
- CSSM_CL_HANDLE clHand,
- CSSM_CSP_HANDLE cspHand,
- const CSSM_DATA_PTR subjectCert,
- const CSSM_DATA_PTR issuerName, // passed for convenience
- const CSSM_DB_LIST_PTR dbList,
- CSSM_BOOL *subjectExpired); // RETURNED
-#endif
-
/*
* Given an OID, return the corresponding CSSM_ALGID.
*/
#include <Security/cssmtype.h>
#include "rootCerts.h"
+#if TP_ROOT_CERT_ENABLE
+
/*
* this static data is generated by extractCertFields, copy&pasted from
* its output into this source file
};
unsigned const numiSignRootCerts = sizeof(iSignRootCerts) / sizeof(tpRootCert);
+
+#endif /* TP_ROOT_CERT_ENABLE */
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please
+ * obtain a copy of the License at http://www.apple.com/publicsource and
+ * read it before using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please
+ * see the License for the specific language governing rights and
+ * limitations under the License.
+ */
+
+
+/*
+ File: rootCerts.cp
+
+ Contains: Bridge between SecTrustGetCSSMAnchorCertificates() and
+ TP's internally cached tpRootCert array.
+
+ Written by: Doug Mitchell.
+
+ Copyright: Copyright 2002 by Apple Computer, Inc., all rights reserved.
+
+*/
+
+#include "rootCerts.h"
+#include "certGroupUtils.h"
+#include <Security/Trust.h>
+#include <Security/TrustStore.h>
+#include <Security/debugging.h>
+#include <Security/oidscert.h>
+
+/* static in TPRootStore */
+ModuleNexus<TPRootStore> TPRootStore::tpGlobalRoots;
+
+TPRootStore::~TPRootStore()
+{
+ /*
+ * Technically this never gets called because the only instance
+ * of a TPRootStore is via tpGlobalRoots. Freeing mRootCerts
+ * here really doesn't accomplish anything.
+ */
+}
+
+const tpRootCert *TPRootStore::rootCerts(
+ CSSM_CL_HANDLE clHand,
+ unsigned &numRootCerts)
+{
+ StLock<Mutex> _(mLock);
+ if(mRootCerts) {
+ numRootCerts = mNumRootCerts;
+ return mRootCerts;
+ }
+
+ CssmAllocator &alloc(CssmAllocator::standard());
+ CertGroup roots;
+ tpRootCert *tpRoots = NULL; // copy to mRootCerts on success
+ unsigned numTpRoots = 0;
+
+ try {
+ /* Obtain system-wide root certs in blob format */
+ Security::KeychainCore::TrustStore &trustStore =
+ Security::KeychainCore::Trust::gStore();
+ trustStore.getCssmRootCertificates(roots);
+ if(roots.type() != CSSM_CERTGROUP_DATA) {
+ debug("tpAnchor", "Bad certGroup Type (%d)\n",
+ (int)roots.type());
+ return NULL;
+ }
+ numTpRoots = roots.count();
+ if(numTpRoots == 0) {
+ debug("tpAnchor", "empty certGroup\n");
+ return NULL;
+ }
+
+ /* set up tpRoots array, one for each cert in the group */
+ tpRoots =
+ (tpRootCert *)alloc.malloc(numTpRoots * sizeof(tpRootCert));
+ memset(tpRoots, 0, numTpRoots * sizeof(tpRootCert));
+ for(uint32 certNum=0; certNum<numTpRoots; certNum++) {
+ tpRootCert *tpRoot = &tpRoots[certNum];
+ const CSSM_DATA *certData = &((roots.blobCerts())[certNum]);
+
+ /* extract normalized subject name */
+ CSSM_DATA *field;
+ CSSM_HANDLE ResultsHandle;
+ uint32 numFields;
+ CSSM_RETURN crtn;
+ crtn = CSSM_CL_CertGetFirstFieldValue(
+ clHand,
+ certData,
+ &CSSMOID_X509V1SubjectName,
+ &ResultsHandle,
+ &numFields,
+ &field);
+ if(crtn) {
+ debug("tpAnchor", "GetFirstFieldValue error on cert %u",
+ (unsigned)certNum);
+ continue;
+ }
+ CSSM_CL_CertAbortQuery(clHand, ResultsHandle);
+ tpCopyCssmData(alloc, field, &tpRoot->subjectName);
+ CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SubjectName,
+ field);
+
+ /* extract public key info - the blob and key size in bits */
+ CSSM_KEY_PTR key;
+ crtn = CSSM_CL_CertGetKeyInfo(clHand, certData, &key);
+ if(crtn) {
+ debug("tpAnchor", "CSSM_CL_CertGetKeyInfo error on cert %u",
+ (unsigned)certNum);
+ /* clear out this tpRoot? */
+ continue;
+ }
+ tpCopyCssmData(alloc, &key->KeyData, &tpRoot->publicKey);
+ tpRoot->keySize = key->KeyHeader.LogicalKeySizeInBits;
+
+ /* A hole in the CDSA API: there is no free function at the
+ * CL API for this key. It got mallocd with clHand's
+ * allocator....
+ */
+ CSSM_API_MEMORY_FUNCS memFuncs;
+ crtn = CSSM_GetAPIMemoryFunctions(clHand, &memFuncs);
+ if(crtn) {
+ debug("tpAnchor", "CSSM_GetAPIMemoryFunctions error");
+ /* Oh well.. */
+ continue;
+ }
+ memFuncs.free_func(key->KeyData.Data, memFuncs.AllocRef);
+ memFuncs.free_func(key, memFuncs.AllocRef);
+ } /* main loop */
+ }
+ catch(...) {
+ /* TBD */
+ return NULL;
+ }
+ mNumRootCerts = numTpRoots;
+ numRootCerts = mNumRootCerts;
+ mRootCerts = tpRoots;
+ return mRootCerts;
+}
/*
File: rootCerts.h
- Contains: embedded iSign and SSL root certs - subject name
- and public keys
+ Contains: Interface to local cache of system-wide trusted root certs
Written by: Doug Mitchell.
#define _TP_ROOT_CERTS_H_
#include <Security/cssmtype.h>
+#include <Security/globalizer.h>
+#include <Security/threading.h>
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
+/*
+ * As of 3/18/02, use of the built-in root certs is disabled by default.
+ * Their use is enabled at in CSSM_TP_CertGroupVerify by the use of a
+ * private bit in CSSM_APPLE_TP_ACTION_DATA.ActionFlags.
+ * The presence of the root certs at all (at compile time) is controlled
+ * TP_ROOT_CERT_ENABLE.
+ */
+#define TP_ROOT_CERT_ENABLE 1
+
+#if TP_ROOT_CERT_ENABLE
/*
* Each one of these represents one known root cert.
*/
typedef struct {
- const CSSM_DATA * const subjectName; // normalized and DER-encoded
- const CSSM_DATA * const publicKey; // DER-encoded
- uint32 keySize;
+ CSSM_DATA subjectName; // normalized and DER-encoded
+ CSSM_DATA publicKey; // DER-encoded
+ uint32 keySize;
} tpRootCert;
-extern const tpRootCert iSignRootCerts[];
-extern const unsigned numiSignRootCerts;
-
-extern const tpRootCert sslRootCerts[];
-extern const unsigned numSslRootCerts;
-
-/* These certs are shared by SSL and iSign */
-extern const CSSM_DATA serverpremium_pubKey;
-extern const CSSM_DATA serverpremium_subject;
-extern const CSSM_DATA serverbasic_pubKey;
-extern const CSSM_DATA serverbasic_subject;
-extern const CSSM_DATA PCA3ss_v4_pubKey;
-extern const CSSM_DATA PCA3ss_v4_subject;
-
-#define ENABLE_APPLE_DEBUG_ROOT 0
-
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* _TP_ROOT_CERTS_H_ */
\ No newline at end of file
+/* One of these per process which caches the roots in tpRootCert format */
+class TPRootStore
+{
+public:
+ TPRootStore() : mRootCerts(NULL), mNumRootCerts(0) { }
+ ~TPRootStore();
+ const tpRootCert *rootCerts(
+ CSSM_CL_HANDLE clHand,
+ unsigned &numRootCerts);
+ static ModuleNexus<TPRootStore> tpGlobalRoots;
+
+private:
+ tpRootCert *mRootCerts;
+ unsigned mNumRootCerts;
+ Mutex mLock;
+};
+
+#endif /* TP_ROOT_CERT_ENABLE */
+
+#endif /* _TP_ROOT_CERTS_H_ */
#include <Security/cssmtype.h>
#include "rootCerts.h"
+#if TP_ROOT_CERT_ENABLE
/***********************
Cert File Name: Class1_PCA_G2_v2.cer
};
const unsigned numSslRootCerts = sizeof(sslRootCerts) / sizeof(tpRootCert);
+
+#endif /* TP_ROOT_CERT_ENABLE */
#include "TPCertInfo.h"
#include "tpPolicies.h"
#include "tpdebugging.h"
+#include "rootCerts.h"
#include <Security/oidsalg.h>
-
+#include <Security/cssmapple.h>
/*-----------------------------------------------------------------------------
* CertGroupConstruct
ConstructParams,
CertGroupFrag,
CSSM_FALSE, // allowExpired
+ NULL, // cssmTimeStr
tpCertGroup);
CertGroup = tpCertGroup->buildCssmCertGroup();
delete tpCertGroup;
const void *ConstructParams,
const CSSM_CERTGROUP &CertGroupFrag,
CSSM_BOOL allowExpired,
+ const char *cssmTimeStr, // May be NULL
TPCertGroup *&CertGroup)
{
TPCertGroup *inCertGroup; // unordered input certs
CssmError::throwMe(CSSMERR_TP_INVALID_CL_HANDLE);
}
if( (CertGroupFrag.NumCerts == 0) || // list is empty
- (CertGroupFrag.CertGroupType != CSSM_CERTGROUP_ENCODED_CERT) ||
+ (CertGroupFrag.CertGroupType != CSSM_CERTGROUP_DATA) ||
(CertGroupFrag.GroupList.CertList[0].Data == NULL) || // first cert empty
(CertGroupFrag.GroupList.CertList[0].Length == 0)) { // first cert empty
CssmError::throwMe(CSSMERR_CL_INVALID_CERTGROUP_POINTER);
try {
certInfo = new TPCertInfo(
&CertGroupFrag.GroupList.CertList[0],
- clHand);
+ clHand,
+ cssmTimeStr);
+ certInfo->index(0);
}
- catch(CssmError cerr) {
+ catch(const CssmError &cerr) {
outErr = CSSMERR_TP_INVALID_CERTIFICATE;
goto abort;
}
throw;
}
+ /* Add to outCertGroup even if it's not current */
+ outCertGroup->appendCert(certInfo);
+
+ #if TP_CERT_CURRENT_CHECK_INLINE
/* verify this first one is current */
outErr = certInfo->isCurrent(allowExpired);
if(outErr) {
goto abort;
}
-
- /* Add to outCertGroup */
- outCertGroup->appendCert(certInfo);
+ #endif
/* this'll be the first subject cert in the main loop */
subjectCert = certInfo;
for(certDex=1; certDex<CertGroupFrag.NumCerts; certDex++) {
try {
certInfo = new TPCertInfo(&CertGroupFrag.GroupList.CertList[certDex],
- clHand);
+ clHand,
+ cssmTimeStr);
}
catch (...) {
/* just ignore this cert */
continue;
}
+ certInfo->index(certDex);
inCertGroup->appendCert(certInfo);
}
case CSSMERR_TP_CERT_EXPIRED:
/* special case - abort immediateley (note the cert
* sig verify succeeded.) */
+ /*** for now we include this in the evidence ***/
+ outCertGroup->appendCert(subjectCert);
outErr = crtn;
goto abort;
default:
#if TP_DL_ENABLE
if(issuerCert == NULL) {
/* Issuer not in incoming cert group. Search DBList. */
- CSSM_DATA_PTR foundCert;
-
- foundCert = tpFindIssuer(tpHand,
+ CSSM_BOOL subjectExpired = CSSM_FALSE;
+ issuerCert = tpFindIssuer(*this,
clHand,
cspHand,
- subjectCert->certData(),
+ subjectCert,
subjectCert->issuerName(),
- DBList,
+ &DBList,
+ cssmTimeStr,
&subjectExpired);
if(subjectExpired) {
/* special case - abort immediately */
outErr = subjectExpired;
goto abort;
}
- if(foundCert != NULL) {
- /* set issuerCert for this found cert */
- issuerCert = new TPCertInfo(foundCert,
- clHand,
- true); // *do* copy
- /*
- * free cert data obtained from DB
- * FIXME: this assumes that OUR session allocators are the
- * same ones used by the DL to malloc this cert!
- * FIXME: handle exception here
- */
- tpFreeCssmData(*this, foundCert, CSSM_TRUE);
- }
} /* Issuer not in incoming cert group */
#endif /* TP_DL_ENABLE */
TPCertInfo *lastCert;
CSSM_BOOL verifiedToRoot = CSSM_FALSE;
TPPolicy policy;
- CSSM_RETURN outErr = CSSM_OK;
+ CSSM_RETURN constructReturn = CSSM_OK;
+ CSSM_RETURN policyReturn = CSSM_OK;
CSSM_RETURN crtn;
const CSSM_TP_CALLERAUTH_CONTEXT *cred;
CSSM_OID_PTR oid = NULL;
- CSSM_BOOL allowExpired = CSSM_FALSE;
TPCertGroup *tpCertGroup = NULL; // created by
// CertGroupConstructPriv
TPCertInfo *certInfo = NULL;
+ CSSM_BOOL allowExpired = CSSM_FALSE;
+ /* declare volatile as compiler workaround to avoid caching in CR4 */
+ const CSSM_APPLE_TP_ACTION_DATA * volatile actionData = NULL;
+ const CSSM_APPLE_TP_SSL_OPTIONS *sslOpts = NULL;
+ const CSSM_DATA *fieldVal;
+ CSSM_TIMESTRING cssmTimeStr;
/* verify input args, skipping the ones checked by CertGroupConstruct */
if((VerifyContext == NULL) || (VerifyContext->Cred == NULL)) {
}
cred = VerifyContext->Cred;
- /* allow cert expiration errors? */
- if(cred->Policy.PolicyControl == CSSM_TP_ALLOW_EXPIRE) {
- allowExpired = CSSM_TRUE;
- }
-
/* Check out requested policies */
switch(cred->Policy.NumberOfPolicyIds) {
case 0:
if(cred->Policy.PolicyIds == NULL) {
CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS);
}
-
- /*
- * none of the supported policies allow any additional params
- */
- if((cred->Policy.PolicyIds->FieldValue.Data != NULL) ||
- (cred->Policy.PolicyIds->FieldValue.Length != 0)) {
- CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS);
- }
- oid = &cred->Policy.PolicyIds->FieldOid;
+ fieldVal = &cred->Policy.PolicyIds->FieldValue;
+ oid = &cred->Policy.PolicyIds->FieldOid;
if(tpCompareOids(oid, &CSSMOID_APPLE_ISIGN)) {
policy = kTPiSign;
+ /* no options */
+ if(fieldVal->Data != NULL) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS);
+ }
}
else if(tpCompareOids(oid, &CSSMOID_APPLE_X509_BASIC)) {
policy = kTPx509Basic;
+ /* no options */
+ if(fieldVal->Data != NULL) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS);
+ }
}
else if(tpCompareOids(oid, &CSSMOID_APPLE_TP_SSL)) {
policy = kTP_SSL;
+ /* SSL-specific options */
+ sslOpts = (CSSM_APPLE_TP_SSL_OPTIONS *)fieldVal->Data;
+ if(sslOpts != NULL) {
+ switch(sslOpts->Version) {
+ case CSSM_APPLE_TP_SSL_OPTS_VERSION:
+ if(fieldVal->Length !=
+ sizeof(CSSM_APPLE_TP_SSL_OPTIONS)) {
+ CssmError::throwMe(
+ CSSMERR_TP_INVALID_POLICY_IDENTIFIERS);
+ }
+ break;
+ /* handle backwards compatibility here if necessary */
+ default:
+ CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS);
+ }
+ }
}
else {
/* unknown TP OID */
CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS);
}
+ /* Optional ActionData affecting all policies */
+ actionData = (CSSM_APPLE_TP_ACTION_DATA * volatile)VerifyContext->ActionData.Data;
+ if(actionData != NULL) {
+ switch(actionData->Version) {
+ case CSSM_APPLE_TP_ACTION_VERSION:
+ if(VerifyContext->ActionData.Length !=
+ sizeof(CSSM_APPLE_TP_ACTION_DATA)) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA);
+ }
+ break;
+ /* handle backwards versions here if we ever go byond version 0 */
+ default:
+ CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA);
+ }
+ if(actionData->ActionFlags & CSSM_TP_ACTION_ALLOW_EXPIRED) {
+ allowExpired = CSSM_TRUE;
+ }
+ }
+
+ /* optional, may be NULL */
+ cssmTimeStr = cred->VerifyTime;
+
/* now the args we can't deal with */
if(cred->CallerCredentials != NULL) {
CssmError::throwMe(CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER);
NULL,
CertGroupToBeVerified,
allowExpired,
+ cssmTimeStr,
tpCertGroup);
}
- catch(CssmError cerr) {
- outErr = cerr.cssmError();
- goto out;
+ catch(const CssmError &cerr) {
+ constructReturn = cerr.cssmError();
+ /* abort if no certs found */
+ if((tpCertGroup == NULL) || (tpCertGroup->numCerts() == 0)) {
+ CssmError::throwMe(constructReturn);
+ }
+ /* else press on, collecting as much info as we can */
}
/* others are way fatal */
CASSERT(tpCertGroup != NULL);
for(i=0; i<cred->NumberOfAnchorCerts; i++) {
if(tp_CompareCerts(lastCert->certData(), &cred->AnchorCerts[i])) {
/* one fully successful return */
- outErr = CSSM_OK;
goto out;
}
}
/* verified to a root cert which is not an anchor */
- outErr = CSSMERR_TP_INVALID_ANCHOR_CERT;
+ constructReturn = CSSMERR_TP_INVALID_ANCHOR_CERT;
goto out;
}
/* try to validate lastCert with anchor certs */
- /* note we're skipping the subject/issuer check...OK? */
for(i=0; i<cred->NumberOfAnchorCerts; i++) {
try {
certInfo = new TPCertInfo(&cred->AnchorCerts[i],
- clHand);
+ clHand,
+ cssmTimeStr);
}
catch(...) {
/* bad anchor cert - ignore it */
continue;
}
+ if(!tpIsSameName(lastCert->issuerName(), certInfo->subjectName())) {
+ /* not this anchor */
+ delete certInfo;
+ continue;
+ }
crtn = tp_VerifyCert(clHand,
cspHand,
lastCert,
switch(crtn) {
case CSSM_OK:
/* The other normal fully successful return. */
- outErr = CSSM_OK;
if(certInfo->isSelfSigned()) {
verifiedToRoot = CSSM_TRUE;
}
*/
try {
tpCertGroup->appendCert(certInfo);
+ certInfo->isAnchor(true);
+ certInfo->index(i);
}
catch(...) {
/* shoot - must be memory error */
verifiedToRoot = CSSM_FALSE;
delete certInfo;
- outErr = CSSMERR_TP_MEMORY_ERROR;
+ constructReturn = CSSMERR_TP_MEMORY_ERROR;
}
goto out;
+ #if TP_CERT_CURRENT_CHECK_INLINE
case CSSMERR_TP_CERT_NOT_VALID_YET:
case CSSMERR_TP_CERT_EXPIRED:
/* special case - abort immediateley */
delete certInfo;
- outErr = crtn;
+ constructReturn = crtn;
goto out;
+ #endif /* TP_CERT_CURRENT_CHECK_INLINE */
+
default:
/* continue to next anchor */
delete certInfo;
} /* for each anchor */
/* partial chain, no root, not verifiable by anchor */
- outErr = CSSMERR_TP_NOT_TRUSTED;
+ constructReturn = CSSMERR_TP_NOT_TRUSTED;
/* common exit - error or success */
out:
* SSL: CSSMERR_TP_NOT_TRUSTED and CSSMERR_TP_INVALID_ANCHOR_CERT
* are both special cases which can result in full success.
*/
- if((policy == kTP_SSL) && (outErr == CSSMERR_TP_NOT_TRUSTED)) {
+ #if TP_ROOT_CERT_ENABLE
+ if((policy == kTP_SSL) &&
+ (constructReturn == CSSMERR_TP_NOT_TRUSTED) &&
+ (actionData != NULL) &&
+ (actionData->ActionFlags & 0x80000000)) {// The secret "enable root cert check" flag
/* see if last cert can be verified by an embedded SSL root */
certInfo = tpCertGroup->lastCert();
CSSM_BOOL brtn = tp_verifyWithSslRoots(clHand,
/* SSL success with no incoming root */
/* note unknown incoming root (INVALID_ANCHOR_CERT) is handled
* below, after tp_policyVerify */
- outErr = CSSM_OK;
+ constructReturn = CSSM_OK;
}
}
- if((outErr == CSSM_OK) || // full success so far
- (outErr == CSSMERR_TP_INVALID_ANCHOR_CERT)) { // OK, but root not an anchor
-
- CSSM_RETURN crtn = tp_policyVerify(policy,
+ #endif /* TP_ROOT_CERT_ENABLE */
+ if(tpCertGroup->numCerts() != 0) {
+ /* policy check if we saw even one cert */
+ policyReturn = tp_policyVerify(policy,
*this,
clHand,
cspHand,
tpCertGroup,
- verifiedToRoot);
- if(crtn) {
- /* don't override existing INVALID_ANCHOR_CERT on policy success */
- outErr = crtn;
- }
- else if((outErr == CSSMERR_TP_INVALID_ANCHOR_CERT) && (policy == kTP_SSL)) {
+ verifiedToRoot,
+ actionData,
+ sslOpts,
+ cred->Policy.PolicyControl); // not currently used
+ #if TP_ROOT_CERT_ENABLE
+ if((policyReturn == CSSM_OK) &&
+ (constructReturn == CSSMERR_TP_INVALID_ANCHOR_CERT) &&
+ (policy == kTP_SSL) &&
+ (actionData != NULL) &&
+ (actionData->ActionFlags & 0x80000000)) {
+ /* The secret "enable root cert check" flag... */
/* SSL - found a good anchor, move to full success */
- outErr = CSSM_OK;
+ constructReturn = CSSM_OK;
}
+ #endif
}
/* return evidence - i.e., current chain - if asked to */
if(VerifyContextResult != NULL) {
- /* The spec is utterly bogus. We're going to punt and use
- * CSSM_EVIDENCE_FORM_UNSPECIFIC to mean just a pointer to
- * a CSSM_CERTGROUP. How's that!?
+ /*
+ * VerifyContextResult->Evidence[0] : CSSM_TP_APPLE_EVIDENCE_HEADER
+ * VerifyContextResult->Evidence[1] : CSSM_CERTGROUP
+ * VerifyContextResult->Evidence[2] : CSSM_TP_APPLE_EVIDENCE_INFO
*/
- VerifyContextResult->NumberOfEvidences = 1;
+ VerifyContextResult->NumberOfEvidences = 3;
VerifyContextResult->Evidence =
- (CSSM_EVIDENCE_PTR)malloc(sizeof(CSSM_EVIDENCE));
- VerifyContextResult->Evidence->EvidenceForm = CSSM_EVIDENCE_FORM_UNSPECIFIC;
- VerifyContextResult->Evidence->Evidence =
- tpCertGroup->buildCssmCertGroup();
+ (CSSM_EVIDENCE_PTR)calloc(3, sizeof(CSSM_EVIDENCE));
+
+ CSSM_TP_APPLE_EVIDENCE_HEADER *hdr =
+ (CSSM_TP_APPLE_EVIDENCE_HEADER *)malloc(sizeof(CSSM_TP_APPLE_EVIDENCE_HEADER));
+ hdr->Version = CSSM_TP_APPLE_EVIDENCE_VERSION;
+ CSSM_EVIDENCE_PTR ev = &VerifyContextResult->Evidence[0];
+ ev->EvidenceForm = CSSM_EVIDENCE_FORM_APPLE_HEADER;
+ ev->Evidence = hdr;
+
+ ev = &VerifyContextResult->Evidence[1];
+ ev->EvidenceForm = CSSM_EVIDENCE_FORM_APPLE_CERTGROUP;
+ ev->Evidence = tpCertGroup->buildCssmCertGroup();
+
+ ev = &VerifyContextResult->Evidence[2];
+ ev->EvidenceForm = CSSM_EVIDENCE_FORM_APPLE_CERT_INFO;
+ ev->Evidence = tpCertGroup->buildCssmEvidenceInfo();
+
}
-
- /* delete (internaluse only) TPCertGroup */
+ CSSM_RETURN outErr = tpCertGroup->getReturnCode(constructReturn,
+ allowExpired, policyReturn);
+
+ /* delete (internal use only) TPCertGroup */
delete tpCertGroup;
if(outErr) {
CssmError::throwMe(outErr);
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * tpCredRequest.cpp - credential request functions SubmitCredRequest,
+ * RetrieveCredResult
+ *
+ * Created 1/24/2002 by Doug Mitchell.
+ */
+
+#include "AppleTPSession.h"
+#include "certGroupUtils.h"
+#include "tpdebugging.h"
+#include "tpTime.h"
+#include <Security/oidsalg.h>
+#include <Security/oidscert.h>
+#include <Security/cssmapple.h>
+#include <Security/cssmerrno.h>
+#include <Security/debugging.h>
+#include <Security/cssmapple.h>
+#include <assert.h>
+
+#define tpCredDebug(args...) debug("tpCred", ## args)
+
+/*
+ * Build up a CSSM_X509_NAME from an arbitrary list of name/OID pairs.
+ * We do one a/v pair per RDN.
+ */
+CSSM_X509_NAME * AppleTPSession::buildX509Name(
+ const CSSM_APPLE_TP_NAME_OID *nameArray,
+ unsigned numNames)
+{
+ CSSM_X509_NAME *top = (CSSM_X509_NAME *)malloc(sizeof(CSSM_X509_NAME));
+ top->numberOfRDNs = numNames;
+ top->RelativeDistinguishedName =
+ (CSSM_X509_RDN_PTR)malloc(sizeof(CSSM_X509_RDN) * numNames);
+ CSSM_X509_RDN_PTR rdn;
+ const CSSM_APPLE_TP_NAME_OID *nameOid;
+ unsigned nameDex;
+ for(nameDex=0; nameDex<numNames; nameDex++) {
+ rdn = &top->RelativeDistinguishedName[nameDex];
+ nameOid = &nameArray[nameDex];
+ rdn->numberOfPairs = 1;
+ rdn->AttributeTypeAndValue = (CSSM_X509_TYPE_VALUE_PAIR_PTR)
+ malloc(sizeof(CSSM_X509_TYPE_VALUE_PAIR));
+ CSSM_X509_TYPE_VALUE_PAIR_PTR atvp = rdn->AttributeTypeAndValue;
+ tpCopyCssmData(*this, nameOid->oid, &atvp->type);
+ atvp->valueType = BER_TAG_PRINTABLE_STRING;
+ atvp->value.Length = strlen(nameOid->string);
+ atvp->value.Data = (uint8 *)malloc(atvp->value.Length);
+ memmove(atvp->value.Data, nameOid->string, atvp->value.Length);
+ }
+ return top;
+}
+
+/* free the CSSM_X509_NAME obtained from buildX509Name */
+void AppleTPSession::freeX509Name(
+ CSSM_X509_NAME *top)
+{
+ if(top == NULL) {
+ return;
+ }
+ unsigned nameDex;
+ CSSM_X509_RDN_PTR rdn;
+ for(nameDex=0; nameDex<top->numberOfRDNs; nameDex++) {
+ rdn = &top->RelativeDistinguishedName[nameDex];
+ if(rdn->AttributeTypeAndValue) {
+ for(unsigned aDex=0; aDex<rdn->numberOfPairs; aDex++) {
+ CSSM_X509_TYPE_VALUE_PAIR_PTR atvp =
+ &rdn->AttributeTypeAndValue[aDex];
+ free(atvp->type.Data);
+ free(atvp->value.Data);
+ }
+ free(rdn->AttributeTypeAndValue);
+ }
+ }
+ free(top->RelativeDistinguishedName);
+ free(top);
+}
+
+/* Obtain a CSSM_X509_TIME representing "now" plus specified seconds */
+
+/*
+ * Although RFC 2459, *the* spec for X509 certs, allows for not before/after
+ * times to be expressed in ther generalized (4-digit year) or UTC (2-digit year
+ * with implied century rollover), IE 5 on Mac will not accept the generalized
+ * format.
+ */
+#define TP_FOUR_DIGIT_YEAR 0
+#if TP_FOUR_DIGIT_YEAR
+#define TP_TIME_FORMAT TIME_GEN
+#define TP_TIME_TAG BER_TAG_GENERALIZED_TIME
+#else
+#define TP_TIME_FORMAT TIME_UTC
+#define TP_TIME_TAG BER_TAG_UTC_TIME
+#endif /* TP_FOUR_DIGIT_YEAR */
+
+CSSM_X509_TIME * AppleTPSession::buildX509Time(
+ unsigned secondsFromNow)
+{
+ CSSM_X509_TIME *xtime = (CSSM_X509_TIME *)malloc(sizeof(CSSM_X509_TIME));
+ xtime->timeType = TP_TIME_TAG;
+ char *ts = (char *)malloc(GENERALIZED_TIME_STRLEN + 1);
+ {
+ StLock<Mutex> _(tpTimeLock());
+ timeAtNowPlus(secondsFromNow, TP_TIME_FORMAT, ts);
+ }
+ xtime->time.Data = (uint8 *)ts;
+ xtime->time.Length = strlen(ts);
+ return xtime;
+}
+
+/* Free CSSM_X509_TIME obtained in buildX509Time */
+void AppleTPSession::freeX509Time(
+ CSSM_X509_TIME *xtime)
+{
+ if(xtime == NULL) {
+ return;
+ }
+ free((char *)xtime->time.Data);
+ free(xtime);
+}
+
+/*
+ * Cook up a CSSM_DATA with specified integer, DER style (minimum number of
+ * bytes, big-endian).
+ */
+static void intToDER(
+ uint32 theInt,
+ CSSM_DATA &DER_Data,
+ CssmAllocator &alloc)
+{
+ if(theInt < 0x100) {
+ DER_Data.Length = 1;
+ DER_Data.Data = (uint8 *)alloc.malloc(1);
+ DER_Data.Data[0] = (unsigned char)(theInt);
+ }
+ else if(theInt < 0x10000) {
+ DER_Data.Length = 2;
+ DER_Data.Data = (uint8 *)alloc.malloc(2);
+ DER_Data.Data[0] = (unsigned char)(theInt >> 8);
+ DER_Data.Data[1] = (unsigned char)(theInt);
+ }
+ else if(theInt < 0x1000000) {
+ DER_Data.Length = 3;
+ DER_Data.Data = (uint8 *)alloc.malloc(3);
+ DER_Data.Data[0] = (unsigned char)(theInt >> 16);
+ DER_Data.Data[1] = (unsigned char)(theInt >> 8);
+ DER_Data.Data[2] = (unsigned char)(theInt);
+ }
+ else {
+ DER_Data.Length = 4;
+ DER_Data.Data = (uint8 *)alloc.malloc(4);
+ DER_Data.Data[0] = (unsigned char)(theInt >> 24);
+ DER_Data.Data[1] = (unsigned char)(theInt >> 16);
+ DER_Data.Data[2] = (unsigned char)(theInt >> 8);
+ DER_Data.Data[3] = (unsigned char)(theInt);
+ }
+}
+
+/* The reverse of the above. */
+static uint32 DERToInt(
+ const CSSM_DATA &DER_Data)
+{
+ uint32 rtn = 0;
+ uint8 *bp = DER_Data.Data;
+ for(unsigned dex=0; dex<DER_Data.Length; dex++) {
+ rtn <<= 8;
+ rtn |= *bp++;
+ }
+ return rtn;
+}
+
+/* Convert a reference key to a raw key. */
+void AppleTPSession::refKeyToRaw(
+ CSSM_CSP_HANDLE cspHand,
+ const CSSM_KEY *refKey,
+ CSSM_KEY_PTR rawKey) // RETURNED
+{
+ CSSM_CC_HANDLE ccHand;
+ CSSM_RETURN crtn;
+ CSSM_ACCESS_CREDENTIALS creds;
+
+ memset(rawKey, 0, sizeof(CSSM_KEY));
+ memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
+ crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
+ CSSM_ALGID_NONE,
+ CSSM_ALGMODE_NONE,
+ &creds, // passPhrase
+ NULL, // wrapping key
+ NULL, // init vector
+ CSSM_PADDING_NONE, // Padding
+ 0, // Params
+ &ccHand);
+ if(crtn) {
+ tpCredDebug("AppleTPSession::refKeyToRaw: context err");
+ CssmError::throwMe(crtn);
+ }
+ crtn = CSSM_WrapKey(ccHand,
+ &creds,
+ refKey,
+ NULL, // DescriptiveData
+ rawKey);
+ if(crtn != CSSM_OK) {
+ tpCredDebug("AppleTPSession::refKeyToRaw: wrapKey err");
+ CssmError::throwMe(crtn);
+ }
+ CSSM_DeleteContext(ccHand);
+}
+
+
+/*
+ * Cook up an unsigned cert.
+ * This is just a wrapper for CSSM_CL_CertCreateTemplate().
+ */
+void AppleTPSession::makeCertTemplate(
+ /* required */
+ CSSM_CL_HANDLE clHand,
+ CSSM_CSP_HANDLE cspHand, // for converting ref to raw key
+ uint32 serialNumber,
+ const CSSM_X509_NAME *issuerName,
+ const CSSM_X509_NAME *subjectName,
+ const CSSM_X509_TIME *notBefore,
+ const CSSM_X509_TIME *notAfter,
+ const CSSM_KEY *subjectPubKey,
+ const CSSM_OID &sigOid, // e.g., CSSMOID_SHA1WithRSA
+ /* optional */
+ const CSSM_DATA *subjectUniqueId,
+ const CSSM_DATA *issuerUniqueId,
+ CSSM_X509_EXTENSION *extensions,
+ unsigned numExtensions,
+ CSSM_DATA_PTR &rawCert)
+{
+ CSSM_FIELD *certTemp;
+ unsigned fieldDex = 0; // index into certTemp
+ CSSM_DATA serialDER = {0, NULL}; // serial number, DER format
+ CSSM_DATA versionDER = {0, NULL};
+ unsigned extNum;
+ CSSM_X509_ALGORITHM_IDENTIFIER algId;
+ const CSSM_KEY *actPubKey;
+ CSSM_KEY rawPubKey;
+ CSSM_BOOL freeRawKey = CSSM_FALSE;
+
+ rawCert = NULL;
+ algId.algorithm = sigOid;
+ algId.parameters.Data = NULL;
+ algId.parameters.Length = 0;
+
+ /*
+ * Convert possible ref public key to raw format as required by CL.
+ */
+ switch(subjectPubKey->KeyHeader.BlobType) {
+ case CSSM_KEYBLOB_RAW:
+ actPubKey = subjectPubKey;
+ break;
+ case CSSM_KEYBLOB_REFERENCE:
+ refKeyToRaw(cspHand, subjectPubKey, &rawPubKey);
+ actPubKey = &rawPubKey;
+ freeRawKey = CSSM_TRUE;
+ break;
+ default:
+ tpCredDebug("CSSM_CL_CertCreateTemplate: bad key blob type (%u)",
+ (unsigned)subjectPubKey->KeyHeader.BlobType);
+ CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS);
+ }
+
+
+ /*
+ * version, always 2 (X509v3)
+ * serialNumber thru subjectPubKey
+ */
+ unsigned numFields = 8 + numExtensions;
+ if(subjectUniqueId) {
+ numFields++;
+ }
+ if(issuerUniqueId) {
+ numFields++;
+ }
+
+ certTemp = (CSSM_FIELD *)malloc(sizeof(CSSM_FIELD) * numFields);
+
+
+ /* version */
+ intToDER(2, versionDER, *this);
+ certTemp[fieldDex].FieldOid = CSSMOID_X509V1Version;
+ certTemp[fieldDex++].FieldValue = versionDER;
+
+ /* serial number */
+ intToDER(serialNumber, serialDER, *this);
+ certTemp[fieldDex].FieldOid = CSSMOID_X509V1SerialNumber;
+ certTemp[fieldDex++].FieldValue = serialDER;
+
+ /* subject and issuer name */
+ certTemp[fieldDex].FieldOid = CSSMOID_X509V1IssuerNameCStruct;
+ certTemp[fieldDex].FieldValue.Data = (uint8 *)issuerName;
+ certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_NAME);
+
+ certTemp[fieldDex].FieldOid = CSSMOID_X509V1SubjectNameCStruct;
+ certTemp[fieldDex].FieldValue.Data = (uint8 *)subjectName;
+ certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_NAME);
+
+ /* not before/after */
+ certTemp[fieldDex].FieldOid = CSSMOID_X509V1ValidityNotBefore;
+ certTemp[fieldDex].FieldValue.Data = (uint8 *)notBefore;
+ certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_TIME);
+
+ certTemp[fieldDex].FieldOid = CSSMOID_X509V1ValidityNotAfter;
+ certTemp[fieldDex].FieldValue.Data = (uint8 *)notAfter;
+ certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_TIME);
+
+ /* the subject key */
+ certTemp[fieldDex].FieldOid = CSSMOID_CSSMKeyStruct;
+ certTemp[fieldDex].FieldValue.Data = (uint8 *)actPubKey;
+ certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_KEY);
+
+ /* signature algorithm */
+ certTemp[fieldDex].FieldOid = CSSMOID_X509V1SignatureAlgorithmTBS;
+ certTemp[fieldDex].FieldValue.Data = (uint8 *)&algId;
+ certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_ALGORITHM_IDENTIFIER);
+
+ /* subject/issuer unique IDs */
+ if(subjectUniqueId != 0) {
+ certTemp[fieldDex].FieldOid = CSSMOID_X509V1CertificateSubjectUniqueId;
+ certTemp[fieldDex++].FieldValue = *subjectUniqueId;
+ }
+ if(issuerUniqueId != 0) {
+ certTemp[fieldDex].FieldOid = CSSMOID_X509V1CertificateIssuerUniqueId;
+ certTemp[fieldDex++].FieldValue = *issuerUniqueId;
+ }
+
+ for(extNum=0; extNum<numExtensions; extNum++) {
+ CSSM_X509_EXTENSION_PTR ext = &extensions[extNum];
+ if(ext->format == CSSM_X509_DATAFORMAT_PARSED) {
+ certTemp[fieldDex].FieldOid = ext->extnId;
+ }
+ else {
+ certTemp[fieldDex].FieldOid = CSSMOID_X509V3CertificateExtensionCStruct;
+ }
+ certTemp[fieldDex].FieldValue.Data = (uint8 *)ext;
+ certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_EXTENSION);
+ }
+ assert(fieldDex == numFields);
+
+ /*
+ * OK, here we go
+ */
+ rawCert = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA));
+ rawCert->Data = NULL;
+ rawCert->Length = 0;
+ CSSM_RETURN crtn = CSSM_CL_CertCreateTemplate(clHand,
+ fieldDex,
+ certTemp,
+ rawCert);
+ if(crtn) {
+ tpCredDebug("CSSM_CL_CertCreateTemplate returned %s",
+ cssmErrorString(crtn).c_str());
+ free(rawCert->Data);
+ free(rawCert);
+ rawCert = NULL;
+ }
+
+ /* free the stuff we mallocd to get here */
+ free(serialDER.Data);
+ free(versionDER.Data);
+ free(certTemp);
+ if(freeRawKey) {
+ tpFreeCssmData(*this, &rawPubKey.KeyData, CSSM_FALSE);
+ }
+ if(crtn) {
+ CssmError::throwMe(crtn);
+ }
+}
+
+/* given a cert and a ReferenceIdentifier, fill in ReferenceIdentifier and
+ * add it and the cert to tpCredMap. */
+void AppleTPSession::addCertToMap(
+ const CSSM_DATA *cert,
+ CSSM_DATA_PTR refId)
+{
+ StLock<Mutex> _(tpCredMapLock);
+
+ TpCredHandle hand = reinterpret_cast<TpCredHandle>(cert);
+ intToDER(hand, *refId, *this);
+ tpCredMap[hand] = cert;
+}
+
+/* given a ReferenceIdentifier, obtain associated cert and remove from the map */
+CSSM_DATA_PTR AppleTPSession::getCertFromMap(
+ const CSSM_DATA *refId)
+{
+ StLock<Mutex> _(tpCredMapLock);
+ CSSM_DATA_PTR rtn = NULL;
+
+ if((refId == NULL) || (refId->Data == NULL)) {
+ return NULL;
+ }
+ TpCredHandle hand = DERToInt(*refId);
+ credMap::iterator it = tpCredMap.find(hand);
+ if(it == tpCredMap.end()) {
+ return NULL;
+ }
+ rtn = const_cast<CSSM_DATA *>(it->second);
+ tpCredMap.erase(hand);
+ return rtn;
+}
+
+/*
+ * SubmitCredRequest, CSR form.
+ */
+void AppleTPSession::SubmitCsrRequest(
+ const CSSM_TP_REQUEST_SET &RequestInput,
+ sint32 &EstimatedTime, // RETURNED
+ CssmData &ReferenceIdentifier) // RETURNED
+{
+ CSSM_DATA_PTR csrPtr = NULL;
+ CSSM_CC_HANDLE sigHand = 0;
+ CSSM_APPLE_CL_CSR_REQUEST csrReq;
+
+ memset(&csrReq, 0, sizeof(csrReq));
+
+ /* for now we're using the same struct for input as the the normal
+ * X509 cert request. */
+ CSSM_APPLE_TP_CERT_REQUEST *certReq =
+ (CSSM_APPLE_TP_CERT_REQUEST *)RequestInput.Requests;
+ if((certReq->cspHand == 0) ||
+ (certReq->clHand == 0) ||
+ (certReq->certPublicKey == NULL) ||
+ (certReq->issuerPrivateKey == NULL) ||
+ (certReq->signatureOid.Data == NULL)) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS);
+ }
+ if((certReq->subjectNames == NULL) ||
+ (certReq->numSubjectNames == 0)) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_NAME);
+ }
+
+ /* convert ref public key to raw per CL requirements */
+ const CSSM_KEY *subjectPubKey = certReq->certPublicKey;
+ const CSSM_KEY *actPubKey = NULL;
+ CSSM_BOOL freeRawKey = CSSM_FALSE;
+ CSSM_KEY rawPubKey;
+
+ switch(subjectPubKey->KeyHeader.BlobType) {
+ case CSSM_KEYBLOB_RAW:
+ actPubKey = subjectPubKey;
+ break;
+ case CSSM_KEYBLOB_REFERENCE:
+ refKeyToRaw(certReq->cspHand, subjectPubKey, &rawPubKey);
+ actPubKey = &rawPubKey;
+ freeRawKey = CSSM_TRUE;
+ break;
+ default:
+ tpCredDebug("SubmitCsrRequest: bad key blob type (%u)",
+ (unsigned)subjectPubKey->KeyHeader.BlobType);
+ CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS);
+ }
+
+ /* cook up a CL-passthrough-specific request */
+ csrReq.subjectNameX509 = buildX509Name(certReq->subjectNames,
+ certReq->numSubjectNames);
+ csrReq.signatureAlg = certReq->signatureAlg;
+ csrReq.signatureOid = certReq->signatureOid;
+ csrReq.cspHand = certReq->cspHand;
+ csrReq.subjectPublicKey = actPubKey;
+ csrReq.subjectPrivateKey = certReq->issuerPrivateKey;
+ csrReq.challengeString = certReq->challengeString;
+
+ /* A crypto handle to pass to the CL */
+ CSSM_RETURN crtn;
+ crtn = CSSM_CSP_CreateSignatureContext(certReq->cspHand,
+ certReq->signatureAlg,
+ NULL, // AccessCred
+ certReq->issuerPrivateKey,
+ &sigHand);
+ if(crtn) {
+ tpCredDebug("CSSM_CSP_CreateSignatureContext returned %s",
+ cssmErrorString(crtn).c_str());
+ goto abort;
+ }
+
+ /* down to the CL to do the actual work */
+ crtn = CSSM_CL_PassThrough(certReq->clHand,
+ sigHand,
+ CSSM_APPLEX509CL_OBTAIN_CSR,
+ &csrReq,
+ (void **)&csrPtr);
+ if(crtn) {
+ tpCredDebug("CSSM_CSP_CreateSignatureContext returned %s",
+ cssmErrorString(crtn).c_str());
+ goto abort;
+ }
+
+ /* save it for retrieval by RetrieveCredResult */
+ addCertToMap(csrPtr, &ReferenceIdentifier);
+ EstimatedTime = 0;
+
+abort:
+ /* free local resources */
+ if(csrReq.subjectNameX509) {
+ freeX509Name(csrReq.subjectNameX509);
+ }
+ if(sigHand) {
+ CSSM_DeleteContext(sigHand);
+ }
+ if(freeRawKey) {
+ tpFreeCssmData(*this, &rawPubKey.KeyData, CSSM_FALSE);
+ }
+ if(crtn) {
+ CssmError::throwMe(crtn);
+ }
+}
+
+/*
+ * Submit cred (cert) request. Currently the only form of request we
+ * handle is the basis "sign this cert with key right now", with policy OI
+ * CSSMOID_APPLE_TP_LOCAL_CERT_GEN.
+ */
+void AppleTPSession::SubmitCredRequest(
+ const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
+ CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType,
+ const CSSM_TP_REQUEST_SET &RequestInput,
+ const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
+ sint32 &EstimatedTime,
+ CssmData &ReferenceIdentifier)
+{
+ /* free all of these on return if non-NULL */
+ CSSM_DATA_PTR certTemplate = NULL;
+ CSSM_X509_TIME_PTR notBeforeX509 = NULL;
+ CSSM_X509_TIME_PTR notAfterX509 = NULL;
+ CSSM_X509_NAME_PTR subjectX509 = NULL;
+ CSSM_X509_NAME_PTR issuerX509 = NULL;
+ CSSM_X509_EXTENSION_PTR extens509 = NULL;
+ CSSM_CC_HANDLE sigContext = 0;
+
+ /* this gets saved on success */
+ CSSM_DATA_PTR signedCert = NULL;
+
+ /* validate rather limited set of input args */
+ if(PreferredAuthority != NULL) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_AUTHORITY);
+ }
+ if(RequestType != CSSM_TP_AUTHORITY_REQUEST_CERTISSUE) {
+ CssmError::throwMe(CSSMERR_TP_UNSUPPORTED_SERVICE);
+ }
+ if(CallerAuthContext == NULL) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER);
+ }
+ if((RequestInput.NumberOfRequests != 1) ||
+ (RequestInput.Requests == NULL)) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS);
+ }
+
+ /* Apple-specific args */
+ const CSSM_TP_POLICYINFO *tpPolicy = &CallerAuthContext->Policy;
+ if((tpPolicy->NumberOfPolicyIds != 1) ||
+ (tpPolicy->PolicyIds == NULL)) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER);
+ }
+ if(tpCompareCssmData(&tpPolicy->PolicyIds->FieldOid,
+ &CSSMOID_APPLE_TP_CSR_GEN)) {
+ /* break out to CSR-specific code */
+ SubmitCsrRequest(RequestInput, EstimatedTime, ReferenceIdentifier);
+ return;
+ }
+ else if(!tpCompareCssmData(&tpPolicy->PolicyIds->FieldOid,
+ &CSSMOID_APPLE_TP_LOCAL_CERT_GEN)) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS);
+ }
+
+ CSSM_APPLE_TP_CERT_REQUEST *certReq =
+ (CSSM_APPLE_TP_CERT_REQUEST *)RequestInput.Requests;
+ if((certReq->cspHand == 0) ||
+ (certReq->clHand == 0) ||
+ (certReq->certPublicKey == NULL) ||
+ (certReq->issuerPrivateKey == NULL)) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS);
+ }
+ if((certReq->subjectNames == NULL) ||
+ (certReq->numSubjectNames == 0)) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_NAME);
+ }
+ if((certReq->numExtensions != 0) & (certReq->extensions == NULL)) {
+ CssmError::throwMe(CSSMERR_TP_INVALID_POINTER);
+ }
+
+ CSSM_RETURN ourRtn = CSSM_OK;
+
+ try {
+ /* convert caller's friendly names and times to CDSA style */
+ subjectX509 = buildX509Name(certReq->subjectNames, certReq->numSubjectNames);
+ if(certReq->issuerNames != NULL) {
+ issuerX509 = buildX509Name(certReq->issuerNames, certReq->numIssuerNames);
+ }
+ else if(certReq->issuerNameX509) {
+ /* caller obtained this from an existing signer's cert */
+ issuerX509 = certReq->issuerNameX509;
+ }
+ else {
+ /* self-signed */
+ issuerX509 = subjectX509;
+ }
+ notBeforeX509 = buildX509Time(certReq->notBefore);
+ notAfterX509 = buildX509Time(certReq->notAfter);
+
+ if(certReq->numExtensions != 0) {
+ /* convert extensions array from CE_DataAndType to CSSM_X509_EXTENSION */
+ extens509 = (CSSM_X509_EXTENSION *)malloc(sizeof(CSSM_X509_EXTENSION) *
+ certReq->numExtensions);
+ memset(extens509, 0, sizeof(CSSM_X509_EXTENSION) *
+ certReq->numExtensions);
+ for(unsigned dex=0; dex<certReq->numExtensions; dex++) {
+ CSSM_X509_EXTENSION *extn = &extens509[dex];
+ CE_DataAndType *cdt = &certReq->extensions[dex];
+ void *parsedValue;
+ CSSM_OID extnId;
+
+ switch(cdt->type) {
+ case DT_AuthorityKeyID:
+ parsedValue = &cdt->extension.authorityKeyID;
+ extnId = CSSMOID_AuthorityKeyIdentifier;
+ break;
+ case DT_SubjectKeyID:
+ parsedValue = &cdt->extension.subjectKeyID;
+ extnId = CSSMOID_SubjectKeyIdentifier;
+ break;
+ case DT_KeyUsage:
+ parsedValue = &cdt->extension.keyUsage;
+ extnId = CSSMOID_KeyUsage;
+ break;
+ case DT_SubjectAltName:
+ parsedValue = &cdt->extension.subjectAltName;
+ extnId = CSSMOID_SubjectAltName;
+ break;
+ case DT_ExtendedKeyUsage:
+ parsedValue = &cdt->extension.extendedKeyUsage;
+ extnId = CSSMOID_ExtendedKeyUsage;
+ break;
+ case DT_BasicConstraints:
+ parsedValue = &cdt->extension.basicConstraints;
+ extnId = CSSMOID_BasicConstraints;
+ break;
+ case DT_CertPolicies:
+ parsedValue = &cdt->extension.certPolicies;
+ extnId = CSSMOID_CertificatePolicies;
+ break;
+ case DT_NetscapeCertType:
+ parsedValue = &cdt->extension.netscapeCertType;
+ extnId = CSSMOID_NetscapeCertType;
+ break;
+ case DT_Other:
+ default:
+ tpCredDebug("SubmitCredRequest: DT_Other not supported");
+ CssmError::throwMe(CSSMERR_TP_UNKNOWN_TAG);
+ // NOT REACHED
+ }
+ extn->extnId = extnId;
+ extn->critical = cdt->critical;
+ extn->format = CSSM_X509_DATAFORMAT_PARSED;
+ extn->value.parsedValue = parsedValue;
+ extn->BERvalue.Data = NULL;
+ extn->BERvalue.Length = 0;
+ } /* for each extension */
+ } /* converting extensions */
+
+ /* cook up the unsigned template */
+ makeCertTemplate(certReq->clHand,
+ certReq->cspHand,
+ certReq->serialNumber,
+ issuerX509,
+ subjectX509,
+ notBeforeX509,
+ notAfterX509,
+ certReq->certPublicKey,
+ certReq->signatureOid,
+ NULL, // subjectUniqueID, not used here (yet)
+ NULL, // issuerUniqueId
+ extens509,
+ certReq->numExtensions,
+ certTemplate);
+
+ /* create signature context */
+ ourRtn = CSSM_CSP_CreateSignatureContext(certReq->cspHand,
+ certReq->signatureAlg,
+ NULL, // AccessCred
+ certReq->issuerPrivateKey,
+ &sigContext);
+ if(ourRtn) {
+ tpCredDebug("CSSM_CSP_CreateSignatureContext returned %s",
+ cssmErrorString(ourRtn).c_str());
+ CssmError::throwMe(ourRtn);
+ }
+
+ signedCert = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA));
+ signedCert->Data = NULL;
+ signedCert->Length = 0;
+ ourRtn = CSSM_CL_CertSign(certReq->clHand,
+ sigContext,
+ certTemplate, // CertToBeSigned
+ NULL, // SignScope
+ 0, // ScopeSize,
+ signedCert);
+ if(ourRtn) {
+ tpCredDebug("CSSM_CL_CertSign returned %s",
+ cssmErrorString(ourRtn).c_str());
+ CssmError::throwMe(ourRtn);
+ }
+
+ /* save it for retrieval by RetrieveCredResult */
+ addCertToMap(signedCert, &ReferenceIdentifier);
+ EstimatedTime = 0;
+ }
+ catch (const CssmError &cerr) {
+ tpCredDebug("SubmitCredRequest: CSSM error %s",
+ cssmErrorString(cerr).c_str());
+ ourRtn = cerr.cssmError();
+ }
+ catch(...) {
+ tpCredDebug("SubmitCredRequest: unknown exception");
+ ourRtn = CSSMERR_TP_INTERNAL_ERROR; // ??
+ }
+
+ /* free reources */
+ tpFreeCssmData(*this, certTemplate, CSSM_TRUE);
+ freeX509Name(subjectX509);
+ if(certReq->issuerNames) {
+ freeX509Name(issuerX509);
+ }
+ /* else same as subject */
+ freeX509Time(notBeforeX509);
+ freeX509Time(notAfterX509);
+ if(extens509) {
+ free(extens509);
+ }
+ if(sigContext != 0) {
+ CSSM_DeleteContext(sigContext);
+ }
+ if(ourRtn) {
+ CssmError::throwMe(ourRtn);
+ }
+}
+
+void AppleTPSession::RetrieveCredResult(
+ const CssmData &ReferenceIdentifier,
+ const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
+ sint32 &EstimatedTime,
+ CSSM_BOOL &ConfirmationRequired,
+ CSSM_TP_RESULT_SET_PTR &RetrieveOutput)
+{
+ const CSSM_DATA *cert = getCertFromMap(&ReferenceIdentifier);
+
+ if(cert == NULL) {
+ tpCredDebug("RetrieveCredResult: refId not found");
+ CssmError::throwMe(CSSMERR_TP_INVALID_IDENTIFIER);
+ }
+
+ /* CSSM_TP_RESULT_SET.Results points to a CSSM_ENCODED_CERT */
+ CSSM_ENCODED_CERT *encCert = (CSSM_ENCODED_CERT *)malloc(sizeof(CSSM_ENCODED_CERT));
+ encCert->CertType = CSSM_CERT_X_509v3;
+ encCert->CertEncoding = CSSM_CERT_ENCODING_DER;
+
+ /*
+ * caller must free all three:
+ * CSSM_TP_RESULT_SET_PTR RetrieveOutput
+ * RetrieveOutput->Results (CSSM_ENCODED_CERT *encCert)
+ * encCert->CertBlob.Data (the actual cert)
+ */
+ encCert->CertBlob = *cert;
+ RetrieveOutput = (CSSM_TP_RESULT_SET_PTR)malloc(
+ sizeof(CSSM_TP_RESULT_SET));
+ RetrieveOutput->Results = encCert;
+ RetrieveOutput->NumberOfResults = 1;
+ ConfirmationRequired = CSSM_FALSE;
+ EstimatedTime = 0;
+}
#include <Security/certextensions.h>
#include <Security/cssmapple.h>
#include <string.h>
+#include <ctype.h>
+#include <assert.h>
/*
* Our private per-extension info. One of these per (understood) extension per
}
}
+#if TP_ROOT_CERT_ENABLE
/*
* Common code for comparing a root to a list of known embedded roots.
*/
*/
for(dex=0; dex<numKnownRoots; dex++) {
if(!tpCompareCssmData(subjectName,
- knownRoots[dex].subjectName)) {
+ &knownRoots[dex].subjectName)) {
continue;
}
if(!tpCompareCssmData(publicKey,
- knownRoots[dex].publicKey)) {
+ &knownRoots[dex].publicKey)) {
continue;
}
#if ENABLE_APPLE_DEBUG_ROOT
/*
* See if specified root cert is a known (embedded) iSign root cert.
* Returns CSSM_TRUE if the cert is a known root cert.
+ *
+ * Note as of 6/12/02, we do not distinguish between internally
+ * cached iSign roots and SSL roots. Maybe someday we will do so again,
+ * so let's leave these two functions separate.
*/
static CSSM_BOOL tp_isIsignRootCert(
CSSM_CL_HANDLE clHand,
TPCertInfo *rootCert) // raw cert from cert group
{
- return tp_isKnownRootCert(rootCert, iSignRootCerts, numiSignRootCerts);
+ const tpRootCert *roots;
+ unsigned numRoots;
+ roots = TPRootStore::tpGlobalRoots().rootCerts(clHand, numRoots);
+ return tp_isKnownRootCert(rootCert, roots, numRoots);
}
/*
CSSM_CL_HANDLE clHand,
TPCertInfo *rootCert) // raw cert from cert group
{
- return tp_isKnownRootCert(rootCert, sslRootCerts, numSslRootCerts);
+ const tpRootCert *roots;
+ unsigned numRoots;
+ roots = TPRootStore::tpGlobalRoots().rootCerts(clHand, numRoots);
+ return tp_isKnownRootCert(rootCert, roots, numRoots);
}
/*
CSSM_X509_ALGORITHM_IDENTIFIER_PTR algId;
CSSM_DATA_PTR valToFree = NULL;
CSSM_ALGORITHMS sigAlg;
-
+ const tpRootCert *rootCerts = NULL;
+ unsigned numRootCerts = 0;
+
memset(&rootKey, 0, sizeof(CSSM_KEY));
/*
hdr->KeyClass = CSSM_KEYCLASS_PUBLIC_KEY;
hdr->KeyAttr = CSSM_KEYATTR_MODIFIABLE | CSSM_KEYATTR_EXTRACTABLE;
hdr->KeyUsage = CSSM_KEYUSE_VERIFY;
-
- for(dex=0; dex<numSslRootCerts; dex++) {
- /* only variation in key in the loop - raw key bits and size */
- rootInfo = &sslRootCerts[dex];
- if(!tpIsSameName(rootInfo->subjectName, certToVfy->issuerName())) {
+
+ rootCerts = TPRootStore::tpGlobalRoots().rootCerts(clHand, numRootCerts);
+ for(dex=0; dex<numRootCerts; dex++) {
+ rootInfo = &rootCerts[dex];
+ if(!tpIsSameName(&rootInfo->subjectName, certToVfy->issuerName())) {
/* not this root */
continue;
}
- rootKey.KeyData = *rootInfo->publicKey;
+
+ /* only variation in key in the loop - raw key bits and size */
+ rootKey.KeyData = rootInfo->publicKey;
hdr->LogicalKeySizeInBits = rootInfo->keySize;
crtn = CSSM_CSP_CreateSignatureContext(cspHand,
sigAlg,
}
return brtn;
}
+#endif /* TP_ROOT_CERT_ENABLE */
+
+/*
+ * Convert a C string to lower case in place. NULL terminator not needed.
+ */
+static void tpToLower(
+ char *str,
+ unsigned strLen)
+{
+ for(unsigned i=0; i<strLen; i++) {
+ *str++ = tolower(*str);
+ }
+}
+
+/*
+ * Verify SSL options. Currently this just consists of matching the
+ * leaf cert's subject common name against the caller's (optional)
+ * server name.
+ */
+static CSSM_RETURN tp_verifySslOpts(
+ TPCertGroup &certGroup,
+ const CSSM_APPLE_TP_SSL_OPTIONS *sslOpts)
+{
+ if(sslOpts == NULL) {
+ /* optional */
+ return CSSM_OK;
+ }
+
+ CSSM_DATA_PTR subjNameData = NULL;
+ char *serverName = NULL;
+ unsigned serverNameLen = sslOpts->ServerNameLen;
+ char *commonName = NULL;
+ uint32 commonNameLen = 0;
+
+ if(serverNameLen == 0) {
+ /* optional */
+ return CSSM_OK;
+ }
+ if(sslOpts->ServerName == NULL) {
+ return CSSMERR_TP_INVALID_POINTER;
+ }
+
+ /* Obtain subject name of leaf cert in CSSM_X509_NAME_PTR form */
+ TPCertInfo *leaf = certGroup.certAtIndex(0);
+ assert(leaf != NULL);
+ CSSM_RETURN crtn;
+ crtn = leaf->fetchField(&CSSMOID_X509V1SubjectNameCStruct, &subjNameData);
+ if(crtn) {
+ /* should never happen, we shouldn't be here if there is no subject */
+ errorLog0("tp_verifySslOpts: error retrieving subject name\n");
+ return crtn;
+ }
+ CSSM_X509_NAME_PTR x509name = (CSSM_X509_NAME_PTR)subjNameData->Data;
+ if((x509name == NULL) || (subjNameData->Length != sizeof(CSSM_X509_NAME))) {
+ errorLog0("tp_verifySslOpts: malformed CSSM_X509_NAME\n");
+ crtn = CSSMERR_TP_INVALID_CERTGROUP;
+ goto done;
+ }
+
+ /* Now grunge thru the X509 name looking for a common name */
+ CSSM_X509_TYPE_VALUE_PAIR *ptvp;
+ CSSM_X509_RDN_PTR rdnp;
+ unsigned rdnDex;
+ unsigned pairDex;
+
+ for(rdnDex=0; rdnDex<x509name->numberOfRDNs; rdnDex++) {
+ rdnp = &x509name->RelativeDistinguishedName[rdnDex];
+ for(pairDex=0; pairDex<rdnp->numberOfPairs; pairDex++) {
+ ptvp = &rdnp->AttributeTypeAndValue[pairDex];
+ if(tpCompareOids(&ptvp->type, &CSSMOID_CommonName)) {
+ commonName = (char *)ptvp->value.Data;
+ commonNameLen = ptvp->value.Length;
+ break;
+ }
+ }
+ }
+ if(commonName == NULL) {
+ errorLog0("tp_verifySslOpts: NO COMMON NAME in subject\n");
+ crtn = CSSMERR_TP_VERIFY_ACTION_FAILED;
+ goto done;
+ }
+
+ /* tolerate optional NULL terminators for both */
+ if(commonName[commonNameLen - 1] == '\0') {
+ commonNameLen--;
+ }
+ if(sslOpts->ServerName[serverNameLen - 1] == '\0') {
+ serverNameLen--;
+ }
+
+ /* convert both name strings to lower case. The one in the X509 Name can
+ * be done in place; we have to malloc and copy the caller's string. */
+ tpToLower(commonName, commonNameLen);
+ serverName = (char *)certGroup.alloc().malloc(serverNameLen);
+ memmove(serverName, sslOpts->ServerName, serverNameLen);
+ tpToLower(serverName, serverNameLen);
+
+ /* case 1: exact match */
+ if((serverNameLen == commonNameLen) &&
+ !memcmp(commonName, serverName, commonNameLen)) {
+ crtn = CSSM_OK;
+ goto done;
+ }
+
+ /* case 2: handle optional '*' in cert's common name */
+ if(commonName[0] == '*') {
+ /* last (commonNameLen - 1) chars have to match */
+ unsigned effectLen = commonNameLen - 1; // skip '*'
+ if(serverNameLen < effectLen) {
+ errorLog0("tp_verifySslOpts: subject/server name wildcard mismatch (1)\n");
+ crtn = CSSMERR_TP_VERIFY_ACTION_FAILED;
+ }
+ else if(memcmp(commonName+1, // skip '*'
+ serverName + serverNameLen - effectLen,
+ effectLen)) {
+ errorLog0("tp_verifySslOpts: subject/server name wildcard mismatch (2)\n");
+ crtn = CSSMERR_TP_VERIFY_ACTION_FAILED;
+ }
+ else {
+ /* wildcard match */
+ crtn = CSSM_OK;
+ }
+ }
+ else {
+ /* mismatch */
+ errorLog0("tp_verifySslOpts: subject/server name mismatch\n");
+ crtn = CSSMERR_TP_VERIFY_ACTION_FAILED;
+ }
+done:
+ if(subjNameData != NULL) {
+ leaf->freeField(&CSSMOID_X509V1SubjectNameCStruct, subjNameData);
+ }
+ if(serverName != NULL) {
+ certGroup.alloc().free(serverName);
+ }
+ if(crtn == CSSMERR_TP_VERIFY_ACTION_FAILED) {
+ leaf->addStatusCode(CSSMERR_APPLETP_HOSTNAME_MISMATCH);
+ }
+ return crtn;
+}
/*
* RFC2459 says basicConstraints must be flagged critical for
* kTPx509Basic: CertGroup of length one allowed.
*/
CSSM_RETURN tp_policyVerify(
- TPPolicy policy,
- CssmAllocator &alloc,
- CSSM_CL_HANDLE clHand,
- CSSM_CSP_HANDLE cspHand,
- TPCertGroup *certGroup,
- CSSM_BOOL verifiedToRoot) // last cert is good root
+ TPPolicy policy,
+ CssmAllocator &alloc,
+ CSSM_CL_HANDLE clHand,
+ CSSM_CSP_HANDLE cspHand,
+ TPCertGroup *certGroup,
+ CSSM_BOOL verifiedToRoot, // last cert is good root
+ const CSSM_APPLE_TP_ACTION_DATA *actionData,
+ const CSSM_APPLE_TP_SSL_OPTIONS *sslOpts,
+ void *policyOpts) // future options
{
iSignCertInfo *certInfo = NULL;
uint32 numCerts;
uint16 expUsage;
uint16 actUsage;
unsigned certDex;
- CSSM_BOOL cA = CSSM_FALSE;// init for compiler warning
- CSSM_BOOL isLeaf; // end entity
- CSSM_BOOL isRoot; // root cert
+ CSSM_BOOL cA = CSSM_FALSE; // init for compiler warning
+ CSSM_BOOL isLeaf; // end entity
+ CSSM_BOOL isRoot; // root cert
CE_ExtendedKeyUsage *extendUsage;
CE_AuthorityKeyID *authorityId;
- CSSM_RETURN outErr = CSSM_OK;
- TPCertInfo *lastCert;
+ CSSM_RETURN outErr = CSSM_OK; // for gross, non-policy errors
+ CSSM_BOOL policyFail = CSSM_FALSE;
/* First, kTPDefault is a nop here */
if(policy == kTPDefault) {
if(iSignGetCertInfo(alloc,
certGroup->certAtIndex(certDex),
&certInfo[certDex])) {
+ (certGroup->certAtIndex(certDex))->addStatusCode(
+ CSSMERR_TP_INVALID_CERTIFICATE);
+ /* this one is fatal */
outErr = CSSMERR_TP_INVALID_CERTIFICATE;
goto errOut;
}
*/
for(certDex=0; certDex<numCerts; certDex++) {
thisCertInfo = &certInfo[certDex];
+ TPCertInfo *thisTpCertInfo = certGroup->certAtIndex(certDex);
if(thisCertInfo->foundUnknownCritical) {
/* illegal for all policies */
errorLog0("tp_policyVerify: critical flag in unknown extension\n");
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_UNKNOWN_CRITICAL_EXTEN);
+ policyFail = CSSM_TRUE;
}
/*
case kTPiSign:
/* required for iSign in this position */
errorLog0("tp_policyVerify: no basicConstraints\n");
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ thisTpCertInfo->addStatusCode(
+ CSSMERR_APPLETP_NO_BASIC_CONSTRAINTS);
+ break;
default:
/* not reached */
break;
if(!thisCertInfo->basicConstraints.critical) {
/* per RFC 2459 */
errorLog0("tp_policyVerify: basicConstraints marked not critical\n");
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ thisTpCertInfo->addStatusCode(CSSMERR_TP_VERIFY_ACTION_FAILED);
}
#endif /* BASIC_CONSTRAINTS_MUST_BE_CRITICAL */
cA = thisCertInfo->basicConstraints.extnData->basicConstraints.cA;
* both true (kTPx509Basic, kTP_SSL only) */
if(cA && !isRoot) {
errorLog0("tp_policyVerify: cA true for leaf\n");
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_CA);
}
} else if(!cA) {
errorLog0("tp_policyVerify: cA false for non-leaf\n");
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_CA);
}
/*
if((policy == kTPiSign) && thisCertInfo->authorityId.present) {
if(isRoot) {
errorLog0("tp_policyVerify: authorityId in root\n");
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_AUTHORITY_ID);
}
if(thisCertInfo->authorityId.critical) {
/* illegal per RFC 2459 */
errorLog0("tp_policyVerify: authorityId marked critical\n");
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_AUTHORITY_ID);
}
}
if(thisCertInfo->subjectId.present) {
if((policy == kTPiSign) && thisCertInfo->subjectId.critical) {
errorLog0("tp_policyVerify: subjectId marked critical\n");
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_SUBJECT_ID);
}
}
if(!(actUsage & expUsage)) {
errorLog2("tp_policyVerify: bad keyUsage (leaf %s; usage 0x%x)\n",
(certDex == 0) ? "TRUE" : "FALSE", actUsage);
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_KEY_USAGE);
}
}
else if(policy == kTPiSign) {
if(!(ct & CE_NCT_ObjSign)) {
errorLog0("tp_policyVerify: netscape-cert-type, !ObjectSign\n");
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_KEY_USAGE);
}
}
else if(!isRoot) {
errorLog0("tp_policyVerify: !isRoot, no keyUsage, !(leaf and netscapeCertType)\n");
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ thisTpCertInfo->addStatusCode(CSSMERR_APPLETP_INVALID_KEY_USAGE);
}
}
} /* for certDex, checking presence of extensions */
if(extendUsage->numPurposes != 1) {
errorLog1("tp_policyVerify: bad extendUsage->numPurposes (%d)\n",
(int)extendUsage->numPurposes);
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ (certGroup->certAtIndex(0))->addStatusCode(
+ CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE);
}
if(!tpCompareOids(extendUsage->purposes,
&CSSMOID_ExtendedUseCodeSigning)) {
errorLog0("tp_policyVerify: bad extendKeyUsage\n");
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ (certGroup->certAtIndex(0))->addStatusCode(
+ CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE);
}
}
if(!tpCompareCssmData(&authorityId->keyIdentifier,
&certInfo[certDex+1].subjectId.extnData->subjectKeyID)) {
errorLog0("tp_policyVerify: bad key ID linkage\n");
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
- goto errOut;
+ policyFail = CSSM_TRUE;
+ (certGroup->certAtIndex(certDex))->addStatusCode(
+ CSSMERR_APPLETP_INVALID_ID_LINKAGE);
}
}
- /* iSign, SSL: compare root against known root certs */
- lastCert = certGroup->lastCert();
- if(policy == kTPiSign) {
- bool brtn = tp_isIsignRootCert(clHand, lastCert);
- if(!brtn) {
- outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
+ /*
+ * SSL: optionally verify common name.
+ * FIXME - should this be before or after the root cert test? How can
+ * we return both errors?
+ */
+ if(policy == kTP_SSL) {
+ CSSM_RETURN cerr = tp_verifySslOpts(*certGroup, sslOpts);
+ if(cerr) {
+ policyFail = CSSM_TRUE;
}
}
- else if(verifiedToRoot && (policy == kTP_SSL)) {
- /* note SSL doesn't require root here */
- bool brtn = tp_isSslRootCert(clHand, lastCert);
- if(!brtn) {
- outErr = CSSMERR_TP_INVALID_ANCHOR_CERT;
+
+ /* iSign, SSL: compare root against known root certs */
+ /* FIXME - this goes away soon */
+ #if TP_ROOT_CERT_ENABLE
+ if((outErr == CSSM_OK) && // skip if we have a gross error (other than policy failure)
+ (actionData != NULL) &&
+ (actionData->ActionFlags & 0x80000000)) { // The secret "enable root cert check" flag
+ TPCertInfo *lastCert = certGroup->lastCert();
+ if(policy == kTPiSign) {
+ bool brtn = tp_isIsignRootCert(clHand, lastCert);
+ if(!brtn) {
+ policyFail = CSSM_TRUE;
+ }
+ }
+ else if(verifiedToRoot && (policy == kTP_SSL)) {
+ /* note SSL doesn't require root here */
+ bool brtn = tp_isSslRootCert(clHand, lastCert);
+ if(!brtn) {
+ outErr = CSSMERR_TP_INVALID_ANCHOR_CERT;
+ }
}
}
- else {
- outErr = CSSM_OK;
+ #endif /* TP_ROOT_CERT_ENABLE */
+ if(policyFail && (outErr == CSSM_OK)) {
+ /* only error in this function was policy failure */
+ outErr = CSSMERR_TP_VERIFY_ACTION_FAILED;
}
errOut:
/* free resources */
#include <Security/cssmtype.h>
#include <Security/cssmalloc.h>
+#include <Security/cssmapple.h>
#include "TPCertInfo.h"
#ifdef __cplusplus
* Returns CSSM_TRUE on success.
*/
CSSM_RETURN tp_policyVerify(
- TPPolicy policy,
- CssmAllocator &alloc,
- CSSM_CL_HANDLE clHand,
- CSSM_CSP_HANDLE cspHand,
- TPCertGroup *certGroup,
- CSSM_BOOL verifiedToRoot); // last cert is good root
+ TPPolicy policy,
+ CssmAllocator &alloc,
+ CSSM_CL_HANDLE clHand,
+ CSSM_CSP_HANDLE cspHand,
+ TPCertGroup *certGroup,
+ CSSM_BOOL verifiedToRoot, // last cert is good root
+ const CSSM_APPLE_TP_ACTION_DATA *actionData,
+ const CSSM_APPLE_TP_SSL_OPTIONS *sslOpts,
+ void *policyOpts); // future options
#ifdef __cplusplus
}
#include <stdlib.h>
#include <stdio.h>
#include <ctype.h>
-
-#define UTC_TIME_STRLEN 13
-#define GENERALIZED_TIME_STRLEN 15
+#include <stdbool.h>
/*
* Given a string containing either a UTC-style or "generalized time"
struct tm *tmp)
{
char szTemp[5];
- unsigned isUtc;
+ bool isUtc = false; // 2-digit year
+ bool isCssmTime = false; // no trailing 'Z'
unsigned x;
unsigned i;
char *cp;
}
switch(len) {
case UTC_TIME_STRLEN: // 2-digit year, not Y2K compliant
- isUtc = 1;
+ isUtc = true;
break;
+ case CSSM_TIME_STRLEN:
+ isCssmTime = true;
+ break;
case GENERALIZED_TIME_STRLEN: // 4-digit year
- isUtc = 0;
break;
default: // unknown format
return 1;
}
}
- /* check last character is a 'Z' */
- if(cp[len - 1] != 'Z' ) {
- return 1;
- }
-
+ /* check last character is a 'Z' or digit as appropriate */
+ if(isCssmTime) {
+ if(!isdigit(cp[len - 1])) {
+ return 1;
+ }
+ }
+ else {
+ if(cp[len - 1] != 'Z' ) {
+ return 1;
+ }
+ }
+
/* YEAR */
szTemp[0] = *cp++;
szTemp[1] = *cp++;
return 0;
}
-/* return current GMT time as a struct tm */
+/*
+ * Return current GMT time as a struct tm.
+ * Caller must hold tpTimeLock.
+ */
void nowTime(
struct tm *now)
{
return 0;
}
+/*
+ * Create a time string, in either UTC (2-digit) or or Generalized (4-digit)
+ * year format. Caller mallocs the output string whose length is at least
+ * (UTC_TIME_STRLEN+1) or (GENERALIZED_TIME_STRLEN+1) respectively.
+ * Caller must hold tpTimeLock.
+ */
+void timeAtNowPlus(unsigned secFromNow,
+ TpTimeSpec timeSpec,
+ char *outStr)
+{
+ struct tm utc;
+ time_t baseTime;
+
+ baseTime = time(NULL);
+ baseTime += (time_t)secFromNow;
+ utc = *gmtime(&baseTime);
+
+ if(timeSpec == TIME_UTC) {
+ /* UTC - 2 year digits - code which parses this assumes that
+ * (2-digit) years between 0 and 49 are in century 21 */
+ if(utc.tm_year >= 100) {
+ utc.tm_year -= 100;
+ }
+ sprintf(outStr, "%02d%02d%02d%02d%02d%02dZ",
+ utc.tm_year /* + 1900 */, utc.tm_mon + 1,
+ utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec);
+ }
+ else {
+ sprintf(outStr, "%04d%02d%02d%02d%02d%02dZ",
+ /* note year is relative to 1900, hopefully it'll have
+ * four valid digits! */
+ utc.tm_year + 1900, utc.tm_mon + 1,
+ utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec);
+ }
+}
extern "C" {
#endif
+/* lengths of time strings without trailing NULL */
+#define UTC_TIME_STRLEN 13
+#define CSSM_TIME_STRLEN 14 /* no trailing 'Z' */
+#define GENERALIZED_TIME_STRLEN 15
+
/*
* Given a string containing either a UTC-style or "generalized time"
* time string, convert to a struct tm (in GMT/UTC). Returns nonzero on
unsigned len,
struct tm *tmp);
-/* return current GMT time as a struct tm */
+/*
+ * Return current GMT time as a struct tm.
+ * Caller must hold tpTimeLock.
+ */
extern void nowTime(
struct tm *now);
const struct tm *t1,
const struct tm *t2);
+/*
+ * Create a time string, in either UTC (2-digit) or or Generalized (4-digit)
+ * year format. Caller mallocs the output string whose length is at least
+ * (UTC_TIME_STRLEN+1) or (GENERALIZED_TIME_STRLEN+1) respectively.
+ * Caller must hold tpTimeLock.
+ */
+typedef enum {
+ TIME_UTC,
+ TIME_GEN
+} TpTimeSpec;
+
+void timeAtNowPlus(unsigned secFromNow,
+ TpTimeSpec timeSpec,
+ char *outStr);
+
#ifdef __cplusplus
}
#endif
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>BuiltIn</key>
+ <true/>
+ <key>CDSAVersion</key>
+ <string>2.0</string>
+ <key>Desc</key>
+ <string>Apple built-in X509TP</string>
+ <key>DynamicFlag</key>
+ <false/>
+ <key>MdsFileDescription</key>
+ <string>Built-in X509TP Common info</string>
+ <key>MdsFileType</key>
+ <string>PluginCommon</string>
+ <key>ModuleID</key>
+ <string>{87191ca5-0fc9-11d4-849a000502b52122}</string>
+ <key>ModuleName</key>
+ <string>AppleX509TP</string>
+ <key>MultiThreadFlag</key>
+ <true/>
+ <key>ProductVersion</key>
+ <string>1.0</string>
+ <key>ServiceMask</key>
+ <string>CSSM_SERVICE_TP</string>
+</dict>
+</plist>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>MdsFileDescription</key>
+ <string>Built-in X509TP Policy OIDs</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_TP_OIDS_RECORDTYPE</string>
+ <key>ModuleID</key>
+ <string>{87191ca5-0fc9-11d4-849a000502b52122}</string>
+ <key>Policies</key>
+ <array>
+ <dict>
+ <key>OID</key>
+ <data>
+ KoZIhvdjZAEB
+ </data>
+ <key>Value</key>
+ <data>
+ </data>
+ </dict>
+ <dict>
+ <key>OID</key>
+ <data>
+ KoZIhvdjZAEC
+ </data>
+ <key>Value</key>
+ <data>
+ </data>
+ </dict>
+ <dict>
+ <key>OID</key>
+ <data>
+ KoZIhvdjZAED
+ </data>
+ <key>Value</key>
+ <data>
+ </data>
+ </dict>
+ </array>
+ <key>SSID</key>
+ <integer>0</integer>
+</dict>
+</plist>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_ANY</string>
+ </array>
+ <key>AuthTags</key>
+ <array>
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>CertTypeFormat</key>
+ <string><<CSSM_CERT_X_509v3 | CSSM_CERT_ENCODING_DER</string>
+ <key>MdsFileDescription</key>
+ <string>Built-in X509TP Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_TP_PRIMARY_RECORDTYPE</string>
+ <key>ModuleID</key>
+ <string>{87191ca5-0fc9-11d4-849a000502b52122}</string>
+ <key>ModuleName</key>
+ <string>AppleX509TP</string>
+ <key>ProductVersion</key>
+ <string>1.0</string>
+ <key>SSID</key>
+ <integer>0</integer>
+ <key>SampleTypes</key>
+ <array/>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
#if DEBUG_ENABLE || ERROR_LOG_ENABLE
#include <stdio.h>
+#include <stdlib.h>
#if !LOG_VIA_PRINTF
+++ /dev/null
-# Created and modified by checkpoint; do not edit
-# $Id: CVSVersionInfo.txt,v 1.22.4.2 2002/01/10 22:57:07 perry Exp $
-# $Name: Security-30~1 $
-ProjectName: Security
-ProjectVersion: 30~1
--- /dev/null
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+ <meta name="GENERATOR" content="Mozilla/4.75C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; U; PPC) [Netscape]">
+ <title>CertTool.html</title>
+</head>
+<body>
+
+<center>
+<h2>
+<b>CertTool</b></h2></center>
+
+<center>
+<h2>
+<b>Last Update 5/20/02</b></h2></center>
+
+<h2>
+Table Of Contents</h2>
+1. <a href="#Introduction">Introduction</a>
+<br>2. <a href="#Generating a Self-Signed Certificate">Generating a Self-Signed
+Certificate</a>
+<br>3. <a href="#Generating a Certificate Signing Request (CSR)">Generating
+a Certificate Signing Request (CSR)</a>
+<br>4. <a href="#Verifying a CSR">Verifying a CSR</a>
+<br>5. <a href="#Importing a Certificate from a Certificate Authority">Importing
+a Certificate from a Certificate Authority</a>
+<br>6. <a href="#Displaying a Certificate">Displaying a Certificate</a>
+<br>7. <a href="#Certificate Authorities and CSRs">Certificate Authorities
+and CSRs</a>
+<br>
+<h2>
+1. <a NAME="Introduction"></a>Introduction</h2>
+
+<blockquote>CertTool is a UNIX command-line program which is used to create
+key pairs, certificates, and certificate signing requests; to import externally
+generated certificates into a Keychain, and to display the contents of
+certificates. Currently. the primary use of CertTool is to perform the
+certificate-related administration required to configure an SSL server
+based on Mac OS X's SecureTransport library. Each supported CertTool operation
+is described below in detail.
+<p>The reader of this document, and the user of CertTool, is assumed to
+be familiar with the following:
+<ul>
+<li>
+General principles of public key cryptography</li>
+
+<li>
+The concepts of certificates and trust</li>
+
+<li>
+General operation of the Secure Socket Layer (SSL) protocol</li>
+
+<li>
+General operation of the Mac OS X Keychain</li>
+
+<li>
+The Mac OS X SecureTransport library</li>
+</ul>
+No programming knowledge is assumed or required. An excellent primer on
+the topics of public key cryptography, certificates, and SSL can be found
+at <a href="http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html">http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html.</a>
+<p>Note: in all examples of usage of the command line tool which follow,
+the user's input is shown in <b>bold</b>. Running CertTool with no command-line
+arguments results in usage info being displayed.
+<br> </blockquote>
+
+<h2>
+2. <a NAME="Generating a Self-Signed Certificate"></a>Generating a
+Self-Signed Certificate</h2>
+
+<blockquote>This command generates a key pair and a self-signed (root)
+certificate and places them in a keychain. The root cert is signed by the
+private key generated during this command. The cert generated by this command
+is totally untrustworth and cannot be used in the "real world"; the primary
+use of this command is to facilitate early development of SSL server applications
+based on SecureTransport. In particular, "real world" SSL clients (e.g.,
+web browsers) will complain to varying degrees when they attempt to connect
+to an SSL server which presents a cert which is generated by this command.
+Some broswers, after a fair amount of handholding, will allow you to conditionally
+"trust" this cert.
+<p>The format of this command is
+<p># <b>CertTool c [options]</b>
+<p>The available options are:
+<blockquote>k=keyChainName
+<blockquote>Where "KeyChainName" is the name of the keychain into which
+keys and the cert will be added. If no keychain is specified, keys and
+certs are added to the default keychain. The specified keychain must exist
+unless you specify the 'c' option.</blockquote>
+c
+<blockquote>Specifies that the designated key is to be created.</blockquote>
+</blockquote>
+This an interactive command; you will be prompted for a number of different
+items which are used to generate the keypair and the cert. A sample sesion
+follows.
+<br>
+<blockquote># <b>CertTool k=certkc</b>
+<br>Enter key and certificate label: <b>testCert</b>
+<p>Please specify parameters for the key pair you will generate.
+<p> r RSA
+<br> d DSA
+<br> f FEE
+<p>Select key algorithm by letter: <b><font size=+1>r</font></b>
+<p>Valid key sizes for RSA are 512..2048; default is 512
+<br>Enter key size in bits or CR for default: <b><font size=+1>512</font></b>
+<p>You have selected algorithm RSA, key size 512 bits.
+<br>OK (y/anything)? <b><font size=+1>y</font></b>
+<br>Enter cert/key usage (s=signing, b=signing AND encrypting): b
+<br>...Generating key pair...
+<p><i><<Note: you will be prompted for the Keychain's passphrase
+by the Keychain system at this point if the specified keychain is not open.>></i>
+<p>Please specify the algorithm with which your certificate will be signed.
+<p> 5 RSA with MD5
+<br> s RSA with SHA1
+<p>Select signature algorithm by letter:<b><font size=+1> s</font></b>
+<p>You have selected algorithm RSA with SHA1.
+<br>OK (y/anything)? <b><font size=+1>y</font></b>
+<br>...creating certificate...
+<p>You will now specify the various components of the certificate's
+<br>Relative Distinguished Name (RDN). An RDN has a number of
+<br>components, all of which are optional, but at least one of
+<br>which must be present.
+<p>Note that if you are creating a certificate for use in an
+<br>SSL/TLS server, the Common Name component of the RDN must match
+<br>exactly the host name of the server. This must not be an IP
+<br>address, but the actual domain name, e.g. www.apple.com.
+<p>Entering a CR for a given RDN component results in no value for
+<br>that component.
+<p>Common Name (e.g, www.apple.com)
+: <b><font size=+1>10.0.61.5</font></b>
+<br>Country
+(e.g, US) :
+<br>Organization
+(e.g, Apple Computer, Inc.) : <b><font size=+1>Apple</font></b>
+<br>Organization Unit (e.g, Apple Data Security)
+:
+<br>State/Province
+(e.g., California) : <b><font size=+1>California</font></b>
+<p>You have specified:
+<br> Common Name : 10.0.61.5
+<br> Organization
+: Apple
+<br> State/Province
+: California
+<br>Is this OK (y/anything)? <b><font size=+1>y</font></b>
+<br>..cert stored in Keychain.
+<br>#</blockquote>
+The "Common Name" portion of the RDN - in the above case, "10.0.61.5" -
+MUST match the host name of the machine you'll running sslServer on. (In
+this case the test machine doesn't have an actual hostname; it's DHCP'd
+behind a firewall which is why "10.0.61.5" was specified for Common Name.)
+This is part of SSL's certificate verification; it prevents an attack using
+DNS spoofing.
+<p>A brief note about cert/key usage: the normal configuration of SecureTransport
+is that the server cert specified in SSLSetCertificate() is capable of
+both signing and encryption. If this cert is only capable of signing, then
+you must create a second keychain ontaining a cert which is capable of
+encryption, and pass that to SSLSetEncryptionCertificate().
+<br>
+<br> </blockquote>
+
+<h2>
+3. <a NAME="Generating a Certificate Signing Request (CSR)"></a>Generating
+a Certificate Signing Request (CSR)</h2>
+
+<blockquote>A CSR is the standard means by which an administrator of a
+web server provides information to a Certificate Authority (CA) in order
+to obtain a valid certificate which is signed by the CA. This type of cert
+is used in the real world; certs signed by CAs such as Verisign or Thawte
+are recognized by all web browsers when performing SSL transactions.
+<p>The general procedure for obtaining a "real" cert is:
+<br>
+<ul>
+<li>
+Generate a key pair</li>
+
+<li>
+Generate a CSR</li>
+
+<li>
+Provide the CSR and some other information and/or documentation to the
+CA</li>
+
+<li>
+CA sends you a certificate which is signed by the CA.</li>
+
+<li>
+You import that certificate, obtained from the CA, into your keychain.
+The items in that keychain can now be used in SecureTranspoert's SSLSetCertificate()
+call.</li>
+</ul>
+This command performs the first two steps in the above procedure. See <a href="#Importing a Certificate from a Certificate Authority">Section
+5</a> for information on importing the resulting certificate into your
+keychain.
+<p>The format of this command is
+<p># <b>CertTool r outFileName [options]</b>
+<p>The resulting CSR will be written to "outFileName".
+<p>The available options are:
+<p>k=keyChainName
+<blockquote>Where "KeyChainName" is the name of the keychain into which
+keys and the cert will be added. If no keychain is specified, keys and
+certs are added to the default keychain. The specified keychain must exist
+unless you specify the 'c' option.</blockquote>
+d
+<blockquote>The 'd' option tells CertTool to create the CSR in DER-encoded
+format. The default is PEM-encoded, which is what most CAs expect. PEM
+encoded data consists of printable ASCII text which can, for example, be
+pasted into an email message. DER-encoded data is nonprintable binary data.</blockquote>
+c
+<blockquote>Specifies that the designated key is to be created.</blockquote>
+This an interactive command; you will be prompted for a number of different
+items which are used to generate the keypair and the CSR. The prompts given,
+and the format of the data you must supply, are identical to the data shown
+in the sample session in Section 2.
+<p>See Section 7 for more information on using CSRs and about CAs.
+<br>
+<br> </blockquote>
+
+<h2>
+4. <a NAME="Verifying a CSR"></a>Verifying a CSR</h2>
+
+<blockquote>A CSR contains, among other things, the public key which was
+generated in <a href="#Generating a Certificate Signing Request (CSR)">Section
+3</a>. The CSR is signed with the associated private key. Thus the inteegrity
+of a CSR can be verified by extracting its public key and verifying the
+signature of the CSR. This command performs this integrity check.
+<p>The format of this command is
+<p># <b>CertTool v inFileName [options]</b>
+<p>The resulting CSR will be written to "outFileName".
+<p>The only available option is the 'd' flag, which as described in <a href="#Generating a Certificate Signing Request (CSR)">Section
+3</a>, indiciates that the CSR is in DER format rather than the default
+PEM format.
+<p>A typical (successful) run of this command is like so:
+<p># <b>CertTool v myCsr.pem</b>
+<br>...CSR verified successfully.
+<p>A large number of things can go wrong of the verification fails; suffice
+it to say that if you see anything other than the above success message,
+you have a bad or corrupted CSR.
+<br>
+<blockquote> </blockquote>
+</blockquote>
+
+<h2>
+5. <a NAME="Importing a Certificate from a Certificate Authority"></a>Importing
+a Certificate from a Certificate Authority</h2>
+
+<blockquote>Once you have negotiated with your CA, and provided them with
+the CSR generated in <a href="#Generating a Certificate Signing Request (CSR)">Section
+3</a> as well as any other information, documentation, and payment thay
+require, the CA will provide you with a certificate. Use this command to
+add that certificate to the keychain containing the keypair you generated
+in <a href="#Generating a Certificate Signing Request (CSR)">Section 3</a>.
+You currently also have to specify the string you provided as "key and
+certificate label" when executing this command. <i><Note this requirement
+will go away soon.></i>
+<p>The format of this command is
+<p># <b>CertTool i inFileName label [options]</b>
+<p>The cert to import is obtained from "inFileName". The label argument
+is the string you provided to the prompt "Enter key and certificate label:"
+in <a href="#Generating a Certificate Signing Request (CSR)">Section 3</a>.
+<p>The available options are:
+<p>k=keyChainName
+<blockquote>Where "KeyChainName" is the name of the keychain to which the
+cert will be added. If no keychain is specified, the cert is added to the
+default keychain. The specified keychain must exist, and it must contain
+the keypair you generated in <a href="#Generating a Certificate Signing Request (CSR)">Section
+3</a>. If the keychain is not open when this command is executed, you will
+be prompted by the Keychain system for its passphrase.</blockquote>
+d
+<blockquote>Specifies DER format as described above. The default is PEM
+format.</blockquote>
+</blockquote>
+
+<h2>
+6. <a NAME="Displaying a Certificate"></a>Displaying a Certificate</h2>
+
+<blockquote>This displays the contents of an existing certificate, obtained
+from a file.
+<p>The format of this command is
+<p># <b>CertTool d inFileName [options]</b>
+<p>The cert to display is obtained from "inFileName".
+<p>The only available option is the 'd' flag, specifying DER format as
+described above. The default is PEM format
+<br> </blockquote>
+
+<h2>
+7. <a NAME="Certificate Authorities and CSRs"></a>Certificate Authorities
+and CSRs</h2>
+
+<blockquote>As mentioned above, the general procedure for obtaining a "real"
+cert is:
+<ul>
+<li>
+Generate a key pair</li>
+
+<li>
+Generate a CSR</li>
+
+<li>
+Provide the CSR and some other information and/or documentation to the
+CA</li>
+
+<li>
+CA sends you a certificate which is signed by the CA.</li>
+
+<li>
+You import that certificate, obtained from the CA, into your keychain.
+The items in that keychain can now be used in SecureTranspoert's SSLSetCertificate()
+call.</li>
+</ul>
+</blockquote>
+
+<blockquote>One CA with an excellent web-based interface for obtaining
+a cert is Verisign (<a href="http://www.verisign.com/products/site/index.html">http://www.verisign.com/products/site/index.html</a>).
+You can get a free 14-day trial certificate using nothing but CertTool,
+Verisign's web site, and email. You need to provide some personal information;
+then you paste in the CSR generated in <a href="#Generating a Certificate Signing Request (CSR)">Section
+3</a> into a form on the web site. A few minutes later Verisign emails
+you a certificate, which you import into your keychain per <a href="#Importing a Certificate from a Certificate Authority">Section
+5</a>. The whole process takes less than 10 minutes. The free certificate
+obtained in this manner is signed by a temporary root cert which is not
+recognized by any browsers, but Verisign also provides a measn of installing
+this temporary root cert into your browser, directly from their web site.
+Typically one would use the free, temporary cert to perform initial configuration
+of a server and to ring out the general SSL infrastructure. Once you feel
+comfortable with the operation of the server, then it's time to buy a "real"
+certificate which will allow your web server to be recognized by any browser.
+<p>Thawte has a similar, very friendly service at <a href="http://www.thawte.com">http://www.thawte.com/.</a></blockquote>
+
+<blockquote>Note that, for early web server development and/or testing,
+you can skip the entire procedure described above and just generate your
+own self-signed root cert as described in section 1. No CA is involved;
+no CSR is generated; no cert needs to be imported - CertTool generates
+a cert for you and immediately adds it to your keychain. Bear in mind that
+this option requires tolerance of the various SSL clients you'll be testing
+with, none of whom recognize your root cert.</blockquote>
+
+</body>
+</html>
--- /dev/null
+/*
+ File: CertTool.cpp
+
+ Description: certificate manipulation tool
+
+ Author: dmitch
+
+ Copyright: © Copyright 2002 Apple Computer, Inc. All rights reserved.
+
+ Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
+ Computer, Inc. ("Apple") in consideration of your agreement to
+ the following terms, and your use, installation, modification
+ or redistribution of this Apple software constitutes acceptance
+ of these terms. If you do not agree with these terms, please
+ do not use, install, modify or redistribute this Apple software.
+
+ In consideration of your agreement to abide by the following
+ terms, and subject to these terms, Apple grants you a personal,
+ non-exclusive license, under Apple's copyrights in this
+ original Apple software (the "Apple Software"), to use,
+ reproduce, modify and redistribute the Apple Software, with
+ or without modifications, in source and/or binary forms;
+ provided that if you redistribute the Apple Software in
+ its entirety and without modifications, you must retain
+ this notice and the following text and disclaimers in all
+ such redistributions of the Apple Software. Neither the
+ name, trademarks, service marks or logos of Apple Computer,
+ Inc. may be used to endorse or promote products derived from the
+ Apple Software without specific prior written permission from
+ Apple. Except as expressly stated in this notice, no other
+ rights or licenses, express or implied, are granted by Apple
+ herein, including but not limited to any patent rights that
+ may be infringed by your derivative works or by other works
+ in which the Apple Software may be incorporated.
+
+ The Apple Software is provided by Apple on an "AS IS" basis.
+ APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
+ REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE
+ OR IN COMBINATION WITH YOUR PRODUCTS.
+
+ IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
+ INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION
+ AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
+ AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING
+ NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE
+ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include <Security/SecKeychainItem.h>
+#include <Security/SecKeychain.h>
+#include <Security/certextensions.h>
+#include <Security/cssmapple.h>
+#include <Security/oidsattr.h>
+#include <Security/oidscert.h>
+#include <Security/oidsalg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <strings.h>
+#include <ctype.h>
+#include <sys/param.h>
+#include <cdsaUtils/cdsaUtils.h>
+#include <cdsaUtils/printCert.h>
+#include <cdsaUtils/fileIo.h>
+#include <cdsaUtils/pem.h>
+#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
+#include "CertUI.h"
+#include <CoreFoundation/CoreFoundation.h>
+#include <Security/utilities.h>
+
+/* will change soon */
+#include <Security/SecCertificate.h>
+
+/*
+ * Workaround flags.
+ */
+
+/* SecKeychainGetCSPHandle implemented? */
+#define SEC_KEYCHAIN_GET_CSP 0
+
+/* SecCertificateAddToKeychain fully functional? */
+#define SEC_CERT_ADD_TO_KC 1
+
+/* SecKeyCreatePair() implemented */
+#define SEC_KEY_CREATE_PAIR 0
+
+#if !SEC_KEY_CREATE_PAIR
+/* munge Label attr if manually generating keys */
+#define MUNGE_LABEL_ATTR 1
+#endif
+
+#define KC_DB_PATH "Library/Keychains" /* relative to home */
+
+/*
+ * defaults for undocumented 'Z' option
+ */
+#define ZDEF_KEY_LABEL "testCert"
+#define ZDEF_KEY_ALG CSSM_ALGID_RSA
+#define ZDEF_KEY_SIZE 512
+#define ZDEF_KEY_USAGE (kKeyUseSigning | kKeyUseEncrypting)
+#define ZDEF_SIG_ALG CSSM_ALGID_SHA1WithRSA
+#define ZDEF_SIG_OID CSSMOID_SHA1WithRSA
+#define ZDEF_COMMON_NAME "10.0.61.5"
+#define ZDEF_ORG_NAME "Apple Computer - DEBUG ONLY"
+#define ZDEF_COUNTRY "US"
+#define ZDEF_STATE "Washington"
+#define ZDEF_CHALLENGE "someChallenge"
+
+static void usage(char **argv)
+{
+ printf("usage:\n");
+ printf(" Create a keypair and cert: %s c [options]\n", argv[0]);
+ printf(" Create a CSR: %s r outFileName [options]\n",
+ argv[0]);
+ printf(" Verify a CSR: %s v infileName [options]\n", argv[0]);
+ #if SEC_CERT_ADD_TO_KC
+ printf(" Import a certificate: %s i inFileName [options]\n", argv[0]);
+ #else
+ /* this one needs the printName */
+ printf(" Import a certificate: %s i inFileName printName [options]\n",
+ argv[0]);
+ #endif
+ printf(" Display a certificate: %s d inFileName [options]\n", argv[0]);
+ printf("Options:\n");
+ printf(" k=keychainName\n");
+ printf(" c(reate the keychain)\n");
+ printf(" v(erbose)\n");
+ printf(" d (CSR in DER format; default is PEM)\n");
+ printf(" h(elp)\n");
+ exit(1);
+}
+
+#if SEC_KEY_CREATE_PAIR
+#error Work needed to generate key pair using Keychain.
+#else
+
+/*
+ * Workaround to manually generate a key pair and munge its DB attributes
+ * to include the hash of the public key in the private key's Label attr.
+ */
+#if MUNGE_LABEL_ATTR
+
+/* Convert a reference key to a raw key. */
+static CSSM_RETURN refKeyToRaw(
+ CSSM_CSP_HANDLE cspHand,
+ const CSSM_KEY *refKey,
+ CSSM_KEY_PTR rawKey) // RETURNED
+{
+ CSSM_CC_HANDLE ccHand;
+ CSSM_RETURN crtn;
+ CSSM_ACCESS_CREDENTIALS creds;
+
+ memset(rawKey, 0, sizeof(CSSM_KEY));
+ memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
+ crtn = CSSM_CSP_CreateSymmetricContext(cspHand,
+ CSSM_ALGID_NONE,
+ CSSM_ALGMODE_NONE,
+ &creds, // passPhrase
+ NULL, // wrapping key
+ NULL, // init vector
+ CSSM_PADDING_NONE, // Padding
+ 0, // Params
+ &ccHand);
+ if(crtn) {
+ showError(crtn, "refKeyToRaw: context err");
+ return crtn;
+ }
+ crtn = CSSM_WrapKey(ccHand,
+ &creds,
+ refKey,
+ NULL, // DescriptiveData
+ rawKey);
+ if(crtn != CSSM_OK) {
+ showError(crtn, "refKeyToRaw: CSSM_WrapKey");
+ return crtn;
+ }
+ CSSM_DeleteContext(ccHand);
+ return CSSM_OK;
+}
+
+/*
+ * Find private key by label, modify its Label attr to be the
+ * hash of the associated public key.
+ */
+static CSSM_RETURN setPubKeyHash(
+ CSSM_CSP_HANDLE cspHand,
+ CSSM_DL_DB_HANDLE dlDbHand,
+ const CSSM_KEY *pubKey, // to get hash
+ CSSM_KEY_PTR privKey, // its record gets updated
+ const char *keyLabel) // look up by this
+{
+ CSSM_QUERY query;
+ CSSM_SELECTION_PREDICATE predicate;
+ CSSM_DB_UNIQUE_RECORD_PTR record = NULL;
+ CSSM_RETURN crtn;
+ CSSM_DATA labelData;
+ CSSM_HANDLE resultHand;
+
+ labelData.Data = (uint8 *)keyLabel;
+ labelData.Length = strlen(keyLabel) + 1; // incl. NULL
+ query.RecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY;
+ query.Conjunctive = CSSM_DB_NONE;
+ query.NumSelectionPredicates = 1;
+ predicate.DbOperator = CSSM_DB_EQUAL;
+
+ predicate.Attribute.Info.AttributeNameFormat =
+ CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ predicate.Attribute.Info.Label.AttributeName = "Label";
+ predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB;
+ /* hope this cast is OK */
+ predicate.Attribute.Value = &labelData;
+ query.SelectionPredicate = &predicate;
+
+ query.QueryLimits.TimeLimit = 0; // FIXME - meaningful?
+ query.QueryLimits.SizeLimit = 1; // FIXME - meaningful?
+ query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA; // FIXME - used?
+
+ /* build Record attribute with one attr */
+ CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs;
+ CSSM_DB_ATTRIBUTE_DATA attr;
+ attr.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ attr.Info.Label.AttributeName = "Label";
+ attr.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB;
+
+ recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY;
+ recordAttrs.NumberOfAttributes = 1;
+ recordAttrs.AttributeData = &attr;
+
+ crtn = CSSM_DL_DataGetFirst(dlDbHand,
+ &query,
+ &resultHand,
+ &recordAttrs,
+ NULL, // hopefully optional ...theData,
+ &record);
+ /* abort only on success */
+ if(crtn != CSSM_OK) {
+ showError(crtn, "CSSM_DL_DataGetFirst");
+ printf("***setPubKeyHash: can't find private key\n");
+ return crtn;
+ }
+
+ /* do NULL unwrap of public key for use with raw CSP */
+ CSSM_KEY rawPubKey;
+ crtn = refKeyToRaw(cspHand, pubKey, &rawPubKey);
+ if(crtn) {
+ printf("***Error converting public key to raw format\n");
+ return crtn;
+ }
+
+ /* connect to raw CSP */
+ CSSM_CSP_HANDLE rawCspHand = cuCspStartup(CSSM_TRUE);
+ if(rawCspHand == 0) {
+ printf("***Error connecting to raw CSP; aborting.\n");
+ return -1;
+ }
+
+ /* calculate hash of pub key */
+ CSSM_DATA_PTR keyDigest = NULL;
+ CSSM_CC_HANDLE ccHand;
+ crtn = CSSM_CSP_CreatePassThroughContext(rawCspHand,
+ &rawPubKey,
+ &ccHand);
+ if(ccHand == 0) {
+ showError(crtn, "CSSM_CSP_CreatePassThroughContext");
+ printf("***Error calculating public key hash. Aborting.\n");
+ return -1;
+ }
+ crtn = CSSM_CSP_PassThrough(ccHand,
+ CSSM_APPLECSP_KEYDIGEST,
+ NULL,
+ (void **)&keyDigest);
+ if(crtn) {
+ showError(crtn, "CSSM_CSP_PassThrough(PUBKEYHASH)");
+ printf("***Error calculating public key hash. Aborting.\n");
+ return -1;
+ }
+ CSSM_FreeKey(cspHand, NULL, &rawPubKey, CSSM_FALSE);
+ CSSM_DeleteContext(ccHand);
+ CSSM_ModuleDetach(rawCspHand);
+
+ /*
+ * Replace Label attr data with hash.
+ * NOTE: the module which allocated this attribute data - a DL -
+ * was loaded and attached by the Sec layer, not by us. Thus
+ * we can't use the memory allocator functions *we* used when
+ * attaching to the CSPDL - we have to use the ones
+ * which the Sec layer registered with the DL.
+ */
+ CSSM_API_MEMORY_FUNCS memFuncs;
+ crtn = CSSM_GetAPIMemoryFunctions(dlDbHand.DLHandle, &memFuncs);
+ if(crtn) {
+ showError(crtn, "CSSM_GetAPIMemoryFunctions(DLHandle)");
+ /* oh well, leak and continue */
+ }
+ else {
+ memFuncs.free_func(attr.Value->Data, memFuncs.AllocRef);
+ memFuncs.free_func(attr.Value, memFuncs.AllocRef);
+ }
+ attr.Value = keyDigest;
+
+ /* modify key attributes */
+ crtn = CSSM_DL_DataModify(dlDbHand,
+ CSSM_DL_DB_RECORD_PRIVATE_KEY,
+ record,
+ &recordAttrs,
+ NULL, // DataToBeModified
+ CSSM_DB_MODIFY_ATTRIBUTE_REPLACE);
+ if(crtn) {
+ showError(crtn, "CSSM_DL_DataModify(PUBKEYHASH)");
+ printf("***Error setting public key hash. Aborting.\n");
+ return crtn;
+ }
+ crtn = CSSM_DL_DataAbortQuery(dlDbHand, resultHand);
+ if(crtn) {
+ showError(crtn, "CSSM_DL_DataAbortQuery");
+ /* let's keep going in this case */
+ }
+ crtn = CSSM_DL_FreeUniqueRecord(dlDbHand, record);
+ if(crtn) {
+ showError(crtn, "CSSM_DL_FreeUniqueRecord");
+ /* let's keep going in this case */
+ crtn = CSSM_OK;
+ }
+
+ /* free resources */
+ cuAppFree(keyDigest->Data, NULL);
+ return CSSM_OK;
+}
+#endif /* MUNGE_LABEL_ATTR */
+
+/* Still on the !SEC_KEY_CREATE_PAIR workaround */
+
+/*
+ * Generate a key pair using the CSPDL.
+ */
+static OSStatus generateKeyPair(
+ CSSM_CSP_HANDLE cspHand,
+ CSSM_DL_DB_HANDLE dlDbHand,
+ CSSM_ALGORITHMS keyAlg, // e.g., CSSM_ALGID_RSA
+ uint32 keySizeInBits,
+ const char *keyLabel, // C string
+ CU_KeyUsage keyUsage, // CUK_Signing, etc.
+ CSSM_BOOL verbose,
+ CSSM_KEY_PTR *pubKeyPtr, // mallocd, created, RETURNED
+ CSSM_KEY_PTR *privKeyPtr) // mallocd, created, RETURNED
+{
+ CSSM_KEY_PTR pubKey = reinterpret_cast<CSSM_KEY_PTR>(
+ APP_MALLOC(sizeof(CSSM_KEY)));
+ CSSM_KEY_PTR privKey = reinterpret_cast<CSSM_KEY_PTR>(
+ APP_MALLOC(sizeof(CSSM_KEY)));
+ if((pubKey == NULL) || (privKey == NULL)) {
+ return memFullErr;
+ }
+
+ CSSM_RETURN crtn;
+ CSSM_KEYUSE pubKeyUse = 0;
+ CSSM_KEYUSE privKeyUse = 0;
+
+ if(keyUsage & kKeyUseSigning) {
+ pubKeyUse |= CSSM_KEYUSE_VERIFY;
+ privKeyUse |= CSSM_KEYUSE_SIGN;
+ }
+ if(keyUsage & kKeyUseEncrypting) {
+ pubKeyUse |= (CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_WRAP);
+ privKeyUse |= (CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_UNWRAP);
+ }
+
+ crtn = cuCspGenKeyPair(cspHand,
+ &dlDbHand,
+ keyAlg,
+ keyLabel,
+ strlen(keyLabel) + 1,
+ keySizeInBits,
+ pubKey,
+ pubKeyUse,
+ CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT,
+ privKey,
+ privKeyUse,
+ CSSM_KEYATTR_SENSITIVE | CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT);
+ if(crtn) {
+ APP_FREE(pubKey);
+ APP_FREE(privKey);
+ return paramErr;
+ }
+ if(verbose) {
+ printf("...%u bit key pair generated.\n",
+ (unsigned)keySizeInBits);
+ }
+
+ #if MUNGE_LABEL_ATTR
+ /* bind private key to cert by public key hash */
+ crtn = setPubKeyHash(cspHand,
+ dlDbHand,
+ pubKey,
+ privKey,
+ keyLabel);
+ if(crtn) {
+ printf("***Error setting public key hash. Continuing at peril.\n");
+ }
+ #endif /* MUNGE_LABEL_ATTR */
+
+ *pubKeyPtr = pubKey;
+ *privKeyPtr = privKey;
+ return noErr;
+}
+#endif /* SEC_KEY_CREATE_PAIR */
+
+static void verifyCsr(
+ CSSM_CL_HANDLE clHand,
+ const char *fileName,
+ CSSM_BOOL pemFormat)
+{
+ unsigned char *csr = NULL;
+ unsigned csrLen;
+ CSSM_DATA csrData;
+ unsigned char *der = NULL;
+ unsigned derLen = 0;
+
+ if(readFile(fileName, &csr, &csrLen)) {
+ printf("***Error reading CSR from file %s. Aborting.\n",
+ fileName);
+ return;
+ }
+ if(pemFormat) {
+ int rtn = pemDecode(csr, csrLen, &der, &derLen);
+ if(rtn) {
+ printf("***%s: Bad PEM formatting. Aborting.\n", fileName);
+ return;
+ }
+ csrData.Data = der;
+ csrData.Length = derLen;
+ }
+ else {
+ csrData.Data = csr;
+ csrData.Length = csrLen;
+ }
+
+ CSSM_RETURN crtn = CSSM_CL_PassThrough(clHand,
+ 0, // CCHandle
+ CSSM_APPLEX509CL_VERIFY_CSR,
+ &csrData,
+ NULL);
+ if(crtn) {
+ cuPrintError("Verify CSR", crtn);
+ }
+ else {
+ printf("...CSR verified successfully.\n");
+ }
+ if(der) {
+ free(der);
+ }
+ if(csr) {
+ free(csr);
+ }
+}
+
+static void displayCert(
+ const char *fileName,
+ CSSM_BOOL pemFormat)
+{
+ unsigned char *rawCert = NULL;
+ unsigned rawCertSize;
+ unsigned char *derCert = NULL;
+ unsigned derCertSize;
+ int rtn;
+
+ rtn = readFile(fileName, &rawCert, &rawCertSize);
+ if(rtn) {
+ printf("Error reading %s; aborting.\n", fileName);
+ return;
+ }
+ if(pemFormat) {
+ rtn = pemDecode(rawCert, rawCertSize, &derCert, &derCertSize);
+ if(rtn) {
+ printf("***%s: Bad PEM formatting. Aborting.\n", fileName);
+ return;
+ }
+ printCert(derCert, derCertSize, CSSM_TRUE);
+ free(derCert);
+ }
+ else {
+ printCert(rawCert, rawCertSize, CSSM_TRUE);
+ }
+}
+
+static void importCert(
+ SecKeychainRef kcRef, // if SEC_CERT_ADD_TO_KC
+ CSSM_DL_DB_HANDLE dlDbHand, // otherwise
+ const char *fileName,
+ CSSM_BOOL pemFormat,
+ /* cruft needed by cuAddCertToDb */
+ const char *printName) // C string
+{
+ unsigned char *cert = NULL;
+ unsigned certLen;
+ CSSM_DATA certData;
+ unsigned char *der = NULL;
+ unsigned derLen = 0;
+ #if !SEC_CERT_ADD_TO_KC
+ CSSM_DATA pubKeyHash = {3, (uint8 *)"foo"};
+ #endif
+
+ if(readFile(fileName, &cert, &certLen)) {
+ printf("***Error reading certificate from file %s. Aborting.\n",
+ fileName);
+ return;
+ }
+ if(pemFormat) {
+ int rtn = pemDecode(cert, certLen, &der, &derLen);
+ if(rtn) {
+ printf("***%s: Bad PEM formatting. Aborting.\n", fileName);
+ return;
+ }
+ certData.Data = der;
+ certData.Length = derLen;
+ }
+ else {
+ certData.Data = cert;
+ certData.Length = certLen;
+ }
+
+ #if SEC_CERT_ADD_TO_KC
+ SecCertificateRef certRef;
+ OSStatus ortn = SecCertificateCreateFromData(
+ &certData,
+ CSSM_CERT_X_509v3,
+ CSSM_CERT_ENCODING_DER,
+ &certRef);
+ if(ortn) {
+ printf("***SecCertificateCreateFromData returned %d; aborting.\n",
+ (int)ortn);
+ return;
+ }
+ ortn = SecCertificateAddToKeychain(certRef, kcRef);
+ if(ortn) {
+ printf("***SecCertificateAddToKeychain returned %d; aborting.\n",
+ (int)ortn);
+ return;
+ }
+ #else
+ CSSM_RETURN crtn = cuAddCertToDb(dlDbHand,
+ &certData,
+ CSSM_CERT_X_509v3,
+ CSSM_CERT_ENCODING_DER,
+ printName, // printName
+ &pubKeyHash);
+ if(crtn) {
+ printf("***Error adding cert to keychain. Aborting.\n");
+ return;
+ }
+ #endif /* SEC_CERT_ADD_TO_KC */
+
+ printf("...certificate successfully imported.\n");
+ if(der) {
+ free(der);
+ }
+ if(cert) {
+ free(cert);
+ }
+}
+
+
+static OSStatus createCertCsr(
+ CSSM_BOOL createCsr, // true: CSR, false: Cert
+ CSSM_TP_HANDLE tpHand, // eventually, a SecKeychainRef
+ CSSM_CL_HANDLE clHand,
+ CSSM_CSP_HANDLE cspHand,
+ CSSM_KEY_PTR subjPubKey,
+ CSSM_KEY_PTR signerPrivKey,
+ CSSM_ALGORITHMS sigAlg,
+ const CSSM_OID *sigOid,
+ CU_KeyUsage keyUsage, // kKeyUseSigning, etc.
+ /*
+ * Issuer's RDN is obtained from the issuer cert, if present, or is
+ * assumed to be the same as the subject name (i.e., we're creating
+ * a self-signed root cert).
+ */
+ const CSSM_DATA *issuerCert,
+ CSSM_BOOL useAllDefaults,
+ CSSM_DATA_PTR certData) // mallocd and RETURNED
+{
+ CE_DataAndType exts[2];
+ CE_DataAndType *extp = exts;
+ unsigned numExts;
+
+ CSSM_DATA refId; // mallocd by CSSM_TP_SubmitCredRequest
+ CSSM_APPLE_TP_CERT_REQUEST certReq;
+ CSSM_TP_REQUEST_SET reqSet;
+ sint32 estTime;
+ CSSM_BOOL confirmRequired;
+ CSSM_TP_RESULT_SET_PTR resultSet;
+ CSSM_ENCODED_CERT *encCert;
+ CSSM_APPLE_TP_NAME_OID subjectNames[MAX_NAMES];
+ uint32 numNames;
+ CSSM_TP_CALLERAUTH_CONTEXT CallerAuthContext;
+ CSSM_FIELD policyId;
+
+ /* Note a lot of the CSSM_APPLE_TP_CERT_REQUEST fields are not
+ * used for the createCsr option, but we'll fill in as much as is practical
+ * for either case.
+ */
+ if(issuerCert != NULL) {
+ printf("createCertCsr: issuerCert not implemented\n");
+ return unimpErr;
+ }
+
+ numExts = 0;
+
+ char challengeBuf[400];
+ if(createCsr) {
+ if(useAllDefaults) {
+ strcpy(challengeBuf, ZDEF_CHALLENGE);
+ }
+ else {
+ while(1) {
+ getStringWithPrompt("Enter challenge string: ",
+ challengeBuf, sizeof(challengeBuf));
+ if(challengeBuf[0] != '\0') {
+ break;
+ }
+ }
+ }
+ certReq.challengeString = challengeBuf;
+ }
+ else {
+ /* creating cert */
+ certReq.challengeString = NULL;
+
+ /* KeyUsage extension */
+ extp->type = DT_KeyUsage;
+ extp->critical = CSSM_FALSE;
+ extp->extension.keyUsage = 0;
+ if(keyUsage & kKeyUseSigning) {
+ extp->extension.keyUsage |=
+ (CE_KU_DigitalSignature | CE_KU_KeyCertSign);
+ }
+ if(keyUsage & kKeyUseEncrypting) {
+ extp->extension.keyUsage |=
+ (CE_KU_KeyEncipherment | CE_KU_DataEncipherment);
+ }
+ extp++;
+ numExts++;
+
+ /* BasicConstraints */
+ extp->type = DT_BasicConstraints;
+ extp->critical = CSSM_TRUE;
+ extp->extension.basicConstraints.cA = CSSM_TRUE;
+ extp->extension.basicConstraints.pathLenConstraintPresent = CSSM_FALSE;
+ extp++;
+ numExts++;
+ }
+
+ /* name array, get from user. */
+ if(useAllDefaults) {
+ subjectNames[0].string = ZDEF_COMMON_NAME;
+ subjectNames[0].oid = &CSSMOID_CommonName;
+ subjectNames[1].string = ZDEF_ORG_NAME;
+ subjectNames[1].oid = &CSSMOID_OrganizationName;
+ subjectNames[2].string = ZDEF_COUNTRY;
+ subjectNames[2].oid = &CSSMOID_CountryName;
+ subjectNames[3].string = ZDEF_STATE;
+ subjectNames[3].oid = &CSSMOID_StateProvinceName;
+ numNames = 4;
+ }
+ else {
+ getNameOids(subjectNames, &numNames);
+ }
+
+ /* certReq */
+ certReq.cspHand = cspHand;
+ certReq.clHand = clHand;
+ certReq.serialNumber = 0x12345678; // TBD - random? From user?
+ certReq.numSubjectNames = numNames;
+ certReq.subjectNames = subjectNames;
+
+ /* TBD - if we're passed in a signing cert, certReq.issuerNameX509 will
+ * be obtained from that cert. For now we specify "self-signed" cert
+ * by not providing an issuer name at all. */
+ certReq.numIssuerNames = 0; // root for now
+ certReq.issuerNames = NULL;
+ certReq.issuerNameX509 = NULL;
+ certReq.certPublicKey = subjPubKey;
+ certReq.issuerPrivateKey = signerPrivKey;
+ certReq.signatureAlg = sigAlg;
+ certReq.signatureOid = *sigOid;
+ certReq.notBefore = 0; // TBD - from user
+ certReq.notAfter = 60 * 60 * 24 * 30; // seconds from now
+ certReq.numExtensions = numExts;
+ certReq.extensions = exts;
+
+ reqSet.NumberOfRequests = 1;
+ reqSet.Requests = &certReq;
+
+ /* a CSSM_TP_CALLERAUTH_CONTEXT to specify an OID */
+ memset(&CallerAuthContext, 0, sizeof(CSSM_TP_CALLERAUTH_CONTEXT));
+ memset(&policyId, 0, sizeof(CSSM_FIELD));
+ if(createCsr) {
+ policyId.FieldOid = CSSMOID_APPLE_TP_CSR_GEN;
+ }
+ else {
+ policyId.FieldOid = CSSMOID_APPLE_TP_LOCAL_CERT_GEN;
+ }
+ CallerAuthContext.Policy.NumberOfPolicyIds = 1;
+ CallerAuthContext.Policy.PolicyIds = &policyId;
+
+ CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest(tpHand,
+ NULL, // PreferredAuthority
+ CSSM_TP_AUTHORITY_REQUEST_CERTISSUE,
+ &reqSet,
+ &CallerAuthContext,
+ &estTime,
+ &refId);
+
+ /* before proceeding, free resources allocated thus far */
+ if(!useAllDefaults) {
+ freeNameOids(subjectNames, numNames);
+ }
+
+ if(crtn) {
+ cuPrintError("CSSM_TP_SubmitCredRequest", crtn);
+ return crtn;
+ }
+ crtn = CSSM_TP_RetrieveCredResult(tpHand,
+ &refId,
+ NULL, // CallerAuthCredentials
+ &estTime,
+ &confirmRequired,
+ &resultSet);
+ if(crtn) {
+ cuPrintError("CSSM_TP_RetrieveCredResult", crtn);
+ return crtn;
+ }
+ if(resultSet == NULL) {
+ printf("***CSSM_TP_RetrieveCredResult returned NULL result set.\n");
+ return ioErr;
+ }
+ encCert = (CSSM_ENCODED_CERT *)resultSet->Results;
+ *certData = encCert->CertBlob;
+
+ /* free resources allocated by TP */
+ APP_FREE(refId.Data);
+ APP_FREE(encCert);
+ APP_FREE(resultSet);
+ return noErr;
+}
+
+typedef enum {
+ CO_Nop,
+ CO_CreateCert,
+ CO_CreateCSR,
+ CO_VerifyCSR,
+ CO_ImportCert,
+ CO_DisplayCert
+} CertOp;
+
+int main(int argc, char **argv)
+{
+ SecKeychainRef kcRef = nil;
+ char kcPath[MAXPATHLEN + 1];
+ UInt32 kcPathLen = MAXPATHLEN + 1;
+ CSSM_BOOL createKc = CSSM_FALSE;
+ OSStatus ortn;
+ CSSM_DL_DB_HANDLE dlDbHand = {0, 0};
+ CSSM_CSP_HANDLE cspHand = 0;
+ CSSM_TP_HANDLE tpHand = 0;
+ CSSM_CL_HANDLE clHand = 0;
+ CSSM_KEY_PTR pubKey;
+ CSSM_KEY_PTR privKey;
+ int arg;
+ char *argp;
+ CSSM_BOOL verbose = CSSM_FALSE;
+ CSSM_ALGORITHMS keyAlg;
+ CSSM_ALGORITHMS sigAlg;
+ const CSSM_OID *sigOid;
+ CSSM_DATA certData = {0, NULL};
+ CSSM_RETURN crtn;
+ CU_KeyUsage keyUsage = 0;
+ bool isRoot;
+ CSSM_DATA keyLabel;
+ #if !SEC_KEY_CREATE_PAIR && !MUNGE_LABEL_ATTR
+ CSSM_DATA pubKeyHash = {3, (uint8 *)"foo"};
+ #endif
+ CSSM_BOOL createCsr = CSSM_FALSE; // else create cert
+ int optArgs = 0;
+
+ /* command line arguments */
+ char *fileName = NULL;
+ CSSM_BOOL pemFormat = CSSM_TRUE;
+ char *certPrintName = NULL;
+ CertOp op = CO_Nop;
+ uint32 keySizeInBits;
+ char *kcName = NULL;
+ CSSM_BOOL useAllDefaults = CSSM_FALSE; // undoc'd cmd option
+
+ if(argc < 2) {
+ usage(argv);
+ }
+ switch(argv[1][0]) {
+ case 'c':
+ op = CO_CreateCert;
+ optArgs = 2;
+ break;
+ case 'r':
+ if(argc < 3) {
+ usage(argv);
+ }
+ op = CO_CreateCSR;
+ createCsr = CSSM_TRUE;
+ fileName = argv[2];
+ optArgs = 3;
+ break;
+ case 'v':
+ if(argc < 3) {
+ usage(argv);
+ }
+ op = CO_VerifyCSR;
+ fileName = argv[2];
+ optArgs = 3;
+ break;
+ case 'i':
+ #if SEC_CERT_ADD_TO_KC
+ if(argc < 3) {
+ usage(argv);
+ }
+ optArgs = 3;
+ #else
+ if(argc < 4) {
+ usage(argv);
+ }
+ certPrintName = argv[3];
+ optArgs = 4;
+ #endif /* SEC_CERT_ADD_TO_KC */
+ op = CO_ImportCert;
+ fileName = argv[2];
+ break;
+ case 'd':
+ if(argc < 3) {
+ usage(argv);
+ }
+ op = CO_DisplayCert;
+ fileName = argv[2];
+ optArgs = 3;
+ break;
+ default:
+ usage(argv);
+ }
+ for(arg=optArgs; arg<argc; arg++) {
+ argp = argv[arg];
+ switch(argp[0]) {
+ case 'k':
+ kcName = &argp[2];
+ break;
+ case 'v':
+ verbose = CSSM_TRUE;
+ break;
+ case 'd':
+ pemFormat = CSSM_FALSE;
+ break;
+ case 'c':
+ createKc = CSSM_TRUE;
+ break;
+ case 'Z':
+ /* undocumented "use all defaults quickly" option */
+ useAllDefaults = CSSM_TRUE;
+ break;
+ default:
+ usage(argv);
+ }
+ }
+ if(op == CO_DisplayCert) {
+ /* ready to roll */
+ displayCert(fileName, pemFormat);
+ return 0;
+ }
+
+ clHand = cuClStartup();
+ if(clHand == 0) {
+ printf("Error connecting to CL. Aborting.\n");
+ exit(1);
+ }
+
+ /* that's all we need for verifying a CSR */
+ if(op == CO_VerifyCSR) {
+ verifyCsr(clHand, fileName, pemFormat);
+ goto abort;
+ }
+
+ /* remaining ops need TP and CSP as well */
+ #if !SEC_KEYCHAIN_GET_CSP
+ /* get it from keychain */
+ cspHand = cuCspStartup(CSSM_FALSE);
+ if(cspHand == 0) {
+ printf("Error connecting to CSP/DL. Aborting.\n");
+ exit(1);
+ }
+ #endif
+ tpHand = cuTpStartup();
+ if(tpHand == 0) {
+ printf("Error connecting to TP. Aborting.\n");
+ exit(1);
+ }
+
+ if(kcName) {
+ char *userHome = getenv("HOME");
+
+ if(userHome == NULL) {
+ /* well, this is probably not going to work */
+ userHome = "";
+ }
+ sprintf(kcPath, "%s/%s/%s", userHome, KC_DB_PATH, kcName);
+
+ }
+ else {
+ /* use default keychain */
+ ortn = SecKeychainCopyDefault(&kcRef);
+ if(ortn) {
+ showError(ortn, "SecKeychainCopyDefault");
+ exit(1);
+ }
+ ortn = SecKeychainGetPath(kcRef, &kcPathLen, kcPath);
+ if(ortn) {
+ showError(ortn, "SecKeychainGetPath");
+ exit(1);
+ }
+
+ /*
+ * OK, we have a path, we have to release the first KC ref,
+ * then get another one by opening it
+ */
+ CFRelease(kcRef);
+ }
+ if(createKc) {
+ ortn = SecKeychainCreate(kcPath,
+ 0, // no password
+ NULL, // ditto
+ true, // promptUser
+ nil, // initialAccess
+ &kcRef);
+ /* fixme - do we have to open it? */
+ if(ortn) {
+ showError(ortn, "SecKeychainCreateNew");
+ printf("***Error creating keychain at %s; aborting.\n", kcPath);
+ exit(1);
+ }
+ }
+ else {
+ ortn = SecKeychainOpen(kcPath, &kcRef);
+ if(ortn) {
+ showError(ortn, "SecKeychainOpen");
+ printf("Cannot open keychain at %s. Aborting.\n", kcPath);
+ exit(1);
+ }
+ }
+
+ /* get associated DL/DB handle */
+ ortn = SecKeychainGetDLDBHandle(kcRef, &dlDbHand);
+ if(ortn) {
+ showError(ortn, "SecKeychainGetDLDBHandle");
+ exit(1);
+ }
+
+ if(op == CO_ImportCert) {
+ importCert(kcRef, dlDbHand, fileName, pemFormat, certPrintName);
+ goto abort;
+ }
+
+ #if SEC_KEYCHAIN_GET_CSP
+ /* create cert, CSR need CSP handle */
+ ortn = SecKeychainGetCSPHandle(kcRef, &cspHand);
+ if(ortn) {
+ showError(ortn, "SecKeychainGetCSPHandle");
+ exit(1);
+ }
+ #endif
+
+ /*
+ * TBD: eventually we want to present the option of using an existing
+ * SecIdentityRef from the keychain as the signing cert/key. If none
+ * found or the user says they want a root, we generate the signing key
+ * pair as follows....
+ */
+ isRoot = true;
+
+ /*
+ * Generate a key pair. For now we do this via CDSA.
+ */
+ char labelBuf[200];
+ if(useAllDefaults) {
+ strcpy(labelBuf, ZDEF_KEY_LABEL);
+ }
+ else {
+ while(1) {
+ getStringWithPrompt("Enter key and certificate label: ", labelBuf,
+ sizeof(labelBuf));
+ if(labelBuf[0] != '\0') {
+ break;
+ }
+ }
+ }
+ keyLabel.Data = (uint8 *)labelBuf;
+ keyLabel.Length = strlen(labelBuf);
+
+ /* get key algorithm and size */
+ if(useAllDefaults) {
+ keyAlg = ZDEF_KEY_ALG;
+ keySizeInBits = ZDEF_KEY_SIZE;
+ }
+ else {
+ getKeyParams(keyAlg, keySizeInBits);
+ }
+
+ /* get usage for keys and certs */
+ if(useAllDefaults) {
+ keyUsage = ZDEF_KEY_USAGE;
+ }
+ else {
+ keyUsage = getKeyUsage(isRoot);
+ }
+
+ printf("...Generating key pair...\n");
+ ortn = generateKeyPair(cspHand,
+ dlDbHand,
+ keyAlg,
+ keySizeInBits,
+ labelBuf,
+ keyUsage,
+ verbose,
+ &pubKey,
+ &privKey);
+ if(ortn) {
+ printf("Error generating keys; aborting.\n");
+ goto abort;
+ }
+
+ /* get signing algorithm per the signing key */
+ if(useAllDefaults) {
+ sigAlg = ZDEF_SIG_ALG;
+ sigOid = &ZDEF_SIG_OID;
+ }
+ else {
+ ortn = getSigAlg(privKey, sigAlg, sigOid);
+ if(ortn) {
+ printf("Can not sign with this private key. Aborting.\n");
+ goto abort;
+ }
+ }
+
+ if(createCsr) {
+ printf("...creating CSR...\n");
+ }
+ else {
+ printf("...creating certificate...\n");
+ }
+ /* generate the cert */
+ ortn = createCertCsr(createCsr,
+ tpHand,
+ clHand,
+ cspHand,
+ pubKey,
+ privKey,
+ sigAlg,
+ sigOid,
+ keyUsage,
+ NULL, // issuer cert
+ useAllDefaults,
+ &certData);
+ if(ortn) {
+ goto abort;
+ }
+ if(verbose) {
+ printCert(certData.Data, certData.Length, CSSM_FALSE);
+ printCertShutdown();
+ }
+
+ if(createCsr) {
+ /* just write this to a file */
+ unsigned char *pem = NULL;
+ unsigned pemLen;
+ int rtn;
+
+ if(pemFormat) {
+ rtn = pemEncode(certData.Data, certData.Length, &pem, &pemLen,
+ "CERTIFICATE REQUEST");
+ if(rtn) {
+ /* very unlikely, I think malloc is the only failure */
+ printf("***Error PEM-encoding CSR. Aborting.\n");
+ goto abort;
+ }
+ rtn = writeFile(fileName, pem, pemLen);
+ }
+ else {
+ rtn = writeFile(fileName, certData.Data, certData.Length);
+ }
+ if(rtn) {
+ printf("***Error writing CSR to %s\n", fileName);
+ }
+ else {
+ printf("Wrote %u bytes of CSR to %s\n", (unsigned)certData.Length,
+ fileName);
+ }
+ if(pem) {
+ free(pem);
+ }
+ }
+ else {
+ /* store the cert in the same DL/DB as the key pair */
+ #if SEC_CERT_ADD_TO_KC
+ crtn = cuAddCertToKC(kcRef,
+ &certData,
+ CSSM_CERT_X_509v3,
+ CSSM_CERT_ENCODING_DER,
+ labelBuf, // printName
+ &keyLabel);
+ #else
+ crtn = cuAddCertToDb(dlDbHand,
+ &certData,
+ CSSM_CERT_X_509v3,
+ CSSM_CERT_ENCODING_DER,
+ labelBuf, // printName
+ &pubKeyHash);
+ #endif /* SEC_CERT_ADD_TO_KC */
+ if(crtn == CSSM_OK) {
+ printf("..cert stored in Keychain.\n");
+ }
+ }
+abort:
+ /* CLEANUP */
+ return 0;
+}
+
--- /dev/null
+/*
+ File: CertUI.cpp
+
+ Description: stdio-based routines to get cert info from user.
+
+ Author: dmitch
+
+ Copyright: © Copyright 2002 Apple Computer, Inc. All rights reserved.
+
+ Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
+ Computer, Inc. ("Apple") in consideration of your agreement to
+ the following terms, and your use, installation, modification
+ or redistribution of this Apple software constitutes acceptance
+ of these terms. If you do not agree with these terms, please
+ do not use, install, modify or redistribute this Apple software.
+
+ In consideration of your agreement to abide by the following
+ terms, and subject to these terms, Apple grants you a personal,
+ non-exclusive license, under Apple's copyrights in this
+ original Apple software (the "Apple Software"), to use,
+ reproduce, modify and redistribute the Apple Software, with
+ or without modifications, in source and/or binary forms;
+ provided that if you redistribute the Apple Software in
+ its entirety and without modifications, you must retain
+ this notice and the following text and disclaimers in all
+ such redistributions of the Apple Software. Neither the
+ name, trademarks, service marks or logos of Apple Computer,
+ Inc. may be used to endorse or promote products derived from the
+ Apple Software without specific prior written permission from
+ Apple. Except as expressly stated in this notice, no other
+ rights or licenses, express or implied, are granted by Apple
+ herein, including but not limited to any patent rights that
+ may be infringed by your derivative works or by other works
+ in which the Apple Software may be incorporated.
+
+ The Apple Software is provided by Apple on an "AS IS" basis.
+ APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
+ REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE
+ OR IN COMBINATION WITH YOUR PRODUCTS.
+
+ IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
+ INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION
+ AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
+ AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING
+ NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE
+ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include "CertUI.h"
+#include <Security/x509defs.h>
+#include <Security/oidsattr.h>
+#include <Security/oidscert.h>
+#include <Security/oidsalg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <strings.h>
+#include <ctype.h>
+#include <cdsaUtils/cdsaUtils.h>
+#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
+
+void showError(
+ OSStatus ortn,
+ const char *errStr)
+{
+ printf("%s returned %d\n", errStr, (int)ortn);
+}
+
+
+/*
+ * Safe gets().
+ * -- guaranteed no buffer overflow
+ * -- guaranteed NULL-terminated string
+ * -- handles empty string (i.e., response is just CR) properly
+ */
+void getString(
+ char *buf,
+ unsigned bufSize)
+{
+ unsigned dex;
+ char c;
+ char *cp = buf;
+
+ for(dex=0; dex<bufSize-1; dex++) {
+ c = getchar();
+ if(!isprint(c)) {
+ break;
+ }
+ switch(c) {
+ case '\n':
+ case '\r':
+ goto done;
+ default:
+ *cp++ = c;
+ }
+ }
+done:
+ *cp = '\0';
+}
+
+/*
+ * Prompt and safe getString.
+ */
+void getStringWithPrompt(
+ const char *prompt, // need not end in newline
+ char *buf,
+ unsigned bufSize)
+{
+ fpurge(stdin);
+ printf("%s", prompt);
+ fflush(stdout);
+ getString(buf, bufSize);
+}
+
+static const NameOidInfo nameOidInfo[MAX_NAMES] =
+{
+ { &CSSMOID_CommonName, "Common Name ", "www.apple.com"},
+ { &CSSMOID_CountryName, "Country ", "US"},
+ { &CSSMOID_OrganizationName, "Organization ", "Apple Computer, Inc."},
+ { &CSSMOID_OrganizationalUnitName, "Organization Unit", "Apple Data Security"},
+ { &CSSMOID_StateProvinceName, "State/Province ", "California" }
+};
+
+static const char *oidToDesc(
+ const CSSM_OID *oid)
+{
+ unsigned dex;
+
+ for(dex=0; dex<MAX_NAMES; dex++) {
+ if(cuCompareCssmData(oid, nameOidInfo[dex].oid)) {
+ return nameOidInfo[dex].description;
+ }
+ }
+ printf("oidToDesc error!\n");
+ exit(1);
+ /* NOT REACHED */
+ return NULL;
+}
+
+void getNameOids(
+ CSSM_APPLE_TP_NAME_OID *subjectNames, // size MAX_NAMES mallocd by caller
+ uint32 *numNames) // RETURNED
+{
+ bool ok = false;
+ const NameOidInfo *nameOidIn;
+ CSSM_APPLE_TP_NAME_OID *nameOidOut = subjectNames;
+ unsigned dex;
+ char resp[200];
+ unsigned outNames;
+
+ *numNames = 0;
+ memset(subjectNames, 0, MAX_NAMES * sizeof(CSSM_APPLE_TP_NAME_OID));
+
+ printf("\nYou will now specify the various components of the certificate's\n"
+ "Relative Distinguished Name (RDN). An RDN has a number of \n"
+ "components, all of which are optional, but at least one of \n"
+ "which must be present. \n\n"
+ "Note that if you are creating a certificate for use in an \n"
+ "SSL/TLS server, the Common Name component of the RDN must match\n"
+ "exactly the host name of the server. This must not be an IP\n"
+ "address, but the actual domain name, e.g. www.apple.com.\n\n"
+ "Entering a CR for a given RDN component results in no value for\n"
+ "that component.\n\n");
+ while(!ok) {
+ nameOidOut = subjectNames;
+ outNames = 0;
+ for(dex=0; dex<MAX_NAMES; dex++) {
+ nameOidIn = &nameOidInfo[dex];
+ fpurge(stdin);
+ printf("%s (e.g, %s) : ",
+ nameOidIn->description, nameOidIn->example);
+ fflush(stdout);
+ getString(resp, sizeof(resp));
+ if(resp[0] != '\0') {
+ unsigned len = strlen(resp) + 1;
+ nameOidOut->string = (char *)malloc(len);
+ strcpy((char *)nameOidOut->string, resp);
+ nameOidOut->oid = nameOidIn->oid;
+ nameOidOut++;
+ outNames++;
+ }
+ }
+ if(outNames == 0) {
+ printf("\nYou must enter at least one value RDN component.\n\n");
+ continue;
+ }
+ printf("\nYou have specified:\n");
+ for(dex=0; dex<outNames; dex++) {
+ nameOidOut = &subjectNames[dex];
+ printf(" %s : %s\n", oidToDesc(nameOidOut->oid), nameOidOut->string);
+ }
+ getStringWithPrompt("Is this OK (y/anything)? ", resp, sizeof(resp));
+ if(resp[0] == 'y') {
+ ok = true;
+ break;
+ }
+ }
+ *numNames = outNames;
+}
+
+/*
+ * Free strings mallocd in getNameOids.
+ */
+void freeNameOids(
+ CSSM_APPLE_TP_NAME_OID *subjectNames,
+ uint32 numNames)
+{
+ for(unsigned i=0; i<numNames; i++) {
+ if(subjectNames[i].string) {
+ free((char *)subjectNames[i].string);
+ }
+ }
+}
+
+/* key size verifier - one for each key alg */
+
+static bool rsaKeySizeVerify(
+ unsigned keySize)
+{
+ if(keySize < 512) {
+ return false;
+ }
+ if(keySize > 2048) {
+ return false;
+ }
+ return true;
+}
+
+static bool dsaKeySizeVerify(
+ unsigned keySize)
+{
+ return((keySize >= 512) & (keySize <= 2048));
+}
+
+static bool feeKeySizeVerify(
+ unsigned keySize)
+{
+ switch(keySize) {
+ case 128:
+ case 161:
+ case 192:
+ return true;
+ default:
+ return false;
+ }
+}
+
+typedef bool (*keySizeVerifyFcn)(unsigned keySize);
+
+/* map between algorithms, string, char selector, OID */
+typedef struct _AlgInfo {
+ CSSM_ALGORITHMS alg;
+ char *str;
+ char selector;
+ const CSSM_OID *oid; // only for signatures
+ uint32 defaultKeySize; // only for keys
+ char *keyRangeString; // only for keys
+ const struct _AlgInfo *sigAlgInfo; // only for keys
+ keySizeVerifyFcn vfyFcn; // only for keys
+} AlgInfo;
+
+/*
+ * Note: CSSM_ALGID_MD2WithRSA does not work due to an inimplemented
+ * Security Server feature. Even though CSP nad CL support this, we
+ * don't really want to provide this capability anyway - it's a known
+ * insecure digest algorithm.
+ */
+static const AlgInfo rsaSigAlgInfo[] =
+{
+ { CSSM_ALGID_MD5WithRSA, "RSA with MD5", '5', &CSSMOID_MD5WithRSA},
+// { CSSM_ALGID_MD2WithRSA, "RSA with MD2", '2', &CSSMOID_MD2WithRSA},
+ { CSSM_ALGID_SHA1WithRSA, "RSA with SHA1", 's', &CSSMOID_SHA1WithRSA},
+ { CSSM_ALGID_NONE, NULL, 0 }
+};
+
+static const AlgInfo feeSigAlgInfo[] =
+{
+ { CSSM_ALGID_FEE_MD5, "FEE with MD5", '5', &CSSMOID_APPLE_FEE_MD5 },
+ { CSSM_ALGID_FEE_SHA1, "FEE with SHA1", 's', &CSSMOID_APPLE_FEE_SHA1 },
+ { CSSM_ALGID_SHA1WithECDSA, "ECDSA/SHA1", 'e', &CSSMOID_APPLE_ECDSA },
+ { CSSM_ALGID_NONE, NULL, 0, NULL }
+};
+
+static const AlgInfo dsaSigAlgInfo[] =
+{
+ { CSSM_ALGID_SHA1WithDSA, "DSA with SHA1", 's', &CSSMOID_APPLE_FEE_MD5 },
+ { CSSM_ALGID_NONE, NULL, 0, NULL }
+};
+
+static const AlgInfo keyAlgInfo[] =
+{
+ { CSSM_ALGID_RSA, "RSA", 'r', NULL, 512, "512..2048",
+ rsaSigAlgInfo, rsaKeySizeVerify},
+ { CSSM_ALGID_DSA, "DSA", 'd', NULL, 512, "512..2048",
+ dsaSigAlgInfo, dsaKeySizeVerify},
+ { CSSM_ALGID_FEE, "FEE", 'f', NULL, 128, "128, 161, 192",
+ feeSigAlgInfo, feeKeySizeVerify},
+ { CSSM_ALGID_NONE, NULL, 0, NULL }
+};
+
+
+/* map a char response to an element of an AlgInfo array */
+static const AlgInfo *algInfoForSelect(
+ const AlgInfo *algInfo, // NULL terminated
+ char c)
+{
+ while(algInfo->str != NULL) {
+ if(algInfo->selector == c) {
+ return algInfo;
+ }
+ algInfo++;
+ }
+ /* not found */
+ return NULL;
+}
+
+/* map a CSSM_ALGORITHM to an entry in keyAlgInfo[] */
+static const AlgInfo *algInfoForAlg(
+ CSSM_ALGORITHMS alg)
+{
+ const AlgInfo *algInfo = keyAlgInfo;
+ while(algInfo->str != NULL) {
+ if(algInfo->alg == alg) {
+ return algInfo;
+ }
+ algInfo++;
+ }
+ /* not found */
+ return NULL;
+}
+
+/* get key size and algorithm for subject key */
+void getKeyParams(
+ CSSM_ALGORITHMS &keyAlg,
+ uint32 &keySizeInBits)
+{
+ char resp[200];
+ const AlgInfo *keyInfo;
+ const AlgInfo *tempInfo;
+
+ /* get a key algorithm */
+ printf("\nPlease specify parameters for the key pair you will generate.\n\n");
+ while(1) {
+ /* break when we get a valid key algorithm */
+ tempInfo = keyAlgInfo;
+ while(tempInfo->str != NULL) {
+ printf(" %c %s\n", tempInfo->selector, tempInfo->str);
+ tempInfo++;
+ }
+ getStringWithPrompt("\nSelect key algorithm by letter: ", resp, sizeof(resp));
+ if(resp[0] == '\0') {
+ printf("***There is no default. Please choose a key algorithm.\n");
+ continue;
+ }
+ keyInfo = algInfoForSelect(keyAlgInfo, resp[0]);
+ if(keyInfo) {
+ break;
+ }
+ }
+
+ while(1) {
+ /* until we get a valid key size */
+ printf("\nValid key sizes for %s are %s; default is %u\n",
+ keyInfo->str, keyInfo->keyRangeString, (unsigned)keyInfo->defaultKeySize);
+ getStringWithPrompt("Enter key size in bits or CR for default: ",
+ resp, sizeof(resp));
+ if(resp[0] == '\0') {
+ keySizeInBits = keyInfo->defaultKeySize;
+ }
+ else {
+ keySizeInBits = atoi(resp);
+ }
+ if(keyInfo->vfyFcn(keySizeInBits)) {
+ printf("\nYou have selected algorithm %s, key size %u bits.\n",
+ keyInfo->str, (unsigned)keySizeInBits);
+ getStringWithPrompt("OK (y/anything)? ", resp, sizeof(resp));
+ if(resp[0] == 'y') {
+ break;
+ }
+ }
+ else {
+ printf("***%u is not a legal key size for algorithm %s.\n",
+ (unsigned)keySizeInBits, keyInfo->str);
+ }
+ }
+ keyAlg = keyInfo->alg;
+}
+
+/* given a signing key, obtain signing algorithm (int and oid format) */
+OSStatus getSigAlg(
+ const CSSM_KEY *signingKey,
+ CSSM_ALGORITHMS &sigAlg,
+ const CSSM_OID * &sigOid)
+{
+ char resp[200];
+ const AlgInfo *keyInfo;
+ const AlgInfo *tempInfo;
+ const AlgInfo *sigInfoArray;
+ const AlgInfo *sigInfo;
+
+ keyInfo = algInfoForAlg(signingKey->KeyHeader.AlgorithmId);
+ if(keyInfo == NULL) {
+ printf("***Signing key has unknown algorithm (%u).\n",
+ (unsigned)signingKey->KeyHeader.AlgorithmId);
+ return paramErr;
+ }
+ sigInfoArray = keyInfo->sigAlgInfo;
+ printf("\nPlease specify the algorithm with which your certificate will be "
+ "signed.\n\n");
+ while(1) {
+ /* break when we get a valid sig algorithm */
+ tempInfo = sigInfoArray;
+ while(tempInfo->str != NULL) {
+ printf(" %c %s\n", tempInfo->selector, tempInfo->str);
+ tempInfo++;
+ }
+ getStringWithPrompt("\nSelect signature algorithm by letter: ",
+ resp, sizeof(resp));
+ if(resp[0] == '\0') {
+ printf("***There is no default. Please choose a signature algorithm.\n");
+ continue;
+ }
+ sigInfo = algInfoForSelect(sigInfoArray, resp[0]);
+ if(sigInfo == NULL) {
+ printf("Try again.\n");
+ continue;
+ }
+ printf("\nYou have selected algorithm %s.\n", sigInfo->str);
+ getStringWithPrompt("OK (y/anything)? ", resp, sizeof(resp));
+ if(resp[0] == 'y') {
+ break;
+ }
+ }
+ sigAlg = sigInfo->alg;
+ sigOid = sigInfo->oid;
+ return noErr;
+}
+
+CU_KeyUsage getKeyUsage(bool isRoot)
+{
+ char resp[200];
+ char *prompt;
+
+ if(isRoot) {
+ /* root HAS to be capable of signing */
+ prompt = "Enter cert/key usage (s=signing, b=signing AND encrypting): ";
+ }
+ else {
+ prompt = "Enter cert/key usage (s=signing, e=encrypting, b=both): ";
+ }
+ while(1) {
+ getStringWithPrompt(prompt, resp, sizeof(resp));
+ switch(resp[0]) {
+ case 's':
+ return kKeyUseSigning;
+ case 'e':
+ if(isRoot) {
+ continue;
+ }
+ return kKeyUseEncrypting;
+ case 'b':
+ return kKeyUseSigning | kKeyUseEncrypting;
+
+ }
+ }
+}
+
+
--- /dev/null
+/*
+ File: CertUI.h
+
+ Description: stdio-based routines to get cert info from user.
+
+ Author: dmitch
+
+ Copyright: © Copyright 2002 Apple Computer, Inc. All rights reserved.
+
+ Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
+ Computer, Inc. ("Apple") in consideration of your agreement to
+ the following terms, and your use, installation, modification
+ or redistribution of this Apple software constitutes acceptance
+ of these terms. If you do not agree with these terms, please
+ do not use, install, modify or redistribute this Apple software.
+
+ In consideration of your agreement to abide by the following
+ terms, and subject to these terms, Apple grants you a personal,
+ non-exclusive license, under Apple's copyrights in this
+ original Apple software (the "Apple Software"), to use,
+ reproduce, modify and redistribute the Apple Software, with
+ or without modifications, in source and/or binary forms;
+ provided that if you redistribute the Apple Software in
+ its entirety and without modifications, you must retain
+ this notice and the following text and disclaimers in all
+ such redistributions of the Apple Software. Neither the
+ name, trademarks, service marks or logos of Apple Computer,
+ Inc. may be used to endorse or promote products derived from the
+ Apple Software without specific prior written permission from
+ Apple. Except as expressly stated in this notice, no other
+ rights or licenses, express or implied, are granted by Apple
+ herein, including but not limited to any patent rights that
+ may be infringed by your derivative works or by other works
+ in which the Apple Software may be incorporated.
+
+ The Apple Software is provided by Apple on an "AS IS" basis.
+ APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
+ REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE
+ OR IN COMBINATION WITH YOUR PRODUCTS.
+
+ IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
+ INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION
+ AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
+ AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING
+ NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE
+ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef _CREATECERT_CERT_UI_H_
+#define _CREATECERT_CERT_UI_H_
+
+#include <Security/cssmtype.h>
+#include <Security/cssmapple.h>
+
+#ifdef __cplusplus
+extern "C" {
+
+/* Dump error info. */
+void showError(
+ OSStatus ortn,
+ const char *errStr);
+
+/*
+ * Safe gets().
+ * -- guaranteed no buffer overflow
+ * -- guaranteed NULL-terminated string
+ * -- handles empty string (i.e., response is just CR) properly
+ */
+void getString(
+ char *buf,
+ unsigned bufSize);
+
+/*
+ * Prompt and safe getString.
+ */
+void getStringWithPrompt(
+ const char *prompt, // need not end in newline
+ char *buf,
+ unsigned bufSize);
+
+/*
+ * Used to interactively cook up an array of CSSM_APPLE_TP_NAME_OIDs, representing
+ * a cert's RDN.
+ */
+typedef struct {
+ const CSSM_OID *oid; // e.g., CSSMOID_CommonName
+ const char *description; // e.g., "Common Name"
+ const char *example; // e.g., "www.apple.com"
+} NameOidInfo;
+
+#define MAX_NAMES 5
+
+/* Fill in a CSSM_APPLE_TP_NAME_OID array. */
+void getNameOids(
+ CSSM_APPLE_TP_NAME_OID *subjectNames, // size MAX_NAMES mallocd by caller
+ uint32 *numNames); // RETURNED
+
+/*
+ * Free strings mallocd in getNameOids.
+ */
+void freeNameOids(
+ CSSM_APPLE_TP_NAME_OID *subjectNames,
+ uint32 numNames);
+
+/* get key size and algorithm for subject key */
+void getKeyParams(
+ CSSM_ALGORITHMS &keyAlg,
+ uint32 &keySizeInBits);
+
+/* given a signing key, obtain signing algorithm (int and oid format) */
+OSStatus getSigAlg(
+ const CSSM_KEY *signingKey,
+ CSSM_ALGORITHMS &sigAlg,
+ const CSSM_OID * &sigOid);
+
+/*
+ * Obtain key usage.
+ */
+
+/* these are OR-able bitfields */
+typedef unsigned CU_KeyUsage;
+#define kKeyUseSigning 0x01
+#define kKeyUseEncrypting 0x02
+
+CU_KeyUsage getKeyUsage(bool isRoot);
+
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _CREATECERT_CERT_UI_H_ */
--- /dev/null
+/*
+ File: cdsaUtils.c
+
+ Description: common CDSA access utilities
+
+ Author: dmitch
+
+ Copyright: © Copyright 2001 Apple Computer, Inc. All rights reserved.
+
+ Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
+ Computer, Inc. ("Apple") in consideration of your agreement to
+ the following terms, and your use, installation, modification
+ or redistribution of this Apple software constitutes acceptance
+ of these terms. If you do not agree with these terms, please
+ do not use, install, modify or redistribute this Apple software.
+
+ In consideration of your agreement to abide by the following
+ terms, and subject to these terms, Apple grants you a personal,
+ non-exclusive license, under Apple's copyrights in this
+ original Apple software (the "Apple Software"), to use,
+ reproduce, modify and redistribute the Apple Software, with
+ or without modifications, in source and/or binary forms;
+ provided that if you redistribute the Apple Software in
+ its entirety and without modifications, you must retain
+ this notice and the following text and disclaimers in all
+ such redistributions of the Apple Software. Neither the
+ name, trademarks, service marks or logos of Apple Computer,
+ Inc. may be used to endorse or promote products derived from the
+ Apple Software without specific prior written permission from
+ Apple. Except as expressly stated in this notice, no other
+ rights or licenses, express or implied, are granted by Apple
+ herein, including but not limited to any patent rights that
+ may be infringed by your derivative works or by other works
+ in which the Apple Software may be incorporated.
+
+ The Apple Software is provided by Apple on an "AS IS" basis.
+ APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
+ REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE
+ OR IN COMBINATION WITH YOUR PRODUCTS.
+
+ IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
+ INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION
+ AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
+ AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING
+ NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE
+ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include "cdsaUtils.h"
+#include <stdlib.h>
+#include <stdio.h>
+#include <Security/SecCertificate.h>
+#include <strings.h>
+
+static CSSM_VERSION vers = {2, 0};
+static const CSSM_GUID testGuid = { 0xFADE, 0, 0, { 1,2,3,4,5,6,7,0 }};
+
+/*
+ * Standard app-level memory functions required by CDSA.
+ */
+void * cuAppMalloc (uint32 size, void *allocRef) {
+ return( malloc(size) );
+}
+
+void cuAppFree (void *mem_ptr, void *allocRef) {
+ free(mem_ptr);
+ return;
+}
+
+void * cuAppRealloc (void *ptr, uint32 size, void *allocRef) {
+ return( realloc( ptr, size ) );
+}
+
+void * cuAppCalloc (uint32 num, uint32 size, void *allocRef) {
+ return( calloc( num, size ) );
+}
+
+static CSSM_API_MEMORY_FUNCS memFuncs = {
+ cuAppMalloc,
+ cuAppFree,
+ cuAppRealloc,
+ cuAppCalloc,
+ NULL
+ };
+
+CSSM_BOOL cuCompareCssmData(const CSSM_DATA *d1,
+ const CSSM_DATA *d2)
+{
+ if(d1->Length != d2->Length) {
+ return CSSM_FALSE;
+ }
+ if(memcmp(d1->Data, d2->Data, d1->Length)) {
+ return CSSM_FALSE;
+ }
+ return CSSM_TRUE;
+}
+
+/*
+ * Init CSSM; returns CSSM_FALSE on error. Reusable.
+ */
+static CSSM_BOOL cssmInitd = CSSM_FALSE;
+
+CSSM_BOOL cuCssmStartup()
+{
+ CSSM_RETURN crtn;
+ CSSM_PVC_MODE pvcPolicy = CSSM_PVC_NONE;
+
+ if(cssmInitd) {
+ return CSSM_TRUE;
+ }
+ crtn = CSSM_Init (&vers,
+ CSSM_PRIVILEGE_SCOPE_NONE,
+ &testGuid,
+ CSSM_KEY_HIERARCHY_NONE,
+ &pvcPolicy,
+ NULL /* reserved */);
+ if(crtn != CSSM_OK)
+ {
+ cuPrintError("CSSM_Init", crtn);
+ return CSSM_FALSE;
+ }
+ else {
+ cssmInitd = CSSM_TRUE;
+ return CSSM_TRUE;
+ }
+}
+
+/*
+ * Attach to CSP. Returns zero on error.
+ */
+CSSM_CSP_HANDLE cuCspStartup(
+ CSSM_BOOL bareCsp) // true ==> CSP, false ==> CSP/DL
+{
+ CSSM_CSP_HANDLE cspHand;
+ CSSM_RETURN crtn;
+ const CSSM_GUID *guid;
+
+ /* common CSSM init */
+ if(cuCssmStartup() == CSSM_FALSE) {
+ return 0;
+ }
+ if(bareCsp) {
+ guid = &gGuidAppleCSP;
+ }
+ else {
+ guid = &gGuidAppleCSPDL;
+ }
+ crtn = CSSM_ModuleLoad(guid,
+ CSSM_KEY_HIERARCHY_NONE,
+ NULL, // eventHandler
+ NULL); // AppNotifyCallbackCtx
+ if(crtn) {
+ cuPrintError("CSSM_ModuleLoad()", crtn);
+ return 0;
+ }
+ crtn = CSSM_ModuleAttach (guid,
+ &vers,
+ &memFuncs, // memFuncs
+ 0, // SubserviceID
+ CSSM_SERVICE_CSP,
+ 0, // AttachFlags
+ CSSM_KEY_HIERARCHY_NONE,
+ NULL, // FunctionTable
+ 0, // NumFuncTable
+ NULL, // reserved
+ &cspHand);
+ if(crtn) {
+ cuPrintError("CSSM_ModuleAttach()", crtn);
+ return 0;
+ }
+ return cspHand;
+}
+
+/* Attach to DL side of CSPDL */
+CSSM_DL_HANDLE cuDlStartup()
+{
+ CSSM_DL_HANDLE dlHand = 0;
+ CSSM_RETURN crtn;
+
+ if(cuCssmStartup() == CSSM_FALSE) {
+ return 0;
+ }
+ crtn = CSSM_ModuleLoad(&gGuidAppleCSPDL,
+ CSSM_KEY_HIERARCHY_NONE,
+ NULL, // eventHandler
+ NULL); // AppNotifyCallbackCtx
+ if(crtn) {
+ cuPrintError("CSSM_ModuleLoad(Apple CSPDL)", crtn);
+ return 0;
+ }
+ crtn = CSSM_ModuleAttach (&gGuidAppleCSPDL,
+ &vers,
+ &memFuncs, // memFuncs
+ 0, // SubserviceID
+ CSSM_SERVICE_DL,
+ 0, // AttachFlags
+ CSSM_KEY_HIERARCHY_NONE,
+ NULL, // FunctionTable
+ 0, // NumFuncTable
+ NULL, // reserved
+ &dlHand);
+ if(crtn) {
+ cuPrintError("CSSM_ModuleAttach(Apple CSPDL)", crtn);
+ return 0;
+ }
+ return dlHand;
+}
+
+CSSM_CL_HANDLE cuClStartup()
+{
+ CSSM_CL_HANDLE clHand;
+ CSSM_RETURN crtn;
+
+ if(cuCssmStartup() == CSSM_FALSE) {
+ return 0;
+ }
+ crtn = CSSM_ModuleLoad(&gGuidAppleX509CL,
+ CSSM_KEY_HIERARCHY_NONE,
+ NULL, // eventHandler
+ NULL); // AppNotifyCallbackCtx
+ if(crtn) {
+ cuPrintError("CSSM_ModuleLoad(AppleCL)", crtn);
+ return 0;
+ }
+ crtn = CSSM_ModuleAttach (&gGuidAppleX509CL,
+ &vers,
+ &memFuncs, // memFuncs
+ 0, // SubserviceID
+ CSSM_SERVICE_CL, // SubserviceFlags - Where is this used?
+ 0, // AttachFlags
+ CSSM_KEY_HIERARCHY_NONE,
+ NULL, // FunctionTable
+ 0, // NumFuncTable
+ NULL, // reserved
+ &clHand);
+ if(crtn) {
+ cuPrintError("CSSM_ModuleAttach(AppleCL)", crtn);
+ return 0;
+ }
+ else {
+ return clHand;
+ }
+}
+
+CSSM_TP_HANDLE cuTpStartup()
+{
+ CSSM_TP_HANDLE tpHand;
+ CSSM_RETURN crtn;
+
+ if(cuCssmStartup() == CSSM_FALSE) {
+ return 0;
+ }
+ crtn = CSSM_ModuleLoad(&gGuidAppleX509TP,
+ CSSM_KEY_HIERARCHY_NONE,
+ NULL, // eventHandler
+ NULL); // AppNotifyCallbackCtx
+ if(crtn) {
+ cuPrintError("CSSM_ModuleLoad(AppleTP)", crtn);
+ return 0;
+ }
+ crtn = CSSM_ModuleAttach (&gGuidAppleX509TP,
+ &vers,
+ &memFuncs, // memFuncs
+ 0, // SubserviceID
+ CSSM_SERVICE_TP, // SubserviceFlags
+ 0, // AttachFlags
+ CSSM_KEY_HIERARCHY_NONE,
+ NULL, // FunctionTable
+ 0, // NumFuncTable
+ NULL, // reserved
+ &tpHand);
+ if(crtn) {
+ cuPrintError("CSSM_ModuleAttach(AppleTP)", crtn);
+ return 0;
+ }
+ else {
+ return tpHand;
+ }
+}
+
+/*
+ * open a DB, ensure it's empty.
+ */
+CSSM_DB_HANDLE cuDbStartup(
+ CSSM_DL_HANDLE dlHand, // from dlStartup()
+ const char *dbName)
+{
+ CSSM_DB_HANDLE dbHand = 0;
+ CSSM_RETURN crtn;
+ CSSM_DBINFO dbInfo;
+
+ /* first delete possible existing DB, ignore error */
+ crtn = CSSM_DL_DbDelete(dlHand, dbName, NULL, NULL);
+ switch(crtn) {
+ /* only allowed error is "no such file" */
+ case CSSM_OK:
+ case CSSMERR_DL_DATASTORE_DOESNOT_EXIST:
+ break;
+ default:
+ cuPrintError("CSSM_DL_DbDelete", crtn);
+ return 0;
+ }
+
+ memset(&dbInfo, 0, sizeof(CSSM_DBINFO));
+
+ /* now create it */
+ crtn = CSSM_DL_DbCreate(dlHand,
+ dbName,
+ NULL, // DbLocation
+ &dbInfo,
+ // &Security::KeychainCore::Schema::DBInfo,
+ CSSM_DB_ACCESS_PRIVILEGED,
+ NULL, // CredAndAclEntry
+ NULL, // OpenParameters
+ &dbHand);
+ if(crtn) {
+ cuPrintError("CSSM_DL_DbCreate", crtn);
+ }
+ return dbHand;
+}
+
+/*
+ * Attach to existing DB or create an empty new one.
+ */
+CSSM_DB_HANDLE cuDbStartupByName(CSSM_DL_HANDLE dlHand,
+ char *dbName,
+ CSSM_BOOL doCreate,
+ CSSM_BOOL quiet)
+{
+ CSSM_RETURN crtn;
+ CSSM_DB_HANDLE dbHand;
+
+ /* try open existing DB in either case */
+
+ crtn = CSSM_DL_DbOpen(dlHand,
+ dbName,
+ NULL, // DbLocation
+ CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE,
+ NULL, // CSSM_ACCESS_CREDENTIALS *AccessCred
+ NULL, // void *OpenParameters
+ &dbHand);
+ if(crtn == CSSM_OK) {
+ return dbHand;
+ }
+ if(!doCreate) {
+ if(!quiet) {
+ printf("***no such data base (%s)\n", dbName);
+ cuPrintError("CSSM_DL_DbOpen", crtn);
+ }
+ return 0;
+ }
+ /* have to create one */
+ return cuDbStartup(dlHand, dbName);
+}
+
+/*
+ * Given a context specified via a CSSM_CC_HANDLE, add a new
+ * CSSM_CONTEXT_ATTRIBUTE to the context as specified by AttributeType,
+ * AttributeLength, and an untyped pointer.
+ */
+CSSM_RETURN cuAddContextAttribute(CSSM_CC_HANDLE CCHandle,
+ uint32 AttributeType,
+ uint32 AttributeLength,
+ const void *AttributePtr)
+{
+ CSSM_CONTEXT_ATTRIBUTE newAttr;
+ CSSM_RETURN crtn;
+
+ newAttr.AttributeType = AttributeType;
+ newAttr.AttributeLength = AttributeLength;
+ newAttr.Attribute.Data = (CSSM_DATA_PTR)AttributePtr;
+ crtn = CSSM_UpdateContextAttributes(CCHandle, 1, &newAttr);
+ if(crtn) {
+ cuPrintError("CSSM_UpdateContextAttributes", crtn);
+ }
+ return crtn;
+}
+
+
+/*
+ * Derive symmetric key.
+ * Note in the X CSP, we never return an IV.
+ */
+CSSM_RETURN cuCspDeriveKey(CSSM_CSP_HANDLE cspHand,
+ uint32 keyAlg, // CSSM_ALGID_RC5, etc.
+ const char *keyLabel,
+ unsigned keyLabelLen,
+ uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc.
+ uint32 keySizeInBits,
+ CSSM_DATA_PTR password, // in PKCS-5 lingo
+ CSSM_DATA_PTR salt, // ditto
+ uint32 iterationCnt, // ditto
+ CSSM_KEY_PTR key)
+{
+ CSSM_RETURN crtn;
+ CSSM_CC_HANDLE ccHand;
+ uint32 keyAttr;
+ CSSM_DATA dummyLabel;
+ CSSM_PKCS5_PBKDF2_PARAMS pbeParams;
+ CSSM_DATA pbeData;
+ CSSM_ACCESS_CREDENTIALS creds;
+
+ memset(key, 0, sizeof(CSSM_KEY));
+ memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
+ crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand,
+ CSSM_ALGID_PKCS5_PBKDF2,
+ keyAlg,
+ keySizeInBits,
+ &creds,
+ NULL, // BaseKey
+ iterationCnt,
+ salt,
+ NULL, // seed
+ &ccHand);
+ if(crtn) {
+ cuPrintError("CSSM_CSP_CreateDeriveKeyContext", crtn);
+ return crtn;
+ }
+ keyAttr = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF |
+ CSSM_KEYATTR_SENSITIVE;
+ dummyLabel.Length = keyLabelLen;
+ dummyLabel.Data = (uint8 *)keyLabel;
+
+ /* passing in password is pretty strange....*/
+ pbeParams.Passphrase = *password;
+ pbeParams.PseudoRandomFunction = CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1;
+ pbeData.Data = (uint8 *)&pbeParams;
+ pbeData.Length = sizeof(pbeParams);
+ crtn = CSSM_DeriveKey(ccHand,
+ &pbeData,
+ keyUsage,
+ keyAttr,
+ &dummyLabel,
+ NULL, // cred and acl
+ key);
+ if(crtn) {
+ cuPrintError("CSSM_DeriveKey", crtn);
+ return crtn;
+ }
+ crtn = CSSM_DeleteContext(ccHand);
+ if(crtn) {
+ cuPrintError("CSSM_DeleteContext", crtn);
+ }
+ return crtn;
+}
+
+/*
+ * Generate key pair of arbitrary algorithm.
+ */
+
+/* CSP DL currently does not perform DSA generate params; let CSP do it implicitly */
+#define DO_DSA_GEN_PARAMS 0
+
+CSSM_RETURN cuCspGenKeyPair(CSSM_CSP_HANDLE cspHand,
+ CSSM_DL_DB_HANDLE *dlDbHand, // optional
+ uint32 algorithm,
+ const char *keyLabel,
+ unsigned keyLabelLen,
+ uint32 keySize, // in bits
+ CSSM_KEY_PTR pubKey, // mallocd by caller
+ CSSM_KEYUSE pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc.
+ CSSM_KEYATTR_FLAGS pubAttrs, // CSSM_KEYATTR_EXTRACTABLE, etc.
+ CSSM_KEY_PTR privKey, // mallocd by caller
+ CSSM_KEYUSE privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc.
+ CSSM_KEYATTR_FLAGS privAttrs) // CSSM_KEYATTR_EXTRACTABLE, etc.
+{
+ CSSM_RETURN crtn;
+ CSSM_RETURN ocrtn;
+ CSSM_CC_HANDLE ccHand;
+ CSSM_DATA keyLabelData;
+
+ keyLabelData.Data = (uint8 *)keyLabel,
+ keyLabelData.Length = keyLabelLen;
+ memset(pubKey, 0, sizeof(CSSM_KEY));
+ memset(privKey, 0, sizeof(CSSM_KEY));
+
+ crtn = CSSM_CSP_CreateKeyGenContext(cspHand,
+ algorithm,
+ keySize,
+ NULL, // Seed
+ NULL, // Salt
+ NULL, // StartDate
+ NULL, // EndDate
+ NULL, // Params
+ &ccHand);
+ if(crtn) {
+ cuPrintError("CSSM_CSP_CreateKeyGenContext", crtn);
+ return crtn;
+ }
+
+ /* post-context-create algorithm-specific stuff */
+ switch(algorithm) {
+ #if DO_DSA_GEN_PARAMS
+ case CSSM_ALGID_DSA:
+ /*
+ * extra step - generate params - this just adds some
+ * info to the context
+ */
+ {
+ CSSM_DATA dummy = {0, NULL};
+ crtn = CSSM_GenerateAlgorithmParams(ccHand,
+ keySize, &dummy);
+ if(crtn) {
+ cuPrintError("CSSM_GenerateAlgorithmParams", crtn);
+ CSSM_DeleteContext(ccHand);
+ return crtn;
+ }
+ cuAppFree(dummy.Data, NULL);
+ }
+ break;
+ #endif /* DO_DSA_GEN_PARAMS */
+ default:
+ break;
+ }
+
+ /* optionally specify DL/DB storage location */
+ if(dlDbHand) {
+ crtn = cuAddContextAttribute(ccHand,
+ CSSM_ATTRIBUTE_DL_DB_HANDLE,
+ sizeof(CSSM_ATTRIBUTE_DL_DB_HANDLE),
+ dlDbHand);
+ if(crtn) {
+ CSSM_DeleteContext(ccHand);
+ return crtn;
+ }
+ }
+ ocrtn = CSSM_GenerateKeyPair(ccHand,
+ pubKeyUsage,
+ pubAttrs,
+ &keyLabelData,
+ pubKey,
+ privKeyUsage,
+ privAttrs,
+ &keyLabelData, // same labels
+ NULL, // CredAndAclEntry
+ privKey);
+ if(ocrtn) {
+ cuPrintError("CSSM_GenerateKeyPair", ocrtn);
+ }
+ crtn = CSSM_DeleteContext(ccHand);
+ if(crtn) {
+ cuPrintError("CSSM_DeleteContext", crtn);
+ if(ocrtn == CSSM_OK) {
+ /* error on CSSM_GenerateKeyPair takes precedence */
+ ocrtn = crtn;
+ }
+ }
+ return ocrtn;
+}
+
+/*
+ * Add a certificate to an open DLDB.
+ */
+CSSM_RETURN cuAddCertToDb(
+ CSSM_DL_DB_HANDLE dlDbHand,
+ const CSSM_DATA *cert,
+ CSSM_CERT_TYPE certType,
+ CSSM_CERT_ENCODING certEncoding,
+ const char *printName, // C string
+ const CSSM_DATA *publicKeyHash)
+{
+ CSSM_DB_ATTRIBUTE_DATA attrs[6];
+ CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs;
+ CSSM_DB_ATTRIBUTE_DATA_PTR attr = &attrs[0];
+ CSSM_DATA certTypeData;
+ CSSM_DATA certEncData;
+ CSSM_DATA printNameData;
+ CSSM_RETURN crtn;
+ CSSM_DB_UNIQUE_RECORD_PTR recordPtr;
+
+ /* issuer and serial number required, fake 'em */
+ CSSM_DATA issuer = {6, (uint8 *)"issuer"};
+ CSSM_DATA serial = {6, (uint8 *)"serial"};
+
+ /* we spec six attributes, skipping alias */
+ certTypeData.Data = (uint8 *)&certType;
+ certTypeData.Length = sizeof(CSSM_CERT_TYPE);
+ certEncData.Data = (uint8 *)&certEncoding;
+ certEncData.Length = sizeof(CSSM_CERT_ENCODING);
+ printNameData.Data = (uint8 *)printName;
+ printNameData.Length = strlen(printName) + 1;
+
+ attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ attr->Info.Label.AttributeName = "CertType";
+ attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32;
+ attr->NumberOfValues = 1;
+ attr->Value = &certTypeData;
+
+ attr++;
+ attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ attr->Info.Label.AttributeName = "CertEncoding";
+ attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32;
+ attr->NumberOfValues = 1;
+ attr->Value = &certEncData;
+
+ attr++;
+ attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ attr->Info.Label.AttributeName = "PrintName";
+ attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB;
+ attr->NumberOfValues = 1;
+ attr->Value = &printNameData;
+
+ attr++;
+ attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ attr->Info.Label.AttributeName = "PublicKeyHash";
+ attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB;
+ attr->NumberOfValues = 1;
+ attr->Value = (CSSM_DATA_PTR)publicKeyHash;
+
+ attr++;
+ attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ attr->Info.Label.AttributeName = "Issuer";
+ attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB;
+ attr->NumberOfValues = 1;
+ attr->Value = &issuer;
+
+ attr++;
+ attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ attr->Info.Label.AttributeName = "SerialNumber";
+ attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB;
+ attr->NumberOfValues = 1;
+ attr->Value = &serial;
+
+ recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_X509_CERTIFICATE;
+ recordAttrs.SemanticInformation = 0;
+ recordAttrs.NumberOfAttributes = 6;
+ recordAttrs.AttributeData = attrs;
+
+ crtn = CSSM_DL_DataInsert(dlDbHand,
+ CSSM_DL_DB_RECORD_X509_CERTIFICATE,
+ &recordAttrs,
+ cert,
+ &recordPtr);
+ if(crtn) {
+ cuPrintError("CSSM_DL_DataInsert", crtn);
+ }
+ else {
+ CSSM_DL_FreeUniqueRecord(dlDbHand, recordPtr);
+ }
+ return crtn;
+}
+
+/*
+ * Add a certificate to an open DLDB.
+ */
+CSSM_RETURN cuAddCertToKC(
+ SecKeychainRef keychain,
+ const CSSM_DATA *cert,
+ CSSM_CERT_TYPE certType,
+ CSSM_CERT_ENCODING certEncoding,
+ const char *printName, // C string
+ const CSSM_DATA *keyLabel) // ??
+{
+ SecCertificateRef certificate;
+
+ OSStatus rslt = SecCertificateCreateFromData(cert, certType, certEncoding, &certificate);
+ if (!rslt)
+ {
+ rslt = SecCertificateAddToKeychain(certificate, keychain);
+ CFRelease(certificate);
+ }
+
+ return rslt;
+}
+
+/*
+ * This prototype does not exist in public Security headers in 10.1, but the
+ * function is in fact exported from the Security framework. A future release
+ * will include a public prototype for this function.
+ */
+#if 1
+extern void cssmPerror(const char *how, CSSM_RETURN error);
+#else
+#include <Security/cssmapple.h>
+#endif
+/*
+ * Log CSSM error.
+ */
+void cuPrintError(char *op, CSSM_RETURN err)
+{
+ cssmPerror(op, err);
+}
--- /dev/null
+/*
+ File: cdsaUtils.h
+
+ Description: common CDSA access utilities
+
+ Author: dmitch
+
+ Copyright: © Copyright 2001 Apple Computer, Inc. All rights reserved.
+
+ Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
+ Computer, Inc. ("Apple") in consideration of your agreement to
+ the following terms, and your use, installation, modification
+ or redistribution of this Apple software constitutes acceptance
+ of these terms. If you do not agree with these terms, please
+ do not use, install, modify or redistribute this Apple software.
+
+ In consideration of your agreement to abide by the following
+ terms, and subject to these terms, Apple grants you a personal,
+ non-exclusive license, under Apple's copyrights in this
+ original Apple software (the "Apple Software"), to use,
+ reproduce, modify and redistribute the Apple Software, with
+ or without modifications, in source and/or binary forms;
+ provided that if you redistribute the Apple Software in
+ its entirety and without modifications, you must retain
+ this notice and the following text and disclaimers in all
+ such redistributions of the Apple Software. Neither the
+ name, trademarks, service marks or logos of Apple Computer,
+ Inc. may be used to endorse or promote products derived from the
+ Apple Software without specific prior written permission from
+ Apple. Except as expressly stated in this notice, no other
+ rights or licenses, express or implied, are granted by Apple
+ herein, including but not limited to any patent rights that
+ may be infringed by your derivative works or by other works
+ in which the Apple Software may be incorporated.
+
+ The Apple Software is provided by Apple on an "AS IS" basis.
+ APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
+ REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE
+ OR IN COMBINATION WITH YOUR PRODUCTS.
+
+ IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
+ INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION
+ AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
+ AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING
+ NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE
+ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef _COMMON_CDSA_UTILS_H_
+#define _COMMON_CDSA_UTILS_H_
+
+#include <Security/cssm.h>
+#include <Security/SecKeychain.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* common memory allocators shared by app and CSSM */
+extern void * cuAppMalloc (uint32 size, void *allocRef);
+extern void cuAppFree (void *mem_ptr, void *allocRef);
+extern void * cuAppRealloc (void *ptr, uint32 size, void *allocRef);
+extern void * cuAppCalloc (uint32 num, uint32 size, void *allocRef);
+
+#define APP_MALLOC(s) cuAppMalloc(s, NULL)
+#define APP_FREE(p) cuAppFree(p, NULL)
+#define APP_REALLOC(p, s) cuAppRealloc(p, s, NULL)
+#define APP_CALLOC(n, s) cuAppRealloc(n, s, NULL)
+
+extern CSSM_BOOL cuCompareCssmData(
+ const CSSM_DATA *d1,
+ const CSSM_DATA *d2);
+void cuPrintError(char *op, CSSM_RETURN err);
+
+/* Init CSSM; returns CSSM_FALSE on error. Reusable. */
+extern CSSM_BOOL cuCssmStartup();
+
+/* Attach to CSP. Returns zero on error. */
+extern CSSM_CSP_HANDLE cuCspStartup(
+ CSSM_BOOL bareCsp); // true ==> CSP, false ==> CSP/DL
+
+/* Attach to DL side of CSPDL. */
+extern CSSM_DL_HANDLE cuDlStartup();
+
+/* Attach to CL, TP */
+extern CSSM_CL_HANDLE cuClStartup();
+extern CSSM_TP_HANDLE cuTpStartup();
+
+/* Open a DB, ensure it's empty. */
+CSSM_DB_HANDLE cuDbStartup(
+ CSSM_DL_HANDLE dlHand, // from dlStartup()
+ const char *dbName);
+
+/* Attach to existing DB or create an empty new one. */
+CSSM_DB_HANDLE cuDbStartupByName(CSSM_DL_HANDLE dlHand,
+ char *dbName,
+ CSSM_BOOL doCreate,
+ CSSM_BOOL quiet);
+
+/*
+ * Derive symmetric key using PBE.
+ */
+extern CSSM_RETURN cuCspDeriveKey(CSSM_CSP_HANDLE cspHand,
+ uint32 keyAlg, // CSSM_ALGID_RC5, etc.
+ const char *keyLabel,
+ unsigned keyLabelLen,
+ uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc.
+ uint32 keySizeInBits,
+ CSSM_DATA_PTR password, // in PKCS-5 lingo
+ CSSM_DATA_PTR salt, // ditto
+ uint32 iterationCnt, // ditto
+ CSSM_KEY_PTR key);
+
+/*
+ * Generate key pair of arbitrary algorithm.
+ */
+extern CSSM_RETURN cuCspGenKeyPair(CSSM_CSP_HANDLE cspHand,
+ CSSM_DL_DB_HANDLE *dlDbHand, // optional
+ uint32 algorithm,
+ const char *keyLabel,
+ unsigned keyLabelLen,
+ uint32 keySize, // in bits
+ CSSM_KEY_PTR pubKey, // mallocd by caller
+ CSSM_KEYUSE pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc.
+ CSSM_KEYATTR_FLAGS pubAttrs, // CSSM_KEYATTR_EXTRACTABLE, etc.
+ CSSM_KEY_PTR privKey, // mallocd by caller
+ CSSM_KEYUSE privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc.
+ CSSM_KEYATTR_FLAGS privAttrs); // CSSM_KEYATTR_EXTRACTABLE, etc.
+
+/* Convert a reference key to a raw key. */
+CSSM_RETURN cuRefKeyToRaw(CSSM_CSP_HANDLE cspHand,
+ const CSSM_KEY *refKey,
+ CSSM_KEY_PTR rawKey); // RETURNED
+
+/*
+ * Add a certificate to an open DLDB.
+ */
+CSSM_RETURN cuAddCertToDb(
+ CSSM_DL_DB_HANDLE dlDbHand,
+ const CSSM_DATA *cert,
+ CSSM_CERT_TYPE certType,
+ CSSM_CERT_ENCODING certEncoding,
+ const char *printName, // C string
+ const CSSM_DATA *publicKeyHash); // ??
+
+/*
+ * Add a certificate to a keychain.
+ */
+CSSM_RETURN cuAddCertToKC(
+ SecKeychainRef keychain,
+ const CSSM_DATA *cert,
+ CSSM_CERT_TYPE certType,
+ CSSM_CERT_ENCODING certEncoding,
+ const char *printName, // C string
+ const CSSM_DATA *keyLabel); // ??
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _COMMON_CDSA_UTILS_H_ */
\ No newline at end of file
--- /dev/null
+/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved.
+ *
+ * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT
+ * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE
+ * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE
+ * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER,
+ * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL
+ * EXPOSE YOU TO LIABILITY.
+ ***************************************************************************
+ *
+ * enc64.c - encode/decode in 64-char IA5 format, per RFC 1421
+ *
+ * Revision History
+ * ----------------
+ * 11/27/98 dmitch
+ * Added ECDSA_VERIFY_ONLY dependencies.
+ * 10/06/98 ap
+ * Changed to compile with C++.
+ * 12 Dec 96 Doug Mitchell at NeXT
+ * Newlines optional in dec64() and isValidEnc64().
+ * 9 Oct 96 Doug Mitchell at NeXT
+ * Created.
+ */
+
+#include "cuEnc64.h"
+#include <stdlib.h>
+
+/*
+ * 11/27/98 dmitch: The ECDSA_VERIFY_ONLY symbol, when #defined, disables all
+ * of the code in this module except that which is necessary for ECDSA
+ * siggnature verification.
+ */
+
+#ifndef NULL
+#define NULL ((void *)0)
+#endif /* NULL */
+
+/*
+ * map a 6-bit binary value to a printable character.
+ */
+static const
+unsigned char bintoasc[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/*
+ * Map an 7-bit printable character to its corresponding binary value.
+ * Any illegal characters return high bit set.
+ */
+static const
+unsigned char asctobin[] =
+{
+ 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+ 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+ 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+ 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+ 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+ 0x80, 0x80, 0x80, 0x3e, 0x80, 0x80, 0x80, 0x3f,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
+ 0x3c, 0x3d, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+ 0x80, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
+ 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+ 0x17, 0x18, 0x19, 0x80, 0x80, 0x80, 0x80, 0x80,
+ 0x80, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
+ 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+ 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+ 0x31, 0x32, 0x33, 0x80, 0x80, 0x80, 0x80, 0x80
+};
+
+/*
+ * map 6 bits to a printing char
+ */
+#define ENC(c) (bintoasc[((c) & 0x3f)])
+
+#define PAD '='
+
+/*
+ * map one group of up to 3 bytes at inp to 4 bytes at outp.
+ * Count is number of valid bytes in *inp; if less than 3, the
+ * 1 or two extras must be zeros.
+ */
+static void encChunk(const unsigned char *inp,
+ unsigned char *outp,
+ int count)
+{
+ unsigned char c1, c2, c3, c4;
+
+ c1 = *inp >> 2;
+ c2 = ((inp[0] << 4) & 0x30) | ((inp[1] >> 4) & 0xf);
+ c3 = ((inp[1] << 2) & 0x3c) | ((inp[2] >> 6) & 0x3);
+ c4 = inp[2] & 0x3f;
+ *outp++ = ENC(c1);
+ *outp++ = ENC(c2);
+ if (count == 1) {
+ *outp++ = PAD;
+ *outp = PAD;
+ } else {
+ *outp++ = ENC(c3);
+ if (count == 2) {
+ *outp = PAD;
+ }
+ else {
+ *outp = ENC(c4);
+ }
+ }
+}
+
+/*
+ * Given input buffer inbuf, length inlen, encode to 64-char IA5 format.
+ * Result is fmalloc'd and returned; it is terminated by Microsoft-style
+ * newline and NULL. Its length (including the trailing newline and NULL)
+ * is returned in *outlen.
+ */
+
+unsigned char *enc64(const unsigned char *inbuf,
+ unsigned inlen,
+ unsigned *outlen) // RETURNED
+{
+ return enc64WithLines(inbuf, inlen, 0, outlen);
+}
+
+unsigned char *enc64WithLines(const unsigned char *inbuf,
+ unsigned inlen,
+ unsigned linelen,
+ unsigned *outlen)
+{
+ unsigned outTextLen;
+ unsigned len; // to malloc, liberal
+ unsigned olen = 0; // actual output size
+ unsigned char *outbuf;
+ unsigned char endbuf[3];
+ int i;
+ unsigned char *outp;
+ unsigned numLines;
+ unsigned thisLine;
+
+ outTextLen = ((inlen + 2) / 3) * 4;
+ if(linelen) {
+ /*
+ * linelen must be 0 mod 4 for this to work; round up...
+ */
+ if((linelen & 0x03) != 0) {
+ linelen = (linelen + 3) & 0xfffffffc;
+ }
+ numLines = (outTextLen + linelen - 1)/ linelen;
+ }
+ else {
+ numLines = 1;
+ }
+
+ /*
+ * Total output size = encoded text size plus one newline per
+ * line of output, plus trailing NULL. We always generate newlines
+ * as \n; when decoding, we tolerate \r\n (Microsoft) or \n.
+ */
+ len = outTextLen + (2 * numLines) + 1;
+ outbuf = (unsigned char*)malloc(len);
+ outp = outbuf;
+ thisLine = 0;
+
+ while(inlen) {
+ if(inlen < 3) {
+ for(i=0; i<3; i++) {
+ if(i < inlen) {
+ endbuf[i] = inbuf[i];
+ }
+ else {
+ endbuf[i] = 0;
+ }
+ }
+ encChunk(endbuf, outp, inlen);
+ inlen = 0;
+ }
+ else {
+ encChunk(inbuf, outp, 3);
+ inlen -= 3;
+ inbuf += 3;
+ }
+ outp += 4;
+ thisLine += 4;
+ olen += 4;
+ if((linelen != 0) && (thisLine >= linelen) && inlen) {
+ /*
+ * last trailing newline added below
+ * Note we don't split 4-byte output chunks over newlines
+ */
+ *outp++ = '\n';
+ olen++;
+ thisLine = 0;
+ }
+ }
+ *outp++ = '\n';
+ *outp = '\0';
+ olen += 2;
+ *outlen = olen;
+ return outbuf;
+}
+
+static inline int isWhite(unsigned char c)
+{
+ switch(c) {
+ case '\n':
+ case '\r':
+ case ' ':
+ case '\t':
+ case '\0':
+ return 1;
+ default:
+ return 0;
+ }
+}
+
+/*
+ * Strip off all whitespace from a (supposedly) enc64-format string.
+ * Returns a malloc'd string.
+ */
+static unsigned char *stringCleanse(const unsigned char *inbuf,
+ unsigned inlen,
+ unsigned *outlen)
+{
+ unsigned char *news; // cleansed inbuf
+ unsigned newsDex; // index into news
+ unsigned i;
+
+ news = (unsigned char*)malloc(inlen);
+ newsDex = 0;
+ for(i=0; i<inlen; i++) {
+ if(!isWhite(inbuf[i])) {
+ news[newsDex++] = inbuf[i];
+ }
+ }
+ *outlen = newsDex;
+ return news;
+}
+
+/*
+ * Given input buffer inbuf, length inlen, decode from 64-char IA5 format to
+ * binary. Result is malloced and returned; its length is returned in *outlen.
+ * NULL return indicates corrupted input.
+ *
+ * All whitespace in input is ignored.
+ */
+unsigned char *dec64(const unsigned char *inbuf,
+ unsigned inlen,
+ unsigned *outlen)
+{
+ unsigned char *outbuf;
+ unsigned char *outp; // malloc'd outbuf size
+ unsigned obuflen;
+ const unsigned char *bp;
+ unsigned olen = 0; // actual output size
+ unsigned char c1, c2, c3, c4;
+ unsigned char j;
+ unsigned thisOlen;
+ unsigned char *news; // cleansed inbuf
+ unsigned newsLen;
+
+ /*
+ * Strip out all whitespace; remainder must be multiple of four
+ * characters
+ */
+ news = stringCleanse(inbuf, inlen, &newsLen);
+ if((newsLen & 0x03) != 0) {
+ free(news);
+ return (unsigned char*) NULL;
+ }
+ inlen = newsLen;
+ bp = news;
+
+ obuflen = (inlen / 4) * 3;
+ outbuf = (unsigned char*)malloc(obuflen);
+ outp = outbuf;
+
+ while (inlen) {
+ /*
+ * Note inlen is always a multiple of four here
+ */
+ if (*bp & 0x80 || (c1 = asctobin[*bp]) & 0x80) {
+ goto errorOut;
+ }
+ inlen--;
+ bp++;
+ if (*bp & 0x80 || (c2 = asctobin[*bp]) & 0x80){
+ goto errorOut;
+ }
+ inlen--;
+ bp++;
+ if (*bp == PAD) {
+ /*
+ * two input bytes, one output byte
+ */
+ c3 = c4 = 0;
+ thisOlen = 1;
+ if (c2 & 0xf) {
+ goto errorOut;
+ }
+ bp++;
+ inlen--;
+ if (*bp == PAD) {
+ bp++;
+ inlen--;
+ if(inlen > 0) {
+ goto errorOut;
+ }
+ }
+ else {
+ goto errorOut;
+ }
+ } else if (*bp & 0x80 || (c3 = asctobin[*bp]) & 0x80) {
+ goto errorOut;
+ } else {
+ bp++;
+ inlen--;
+ if (*bp == PAD) {
+ /*
+ * Three input bytes, two output
+ */
+ c4 = 0;
+ thisOlen = 2;
+ if (c3 & 3) {
+ goto errorOut;
+ }
+ } else if (*bp & 0x80 || (c4 = asctobin[*bp]) & 0x80) {
+ goto errorOut;
+ } else {
+ /*
+ * Normal non-pad case
+ */
+ thisOlen = 3;
+ }
+ bp++;
+ inlen--;
+ }
+ j = (c1 << 2) | (c2 >> 4);
+ *outp++ = j;
+ if(thisOlen > 1) {
+ j = (c2 << 4) | (c3 >> 2);
+ *outp++ = j;
+ if(thisOlen == 3) {
+ j = (c3 << 6) | c4;
+ *outp++ = j;
+ }
+ }
+ olen += thisOlen;
+ }
+ free(news);
+ *outlen = olen;
+ return outbuf; /* normal return */
+
+errorOut:
+ free(news);
+ free(outbuf);
+ return (unsigned char*) NULL;
+}
+
+/*
+ * Determine if specified input data is valid enc64 format. Returns 1
+ * if valid, 0 if not.
+ * This doesn't do a full enc64 parse job; it scans for legal characters
+ * and proper sync when a possible pad is found.
+ */
+int isValidEnc64(const unsigned char *inbuf,
+ unsigned inlen)
+{
+ int padChars = 0; // running count of PAD chars
+ int validEncChars = 0;
+ unsigned char c;
+
+ /*
+ * -- scan inbuf
+ * -- skip whitespace
+ * -- count valid chars
+ * -- ensure not more than 2 PAD chars, only at end
+ * -- ensure valid chars mod 4 == 0
+ */
+
+ while(inlen) {
+ c = *inbuf++;
+ inlen--;
+ if(isWhite(c)) {
+ continue;
+ }
+ if(c == PAD) {
+ if(++padChars > 2) {
+ return 0; // max of 2 PAD chars at end
+ }
+ }
+ else if(padChars > 0) {
+ return 0; // no normal chars after seeing PAD
+ }
+ else if((c & 0x80) || ((asctobin[c]) & 0x80)) {
+ return 0; // invalid encoded char
+ }
+ validEncChars++;
+ }
+ if((validEncChars & 0x03) != 0) {
+ return 0;
+ }
+ else {
+ return 1;
+ }
+}
--- /dev/null
+/* Copyright (c) 1998 Apple Computer, Inc. All rights reserved.
+ *
+ * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT
+ * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE
+ * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE
+ * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER,
+ * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL
+ * EXPOSE YOU TO LIABILITY.
+ ***************************************************************************
+ *
+ * enc64.h - encode/decode in 64-char IA5 format, per RFC 1421
+ *
+ * Revision History
+ * ----------------
+ * 9 Oct 96 Doug Mitchell at NeXT
+ * Created.
+ */
+
+#ifndef _CK_ENC64_H_
+#define _CK_ENC64_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Given input buffer inbuf, length inlen, decode from 64-char IA5 format to
+ * binary. Result is malloced and returned; its length is returned in *outlen.
+ * NULL return indicates corrupted input.
+ */
+unsigned char *enc64(const unsigned char *inbuf,
+ unsigned inlen,
+ unsigned *outlen); // RETURNED
+
+/*
+ * Enc64, with embedded newlines every lineLen in result. A newline is
+ * the UNIX \n. Result is mallocd.
+ */
+unsigned char *enc64WithLines(const unsigned char *inbuf,
+ unsigned inlen,
+ unsigned linelen,
+ unsigned *outlen); // RETURNED
+
+/*
+ * Given input buffer inbuf, length inlen, decode from 64-char IA5 format to
+ * binary. Result is malloced and returned; its length is returned in *outlen.
+ * NULL return indicates corrupted input. All whitespace in inbuf is
+ * ignored.
+ */
+unsigned char *dec64(const unsigned char *inbuf,
+ unsigned inlen,
+ unsigned *outlen);
+
+/*
+ * Determine if specified input data is valid enc64 format. Returns 1
+ * if valid, 0 if not.
+ */
+int isValidEnc64(const unsigned char *inbuf,
+ unsigned inbufLen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /*_CK_ENC64_H_*/
--- /dev/null
+# dumpasn1 Object Identifier configuration file, available from
+# http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg. This is read by
+# dumpasn1.c and is used to display information on Object Identifiers found in
+# ASN.1 objects. This is merely a list of things which you might conceivably
+# find in use somewhere, and should in no way be taken as a guide to which OIDs
+# to use - many of these will never been seen in the wild, or should be shot on
+# sight if encountered.
+#
+# The format of this file is as follows:
+#
+# - All blank lines and lines beginning with a '#' are ignored.
+# - OIDs are described by a set of attributes, of which at least the 'OID' and
+# 'Description' must be present. Optional attributes are a 'Comment' and a
+# 'Warning' (to indicate that dumpasn1 will display a warning if this OID is
+# encountered).
+# - Attributes are listed one per line. The first attribute should be an 'OID'
+# attribute since this is used to denote the start of a new OID description.
+# The other attributes may be given in any order.
+#
+# See the rest of this file for examples of what an OID description should look
+# like.
+
+# Some unknown X.500 attributes spec from the UK
+
+OID = 06 09 09 92 26 89 93 F2 2C 01 03
+Comment = Some oddball X.500 attribute collection
+Description = rfc822Mailbox (0 9 2342 19200300 1 3)
+
+# RFC 2247, How to Kludge an FQDN as a DN (or words to that effect)
+
+OID = 06 0A 09 92 26 89 93 F2 2C 64 01 01
+Comment = Men are from Mars, this OID is from Pluto
+Description = domainComponent (0 9 2342 19200300 100 1 25)
+
+# Certificates Australia
+
+OID = 06 0A 2A 24 A4 97 A3 53 01 64 01 01
+Comment = Certificates Australia CA
+Description = Certificates Australia policyIdentifier (1 2 36 75878867 1 100 1 1)
+
+# Signet
+
+OID = 06 09 2A 24 A0 F2 A0 7D 01 01 02
+Comment = Signet CA
+Description = Signet personal (1 2 36 68980861 1 1 2)
+
+OID = 06 09 2A 24 A0 F2 A0 7D 01 01 03
+Comment = Signet CA
+Description = Signet business (1 2 36 68980861 1 1 3)
+
+OID = 06 09 2A 24 A0 F2 A0 7D 01 01 04
+Comment = Signet CA
+Description = Signet legal (1 2 36 68980861 1 1 4)
+
+OID = 06 09 2A 24 A0 F2 A0 7D 01 01 0A
+Comment = Signet CA
+Description = Signet pilot (1 2 36 68980861 1 1 10)
+
+OID = 06 09 2A 24 A0 F2 A0 7D 01 01 0B
+Comment = Signet CA
+Description = Signet intraNet (1 2 36 68980861 1 1 11)
+
+OID = 06 09 2A 24 A0 F2 A0 7D 01 01 14
+Comment = Signet CA
+Description = Signet securityPolicy (1 2 36 68980861 1 1 20)
+
+# Mitsubishi
+
+OID = 06 0B 2A 83 08 8C 1A 4B 3D 01 01 01
+Comment = Mitsubishi security algorithm
+Description = symmetric-encryption-algorithm (1 2 392 200011 61 1 1 1)
+
+OID = 06 0C 2A 83 08 8C 9A 4B 3D 01 01 01 01
+Comment = Mitsubishi security algorithm
+Description = misty1-cbc (1 2 392 200011 61 1 1 1 1)
+
+# SEIS
+
+OID = 06 05 2A 85 70 22 01
+Comment = SEIS Project
+Description = seis-cp (1 2 752 34 1)
+
+OID = 06 06 2A 85 70 22 01 01
+Comment = SEIS Project certificate policies
+Description = SEIS high-assurnace certificatePolicy (1 2 752 34 1 1)
+
+OID = 06 06 2A 85 70 22 01 02
+Comment = SEIS Project certificate policies
+Description = SEIS GAK certificatePolicy (1 2 752 34 1 2)
+
+OID = 06 05 2A 85 70 22 02
+Comment = SEIS Project
+Description = SEIS pe (1 2 752 34 2)
+
+OID = 06 05 2A 85 70 22 03
+Comment = SEIS Project
+Description = SEIS at (1 2 752 34 3)
+
+OID = 06 06 2A 85 70 22 03 01
+Comment = SEIS Project attribute
+Description = SEIS at-personalIdentifier (1 2 752 34 3 1)
+
+# ANSI X9.57
+
+OID = 06 06 2A 86 48 CE 38 01
+Comment = ANSI X9.57
+Description = module (1 2 840 10040 1)
+
+OID = 06 07 2A 86 48 CE 38 01 01
+Comment = ANSI X9.57 module
+Description = x9f1-cert-mgmt (1 2 840 10040 1 1)
+
+OID = 06 06 2A 86 48 CE 38 02
+Comment = ANSI X9.57
+Description = holdinstruction (1 2 840 10040 2)
+
+OID = 06 07 2A 86 48 CE 38 02 01
+Comment = ANSI X9.57 hold instruction
+Description = holdinstruction-none (1 2 840 10040 2 1)
+
+OID = 06 07 2A 86 48 CE 38 02 02
+Comment = ANSI X9.57 hold instruction
+Description = callissuer (1 2 840 10040 2 2)
+
+OID = 06 07 2A 86 48 CE 38 02 03
+Comment = ANSI X9.57 hold instruction
+Description = reject (1 2 840 10040 2 3)
+
+OID = 06 07 2A 86 48 CE 38 02 04
+Comment = ANSI X9.57 hold instruction
+Description = pickupToken (1 2 840 10040 2 4)
+
+OID = 06 06 2A 86 48 CE 38 03
+Comment = ANSI X9.57
+Description = attribute (1 2 840 10040 3)
+
+OID = 06 06 2A 86 48 CE 38 03 01
+Comment = ANSI X9.57 attribute
+Description = countersignature (1 2 840 10040 3 1)
+
+OID = 06 06 2A 86 48 CE 38 03 02
+Comment = ANSI X9.57 attribute
+Description = attribute-cert (1 2 840 10040 3 2)
+
+OID = 06 06 2A 86 48 CE 38 04
+Comment = ANSI X9.57
+Description = algorithm (1 2 840 10040 4)
+
+# this is specified in sm_cms
+OID = 06 07 2A 86 48 CE 38 04 01
+Comment = ANSI X9.57 algorithm
+Description = dsa (1 2 840 10040 4 1)
+
+OID = 06 07 2A 86 48 CE 38 04 02
+Comment = ANSI X9.57 algorithm
+Description = dsa-match (1 2 840 10040 4 2)
+
+OID = 06 07 2A 86 48 CE 38 04 03
+Comment = ANSI X9.57 algorithm
+Description = dsaWithSha1 (1 2 840 10040 4 3)
+
+# ANSI X9.62
+
+OID = 06 06 2A 86 48 CE 3D 01
+Comment = ANSI X9.62. This OID may also be assigned as ecdsa-with-SHA1
+Description = fieldType (1 2 840 10045 1)
+
+OID = 06 07 2A 86 48 CE 3D 01 01
+Comment = ANSI X9.62 field type
+Description = prime-field (1 2 840 10045 1 1)
+
+OID = 06 07 2A 86 48 CE 3D 01 02
+Comment = ANSI X9.62 field type
+Description = characteristic-two-field (1 2 840 10045 1 2)
+
+OID = 06 09 2A 86 48 CE 3D 01 02 03
+Comment = ANSI X9.62 field type
+Description = characteristic-two-basis (1 2 840 10045 1 2 3)
+
+OID = 06 0A 2A 86 48 CE 3D 01 02 03 01
+Comment = ANSI X9.62 field basis
+Description = onBasis (1 2 840 10045 1 2 3 1)
+
+OID = 06 0A 2A 86 48 CE 3D 01 02 03 02
+Comment = ANSI X9.62 field basis
+Description = tpBasis (1 2 840 10045 1 2 3 2)
+
+OID = 06 0A 2A 86 48 CE 3D 01 02 03 03
+Comment = ANSI X9.62 field basis
+Description = ppBasis (1 2 840 10045 1 2 3 3)
+
+OID = 06 07 2A 86 48 CE 3D 01 02
+Comment = ANSI X9.62
+Description = public-key-type (1 2 840 10045 1 2)
+
+OID = 06 08 2A 86 48 CE 3D 01 02 01
+Comment = ANSI X9.62 public key type
+Description = ecPublicKey (1 2 840 10045 1 2 1)
+
+# The definition for the following OID is somewhat confused, and is given as
+# keyType, publicKeyType, and public-key-type, all within 4 lines of text.
+# ecPublicKey is defined using the ID publicKeyType, so this is what's used
+# here.
+OID = 06 06 2A 86 48 CE 3D 02
+Comment = ANSI X9.62
+Description = publicKeyType (1 2 840 10045 2)
+
+OID = 06 07 2A 86 48 CE 3D 02 01
+Comment = ANSI X9.62 public key type
+Description = ecPublicKey (1 2 840 10045 2 1)
+
+# ANSI X9.42
+
+OID = 06 07 2A 86 48 CE 3E 02
+Comment = ANSI X9.42
+Description = number-type (1 2 840 10046 2)
+
+OID = 06 07 2A 86 48 CE 3E 02 01
+Comment = ANSI X9.42 number-type
+Description = dhPublicNumber (1 2 840 10046 2 1)
+
+# Nortel Secure Networks/Entrust
+
+OID = 06 07 2A 86 48 86 F6 7D 07
+Description = nsn (1 2 840 113533 7)
+
+OID = 06 08 2A 86 48 86 F6 7D 07 41
+Description = nsn-ce (1 2 840 113533 7 65)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 41 00
+Comment = Nortel Secure Networks ce (1 2 840 113533 7 65)
+Description = entrustVersInfo (1 2 840 113533 7 65 0)
+
+OID = 06 08 2A 86 48 86 F6 7D 07 42
+Description = nsn-alg (1 2 840 113533 7 66)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 42 03
+Comment = Nortel Secure Networks alg (1 2 840 113533 7 66)
+Description = cast3CBC (1 2 840 113533 7 66 3)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 42 0A
+Comment = Nortel Secure Networks alg (1 2 840 113533 7 66)
+Description = cast5CBC (1 2 840 113533 7 66 10)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 42 0B
+Comment = Nortel Secure Networks alg (1 2 840 113533 7 66)
+Description = cast5MAC (1 2 840 113533 7 66 11)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 42 0C
+Comment = Nortel Secure Networks alg (1 2 840 113533 7 66)
+Description = pbeWithMD5AndCAST5-CBC (1 2 840 113533 7 66 12)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 42 0D
+Comment = Nortel Secure Networks alg (1 2 840 113533 7 66)
+Description = passwordBasedMac (1 2 840 113533 7 66 13)
+
+OID = 06 08 2A 86 48 86 F6 7D 07 43
+Description = nsn-oc (1 2 840 113533 7 67)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 43 0C
+Comment = Nortel Secure Networks oc (1 2 840 113533 7 67)
+Description = entrustUser (1 2 840 113533 7 67 0)
+
+OID = 06 08 2A 86 48 86 F6 7D 07 44
+Description = nsn-at (1 2 840 113533 7 68)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 44 00
+Comment = Nortel Secure Networks at (1 2 840 113533 7 68)
+Description = entrustCAInfo (1 2 840 113533 7 68 0)
+
+OID = 06 09 2A 86 48 86 F6 7D 07 44 0A
+Comment = Nortel Secure Networks at (1 2 840 113533 7 68)
+Description = attributeCertificate (1 2 840 113533 7 68 10)
+
+# PKCS #1
+
+OID = 06 08 2A 86 48 86 F7 0D 01 01
+Description = pkcs-1 (1 2 840 113549 1 1)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 01 01
+Comment = PKCS #1
+Description = rsaEncryption (1 2 840 113549 1 1 1)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 01 02
+Comment = PKCS #1
+Description = md2withRSAEncryption (1 2 840 113549 1 1 2)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 01 03
+Comment = PKCS #1
+Description = md4withRSAEncryption (1 2 840 113549 1 1 3)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 01 04
+Comment = PKCS #1
+Description = md5withRSAEncryption (1 2 840 113549 1 1 4)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 01 05
+Comment = PKCS #1
+Description = sha1withRSAEncryption (1 2 840 113549 1 1 5)
+
+# There is some confusion over the identity of the following OID. The OAEP
+# one is more recent, but independant vendors have already used the RIPEMD
+# one, however it's likely that SET will be a bigger hammer so we report it
+# as that.
+OID = 06 09 2A 86 48 86 F7 0D 01 01 06
+Comment = PKCS #1. This OID may also be assigned as ripemd160WithRSAEncryption
+Description = rsaOAEPEncryptionSET (1 2 840 113549 1 1 6)
+# ripemd160WithRSAEncryption (1 2 840 113549 1 1 6)
+
+# PKCS #3
+
+OID = 06 08 2A 86 48 86 F7 0D 01 03
+Description = pkcs-3 (1 2 840 113549 1 3)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 03 01
+Comment = PKCS #3
+Description = dhKeyAgreement (1 2 840 113549 1 3 1)
+
+# PKCS #5
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05
+Description = pkcs-5 (1 2 840 113549 1 5)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 01
+Comment = PKCS #5
+Description = pbeWithMD2AndDES-CBC (1 2 840 113549 1 5 1)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 03
+Comment = PKCS #5
+Description = pbeWithMD5AndDES-CBC (1 2 840 113549 1 5 3)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 04
+Comment = PKCS #5
+Description = pbeWithMD2AndRC2-CBC (1 2 840 113549 1 5 4)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 06
+Comment = PKCS #5
+Description = pbeWithMD5AndRC2-CBC (1 2 840 113549 1 5 6)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 09
+Comment = PKCS #5, used in BSAFE only
+Description = pbeWithMD5AndXOR (1 2 840 113549 1 5 9)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 05 0A
+Comment = PKCS #5
+Description = pbeWithSHAAndDES-CBC (1 2 840 113549 1 5 10)
+
+# PKCS #7
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07
+Description = pkcs-7 (1 2 840 113549 1 7)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 01
+Comment = PKCS #7
+Description = data (1 2 840 113549 1 7 1)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 02
+Comment = PKCS #7
+Description = signedData (1 2 840 113549 1 7 2)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 03
+Comment = PKCS #7
+Description = envelopedData (1 2 840 113549 1 7 3)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 04
+Comment = PKCS #7
+Description = signedAndEnvelopedData (1 2 840 113549 1 7 4)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 05
+Comment = PKCS #7
+Description = digestedData (1 2 840 113549 1 7 5)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 06
+Comment = PKCS #7
+Description = encryptedData (1 2 840 113549 1 7 6)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 07
+Comment = PKCS #7 experimental
+Description = dataWithAttributes (1 2 840 113549 1 7 7)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 07 08
+Comment = PKCS #7 experimental
+Description = encryptedPrivateKeyInfo (1 2 840 113549 1 7 8)
+Warning
+
+# PKCS #9
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09
+Description = pkcs-9 (1 2 840 113549 1 9)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 01
+Comment = PKCS #9 (1 2 840 113549 1 9). Deprecated, use an altName extension instead
+Description = emailAddress (1 2 840 113549 1 9 1)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 02
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = unstructuredName (1 2 840 113549 1 9 2)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 03
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = contentType (1 2 840 113549 1 9 3)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 04
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = messageDigest (1 2 840 113549 1 9 4)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 05
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = signingTime (1 2 840 113549 1 9 5)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 06
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = countersignature (1 2 840 113549 1 9 6)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 07
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = challengePassword (1 2 840 113549 1 9 7)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 08
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = unstructuredAddress (1 2 840 113549 1 9 8)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 09
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = extendedCertificateAttributes (1 2 840 113549 1 9 9)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 0A
+Comment = PKCS #9 (1 2 840 113549 1 9) experimental
+Description = issuerAndSerialNumber (1 2 840 113549 1 9 10)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 0B
+Comment = PKCS #9 (1 2 840 113549 1 9) experimental
+Description = passwordCheck (1 2 840 113549 1 9 11)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 0C
+Comment = PKCS #9 (1 2 840 113549 1 9) experimental
+Description = publicKey (1 2 840 113549 1 9 12)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 0D
+Comment = PKCS #9 (1 2 840 113549 1 9) experimental
+Description = signingDescription (1 2 840 113549 1 9 13)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 0E
+Comment = PKCS #9 (1 2 840 113549 1 9) experimental
+Description = extensionReq (1 2 840 113549 1 9 14)
+
+# PKCS #9 for use with S/MIME
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 0F
+Comment = PKCS #9 (1 2 840 113549 1 9). This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name
+Description = sMIMECapabilities (1 2 840 113549 1 9 15)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 01
+Comment = sMIMECapabilities (1 2 840 113549 1 9 15)
+Description = preferSignedData (1 2 840 113549 1 9 15 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 02
+Comment = sMIMECapabilities (1 2 840 113549 1 9 15)
+Description = canNotDecryptAny (1 2 840 113549 1 9 15 2)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 03
+Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 1) instead
+Description = receiptRequest (1 2 840 113549 1 9 15 3)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 04
+Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 1 1) instead
+Description = receipt (1 2 840 113549 1 9 15 4)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 05
+Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 4) instead
+Description = contentHints (1 2 840 113549 1 9 15 5)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 06
+Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 3) instead
+Description = mlExpansionHistory (1 2 840 113549 1 9 15 6)
+Warning
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 10
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = id-sMIME (1 2 840 113549 1 9 16)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 00
+Comment = id-sMIME (1 2 840 113549 1 9 16)
+Description = id-mod (1 2 840 113549 1 9 16 0)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 01
+Comment = S/MIME Modules (1 2 840 113549 1 9 16 0)
+Description = id-mod-cms (1 2 840 113549 1 9 16 0 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 02
+Comment = S/MIME Modules (1 2 840 113549 1 9 16 0)
+Description = id-mod-ess (1 2 840 113549 1 9 16 0 2)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 01
+Comment = id-sMIME (1 2 840 113549 1 9 16)
+Description = id-ct (1 2 840 113549 1 9 16 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 01
+Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1)
+Description = id-ct-receipt (1 2 840 113549 1 9 16 1 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 02
+Comment = id-sMIME (1 2 840 113549 1 9 16)
+Description = id-aa (1 2 840 113549 1 9 16 2)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 01
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-receiptRequest (1 2 840 113549 1 9 16 2 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 02
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-securityLabel (1 2 840 113549 1 9 16 2 2)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 03
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-mlExpandHistory (1 2 840 113549 1 9 16 2 3)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 04
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-contentHint (1 2 840 113549 1 9 16 2 4)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 05
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-msgSigDigest (1 2 840 113549 1 9 16 2 5)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 07
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-contentIdentifier (1 2 840 113549 1 9 16 2 7)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 08
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-macValue (1 2 840 113549 1 9 16 2 8)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 09
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-equivalentLabels (1 2 840 113549 1 9 16 2 9)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0A
+Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)
+Description = id-aa-contentReference (1 2 840 113549 1 9 16 2 10)
+
+# PKCS #9 for use with PKCS #12
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 14
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = friendlyName (for PKCS #12) (1 2 840 113549 1 9 20)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 15
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = localKeyID (for PKCS #12) (1 2 840 113549 1 9 21)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 16
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = certTypes (for PKCS #12) (1 2 840 113549 1 9 22)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 16 01
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = x509Certificate (for PKCS #12) (1 2 840 113549 1 9 22 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 16 02
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = sdsiCertificate (for PKCS #12) (1 2 840 113549 1 9 22 2)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 09 17
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = crlTypes (for PKCS #12) (1 2 840 113549 1 9 23)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 09 17 01
+Comment = PKCS #9 (1 2 840 113549 1 9)
+Description = x509Crl (for PKCS #12) (1 2 840 113549 1 9 23 1)
+
+# PKCS #12. Note that current PKCS #12 implementations tend to be strange and
+# peculiar, with implementors misusing OIDs or basing their work on earlier PFX
+# drafts or defining their own odd OIDs. In addition the PFX/PKCS #12 spec
+# itself is full of errors and inconsistencies, and a number of OIDs have been
+# redefined in different drafts (often multiple times), which doesn't make the
+# implementors job any easier.
+
+OID = 06 08 2A 86 48 86 F7 0D 01 0C
+Description = pkcs-12 (1 2 840 113549 1 12)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 0C 01
+Comment = This OID was formerly assigned as PKCS #12 modeID
+Description = pkcs-12-PbeIds (1 2 840 113549 1 12 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 01
+Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 1). This OID was formerly assigned as pkcs-12-OfflineTransportMode
+Description = pbeWithSHAAnd128BitRC4 (1 2 840 113549 1 12 1 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 02
+Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 2). This OID was formerly assigned as pkcs-12-OnlineTransportMode
+Description = pbeWithSHAAnd40BitRC4 (1 2 840 113549 1 12 1 2)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 03
+Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3)
+Description = pbeWithSHAAnd3-KeyTripleDES-CBC (1 2 840 113549 1 12 1 3)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 04
+Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3)
+Description = pbeWithSHAAnd2-KeyTripleDES-CBC (1 2 840 113549 1 12 1 4)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 05
+Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3)
+Description = pbeWithSHAAnd128BitRC2-CBC (1 2 840 113549 1 12 1 5)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 06
+Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3)
+Description = pbeWithSHAAnd40BitRC2-CBC (1 2 840 113549 1 12 1 6)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 0C 02
+Comment = Deprecated
+Description = pkcs-12-ESPVKID (1 2 840 113549 1 12 2)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 02 01
+Comment = PKCS #12 ESPVKID (1 2 840 113549 1 12 2). Deprecated, use (1 2 840 113549 1 12 3 5) instead
+Description = pkcs-12-PKCS8KeyShrouding (1 2 840 113549 1 12 2 1)
+Warning
+
+# The following appear to have been redefined yet again at 12 10 in the latest
+# PKCS #12 spec.
+OID = 06 09 2A 86 48 86 F7 0D 01 0C 03
+Description = pkcs-12-BagIds (1 2 840 113549 1 12 3)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 01
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3)
+Description = pkcs-12-keyBagId (1 2 840 113549 1 12 3 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 02
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3)
+Description = pkcs-12-certAndCRLBagId (1 2 840 113549 1 12 3 2)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 03
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3)
+Description = pkcs-12-secretBagId (1 2 840 113549 1 12 3 3)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 04
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3)
+Description = pkcs-12-safeContentsId (1 2 840 113549 1 12 3 4)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 05
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3)
+Description = pkcs-12-pkcs-8ShroudedKeyBagId (1 2 840 113549 1 12 3 5)
+
+OID = 06 09 2A 86 48 86 F7 0D 01 0C 04
+Comment = Deprecated
+Description = pkcs-12-CertBagID (1 2 840 113549 1 12 4)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 04 01
+Comment = PKCS #12 CertBagID (1 2 840 113549 1 12 4). This OID was formerly assigned as pkcs-12-X509CertCRLBag
+Description = pkcs-12-X509CertCRLBagID (1 2 840 113549 1 12 4 1)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 04 02
+Comment = PKCS #12 CertBagID (1 2 840 113549 1 12 4). This OID was formerly assigned as pkcs-12-SDSICertBag
+Description = pkcs-12-SDSICertBagID (1 2 840 113549 1 12 4 2)
+
+# The following are from PFX. The ... 5 1 values have been reassigned to OIDs
+# with incompatible algorithms at ... 1, the 5 2 values seem to have vanished.
+OID = 06 09 2A 86 48 86 F7 0D 01 0C 05
+Description = pkcs-12-OID (1 2 840 113549 1 12 5)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 01
+Comment = PKCS #12 OID (1 2 840 113549 1 12 5). Deprecated, use the partially compatible (1 2 840 113549 1 12 1) OIDs instead
+Description = pkcs-12-PBEID (1 2 840 113549 1 12 5 1)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 01
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 1) instead
+Description = pkcs-12-PBEWithSha1And128BitRC4 (1 2 840 113549 1 12 5 1 1)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 02
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 2) instead
+Description = pkcs-12-PBEWithSha1And40BitRC4 (1 2 840 113549 1 12 5 1 2)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 03
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 3) or (1 2 840 113549 1 12 1 4) instead
+Description = pkcs-12-PBEWithSha1AndTripleDESCBC (1 2 840 113549 1 12 5 1 3)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 04
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 5) instead
+Description = pkcs-12-PBEWithSha1And128BitRC2CBC (1 2 840 113549 1 12 5 1 4)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 05
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 6) instead
+Description = pkcs-12-PBEWithSha1And40BitRC2CBC (1 2 840 113549 1 12 5 1 5)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 06
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 1) or (1 2 840 113549 1 12 1 2) instead
+Description = pkcs-12-PBEWithSha1AndRC4 (1 2 840 113549 1 12 5 1 6)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 07
+Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 5) or (1 2 840 113549 1 12 1 6) instead
+Description = pkcs-12-PBEWithSha1AndRC2CBC (1 2 840 113549 1 12 5 1 7)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 02
+Description = pkcs-12-EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 01
+Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead
+Description = pkcs-12-RSAEncryptionWith128BitRC4 (1 2 840 113549 1 12 5 2 1)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 02
+Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead
+Description = pkcs-12-RSAEncryptionWith40BitRC4 (1 2 840 113549 1 12 5 2 2)
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 03
+Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead
+Description = pkcs-12-RSAEncryptionWithTripleDES (1 2 840 113549 1 12 5 2 3)
+Warning
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 03
+Description = pkcs-12-SignatureID (1 2 840 113549 1 12 5 3). Deprecated, use the conventional PKCS #1 OIDs instead
+Warning
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 03 01
+Comment = PKCS #12 OID SignatureID (1 2 840 113549 1 12 5 3). Deprecated, use the conventional PKCS #1 OIDs instead
+Description = pkcs-12-RSASignatureWithSHA1Digest (1 2 840 113549 1 12 5 3 1)
+Warning
+
+# Yet *another* redefinition of the PKCS #12 "bag" ID's, now in a different
+# order than the last redefinition at ... 12 3.
+OID = 06 09 2A 86 48 86 F7 0D 01 0C 0A
+Description = pkcs-12Version1 (1 2 840 113549 1 12 10)
+
+OID = 06 0A 2A 86 48 86 F7 0D 01 0C 0A 01
+Description = pkcs-12BadIds (1 2 840 113549 1 12 10 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 01
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1)
+Description = pkcs-12-keyBag (1 2 840 113549 1 12 10 1 1)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 02
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1)
+Description = pkcs-12-pkcs-8ShroudedKeyBag (1 2 840 113549 1 12 10 1 2)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 03
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1)
+Description = pkcs-12-certBag (1 2 840 113549 1 12 10 1 3)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 04
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1)
+Description = pkcs-12-crlBag (1 2 840 113549 1 12 10 1 4)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 05
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1)
+Description = pkcs-12-secretBag (1 2 840 113549 1 12 10 1 5)
+
+OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 06
+Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1)
+Description = pkcs-12-safeContentsBag (1 2 840 113549 1 12 10 1 6)
+
+# RSADSI digest algorithms
+
+OID = 06 08 2A 86 48 86 F7 0D 02
+Description = digestAlgorithm (1 2 840 113549 2)
+
+OID = 06 08 2A 86 48 86 F7 0D 02 02
+Comment = RSADSI digestAlgorithm (1 2 840 113549 2)
+Description = md2 (1 2 840 113549 2 2)
+
+OID = 06 08 2A 86 48 86 F7 0D 02 04
+Comment = RSADSI digestAlgorithm (1 2 840 113549 2)
+Description = md4 (1 2 840 113549 2 4)
+
+OID = 06 08 2A 86 48 86 F7 0D 02 05
+Comment = RSADSI digestAlgorithm (1 2 840 113549 2)
+Description = md5 (1 2 840 113549 2 5)
+
+# RSADSI encryption algorithms
+
+OID = 06 08 2A 86 48 86 F7 0D 03
+Description = encryptionAlgorithm (1 2 840 113549 3)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 02
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = rc2CBC (1 2 840 113549 3 2)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 03
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = rc2ECB (1 2 840 113549 3 3)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 04
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = rc4 (1 2 840 113549 3 4)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 05
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = rc4WithMAC (1 2 840 113549 3 5)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 06
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = desx-CBC (1 2 840 113549 3 6)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 07
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = des-EDE3-CBC (1 2 840 113549 3 7)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 08
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = rc5CBC (1 2 840 113549 3 8)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 09
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3)
+Description = rc5-CBCPad (1 2 840 113549 3 9)
+
+OID = 06 08 2A 86 48 86 F7 0D 03 0A
+Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3). Formerly called CDMFCBCPad
+Description = desCDMF (1 2 840 113549 3 10)
+
+# Ascom Systech
+
+OID = 06 0A 2B 06 01 04 01 81 3C 07 01 01
+Comment = Ascom Systech
+Description = ascom (1 3 6 1 4 1 188 7 1 1)
+
+OID = 06 0B 2B 06 01 04 01 81 3C 07 01 01 01
+Comment = Ascom Systech
+Description = ideaECB (1 3 6 1 4 1 188 7 1 1 1)
+
+# Microsoft
+
+OID = 06 08 2A 86 48 86 F7 14 04 03
+Comment = Microsoft
+Description = microsoftExcel (1 2 840 113556 4 3)
+
+OID = 06 08 2A 86 48 86 F7 14 04 04
+Comment = Microsoft
+Description = titledWithOID (1 2 840 113556 4 4)
+
+OID = 06 08 2A 86 48 86 F7 14 04 05
+Comment = Microsoft
+Description = microsoftPowerPoint (1 2 840 113556 4 5)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 04
+Comment = Microsoft code signing
+Description = spcIndirectDataContext (1 3 6 1 4 1 311 2 1 4)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 0A
+Comment = Microsoft code signing. Also known as policyLink
+Description = spcAgencyInfo (1 3 6 1 4 1 311 2 1 10)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 0B
+Comment = Microsoft code signing
+Description = spcStatementType (1 3 6 1 4 1 311 2 1 11)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 0C
+Comment = Microsoft code signing
+Description = spcSpOpusInfo (1 3 6 1 4 1 311 2 1 12)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 0E
+Comment = Microsoft
+Description = certExtensions (1 3 6 1 4 1 311 2 1 14)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 0F
+Comment = Microsoft code signing
+Description = spcPelmageData (1 3 6 1 4 1 311 2 1 15)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 14
+Comment = Microsoft code signing. Also known as "glue extension"
+Description = spcLink (type 1) (1 3 6 1 4 1 311 2 1 20)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 15
+Comment = Microsoft
+Description = individualCodeSigning (1 3 6 1 4 1 311 2 1 21)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 16
+Comment = Microsoft
+Description = commercialCodeSigning (1 3 6 1 4 1 311 2 1 22)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 19
+Comment = Microsoft code signing. Also known as "glue extension"
+Description = spcLink (type 2) (1 3 6 1 4 1 311 2 1 25)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 1A
+Comment = Microsoft code signing
+Description = spcMinimalCriteriaInfo (1 3 6 1 4 1 311 2 1 26)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 1B
+Comment = Microsoft code signing
+Description = spcFinancialCriteriaInfo (1 3 6 1 4 1 311 2 1 27)
+
+OID = 06 0A 2B 06 01 04 01 82 37 02 01 1C
+Comment = Microsoft code signing. Also known as "glue extension"
+Description = spcLink (type 3) (1 3 6 1 4 1 311 2 1 28)
+
+OID = 06 0A 2B 06 01 04 01 82 37 03 02 01
+Comment = Microsoft code signing
+Description = timestampCountersignature (1 3 6 1 4 1 311 3 2 1)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 01
+Comment = Microsoft PKCS #7 contentType
+Description = certTrustList (1 3 6 1 4 1 311 10 1)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 02
+Comment = Microsoft
+Description = nextUpdateLocation (1 3 6 1 4 1 311 10 2)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 03 01
+Comment = Microsoft enhanced key usage
+Description = certTrustListSigning (1 3 6 1 4 1 311 10 3 1)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 03 02
+Comment = Microsoft enhanced key usage
+Description = timeStampSigning (1 3 6 1 4 1 311 10 3 2)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 03 03
+Comment = Microsoft enhanced key usage
+Description = serverGatedCrypto (1 3 6 1 4 1 311 10 3 3)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 03 04
+Comment = Microsoft enhanced key usage
+Description = encryptedFileSystem (1 3 6 1 4 1 311 10 3 4)
+
+OID = 06 0A 2B 06 01 04 01 82 37 0A 04 01
+Comment = Microsoft attribute
+Description = yesnoTrustAttr (1 3 6 1 4 1 311 10 4 1)
+
+# UNINETT
+
+OID = 06 0A 2B 06 01 04 01 92 7C 0A 01 01
+Comment = UNINETT PCA
+Description = UNINETT policyIdentifier (1 3 6 1 4 1 2428 10 1 1)
+
+# ICE-TEL
+
+OID = 06 08 2B 06 01 04 01 95 18 0A
+Comment = ICE-TEL CA
+Description = ICE-TEL policyIdentifier (1 3 6 1 4 1 2712 10)
+
+OID = 06 0A 2B 06 01 04 01 95 62 01 01 01
+Comment = ICE-TEL CA policy
+Description = ICE-TEL Italian policyIdentifier (1 3 6 1 4 1 2786 1 1 1)
+
+# cryptlib
+
+OID = 06 09 2B 06 01 04 01 97 55 20 01
+Comment = cryptlib
+Description = cryptlibEnvelope (1 3 6 1 4 1 3029 32 1)
+
+OID = 06 09 2B 06 01 04 01 97 55 20 02
+Comment = cryptlib
+Description = cryptlibPrivateKey (1 3 6 1 4 1 3029 32 2)
+
+OID = 06 0B 2B 06 01 04 01 97 55 2A D7 24 01
+Comment = cryptlib special MPEG-of-cat OID
+Description = mpeg-1 (1 3 6 1 4 1 3029 42 11172 1)
+
+# PKIX
+
+OID = 06 06 2B 06 01 05 05 07
+Description = pkix (1 3 6 1 5 5 7)
+
+OID = 06 07 2B 06 01 05 05 07 01
+Comment = PKIX
+Description = privateExtension (1 3 6 1 5 5 7 1)
+
+OID = 06 08 2B 06 01 05 05 07 01 01
+Comment = PKIX private extension
+Description = authorityInfoAccess (1 3 6 1 5 5 7 1 1)
+
+OID = 06 07 2B 06 01 05 05 07 02
+Comment = PKIX
+Description = policyQualifierIds (1 3 6 1 5 5 7 2)
+
+OID = 06 08 2B 06 01 05 05 07 02 01
+Comment = PKIX policy qualifier
+Description = cps (1 3 6 1 5 5 7 2 1)
+
+OID = 06 08 2B 06 01 05 05 07 02 02
+Comment = PKIX policy qualifier
+Description = unotice (1 3 6 1 5 5 7 2 2)
+
+OID = 06 07 2B 06 01 05 05 07 03
+Comment = PKIX
+Description = keyPurpose (1 3 6 1 5 5 7 3)
+
+OID = 06 08 2B 06 01 05 05 07 03 01
+Comment = PKIX key purpose
+Description = serverAuth (1 3 6 1 5 5 7 3 1)
+
+OID = 06 08 2B 06 01 05 05 07 03 02
+Comment = PKIX key purpose
+Description = clientAuth (1 3 6 1 5 5 7 3 2)
+
+OID = 06 08 2B 06 01 05 05 07 03 03
+Comment = PKIX key purpose
+Description = codeSigning (1 3 6 1 5 5 7 3 3)
+
+OID = 06 08 2B 06 01 05 05 07 03 04
+Comment = PKIX key purpose
+Description = emailProtection (1 3 6 1 5 5 7 3 4)
+
+OID = 06 08 2B 06 01 05 05 07 03 05
+Comment = PKIX key purpose
+Description = ipsecEndSystem (1 3 6 1 5 5 7 3 5)
+
+OID = 06 08 2B 06 01 05 05 07 03 06
+Comment = PKIX key purpose
+Description = ipsecTunnel (1 3 6 1 5 5 7 3 6)
+
+OID = 06 08 2B 06 01 05 05 07 03 07
+Comment = PKIX key purpose
+Description = ipsecUser (1 3 6 1 5 5 7 3 7)
+
+OID = 06 08 2B 06 01 05 05 07 03 08
+Comment = PKIX key purpose
+Description = timeStamping (1 3 6 1 5 5 7 3 8)
+
+OID = 06 07 2B 06 01 05 05 07 04
+Comment = PKIX
+Description = cmpInformationTypes (1 3 6 1 5 5 7 4)
+
+OID = 06 08 2B 06 01 05 05 07 04 01
+Comment = PKIX CMP information
+Description = caProtEncCert (1 3 6 1 5 5 7 4 1)
+
+OID = 06 08 2B 06 01 05 05 07 04 02
+Comment = PKIX CMP information
+Description = signKeyPairTypes (1 3 6 1 5 5 7 4 2)
+
+OID = 06 08 2B 06 01 05 05 07 04 03
+Comment = PKIX CMP information
+Description = encKeyPairTypes (1 3 6 1 5 5 7 4 3)
+
+OID = 06 08 2B 06 01 05 05 07 04 04
+Comment = PKIX CMP information
+Description = preferredSymmAlg (1 3 6 1 5 5 7 4 4)
+
+OID = 06 08 2B 06 01 05 05 07 04 05
+Comment = PKIX CMP information
+Description = caKeyUpdateInfo (1 3 6 1 5 5 7 4 5)
+
+OID = 06 08 2B 06 01 05 05 07 04 06
+Comment = PKIX CMP information
+Description = currentCRL (1 3 6 1 5 5 7 4 6)
+
+OID = 06 08 2B 06 01 05 05 07 30 01
+Comment = PKIX authority info access descriptor
+Description = ocsp (1 3 6 1 5 5 7 48 1)
+
+OID = 06 08 2B 06 01 05 05 07 30 02
+Comment = PKIX authority info access descriptor
+Description = caIssuers (1 3 6 1 5 5 7 48 2)
+
+# ISAKMP
+
+OID = 06 08 2B 06 01 05 05 08 01 01
+Comment = ISAKMP HMAC algorithm
+Description = HMAC-MD5 (1 3 6 1 5 5 8 1 1)
+
+OID = 06 08 2B 06 01 05 05 08 01 02
+Comment = ISAKMP HMAC algorithm
+Description = HMAC-SHA (1 3 6 1 5 5 8 1 2)
+
+OID = 06 08 2B 06 01 05 05 08 01 03
+Comment = ISAKMP HMAC algorithm
+Description = HMAC-Tiger (1 3 6 1 5 5 8 1 3)
+
+# DEC (via ECMA)
+
+OID = 06 07 2B 0C 02 87 73 07 01
+Comment = DASS algorithm
+Description = decEncryptionAlgorithm (1 3 12 2 1011 7 1)
+
+OID = 06 08 2B 0C 02 87 73 07 01 02
+Comment = DASS encryption algorithm
+Description = decDEA (1 3 12 2 1011 7 1 2)
+
+OID = 06 07 2B 0C 02 87 73 07 02
+Comment = DASS algorithm
+Description = decHashAlgorithm (1 3 12 2 1011 7 2)
+
+OID = 06 07 2B 0C 02 87 73 07 02 01
+Comment = DASS hash algorithm
+Description = decMD2 (1 3 12 2 1011 7 2 1)
+
+OID = 06 07 2B 0C 02 87 73 07 02 02
+Comment = DASS hash algorithm
+Description = decMD4 (1 3 12 2 1011 7 2 2)
+
+OID = 06 07 2B 0C 02 87 73 07 03
+Comment = DASS algorithm
+Description = decSignatureAlgorithm (1 3 12 2 1011 7 3)
+
+OID = 06 07 2B 0C 02 87 73 07 03 01
+Comment = DASS signature algorithm
+Description = decMD2withRSA (1 3 12 2 1011 7 3 1)
+
+OID = 06 07 2B 0C 02 87 73 07 03 02
+Comment = DASS signature algorithm
+Description = decMD4withRSA (1 3 12 2 1011 7 3 2)
+
+OID = 06 07 2B 0C 02 87 73 07 03 03
+Comment = DASS signature algorithm
+Description = decDEAMAC (1 3 12 2 1011 7 3 3)
+
+# NIST Open Systems Environment (OSE) Implementor's Workshop (OIW),
+# specialising in oddball and partially-defunct OIDs
+
+OID = 06 05 2B 0E 02 1A 05
+Comment = Unsure about this OID
+Description = sha (1 3 14 2 26 5)
+
+OID = 06 06 2B 0E 03 02 01 01
+Comment = X.509. Unsure about this OID
+Description = rsa (1 3 14 3 2 1 1)
+
+OID = 06 05 2B 0E 03 02 02
+Comment = Oddball OIW OID
+Description = md4WitRSA (1 3 14 3 2 2)
+
+OID = 06 05 2B 0E 03 02 03
+Comment = Oddball OIW OID
+Description = md5WithRSA (1 3 14 3 2 3)
+
+OID = 06 05 2B 0E 03 02 04
+Comment = Oddball OIW OID
+Description = md4WithRSAEncryption (1 3 14 3 2 4)
+
+OID = 06 06 2B 0E 03 02 02 01
+Comment = X.509. Deprecated
+Description = sqmod-N (1 3 14 3 2 2 1)
+Warning
+
+OID = 06 06 2B 0E 03 02 03 01
+Comment = X.509. Deprecated
+Description = sqmod-NwithRSA (1 3 14 3 2 3 1)
+Warning
+
+OID = 06 05 2B 0E 03 02 06
+Description = desECB (1 3 14 3 2 6)
+
+OID = 06 05 2B 0E 03 02 07
+Description = desCBC (1 3 14 3 2 7)
+
+OID = 06 05 2B 0E 03 02 08
+Description = desOFB (1 3 14 3 2 8)
+
+OID = 06 05 2B 0E 03 02 09
+Description = desCFB (1 3 14 3 2 9)
+
+OID = 06 05 2B 0E 03 02 0A
+Description = desMAC (1 3 14 3 2 10)
+
+OID = 06 05 2B 0E 03 02 0B
+Comment = ISO 9796-2, also X9.31 Part 1
+Description = rsaSignature (1 3 14 3 2 11)
+
+# this is used by BSAFE
+OID = 06 05 2B 0E 03 02 0C
+Comment = OIW?, supposedly from an incomplete version of SDN.702 (doesn't match final SDN.702)
+Description = dsa-bsafe (1 3 14 3 2 12)
+Warning
+
+OID = 06 05 2B 0E 03 02 0D
+Comment = Oddball OIW OID. Incorrectly used by JDK 1.1 in place of (1 3 14 3 2 27)
+# Their response was that they know it's wrong, but noone uses SHA0 so it won't
+# cause any problems, right?
+Description = dsaWithSHA (1 3 14 3 2 13)
+Warning
+
+# The various md<x>WithRSASIsignature OIDs are for the ANSI X9.31 draft and use
+# ISO 9796-2 padding rules. This work was derailed during the PKP brouhaha and
+# is still in progress
+OID = 06 05 2B 0E 03 02 0E
+Comment = Oddball OIW OID using 9796-2 padding rules
+Description = mdc2WithRSASignature (1 3 14 3 2 14)
+
+OID = 06 05 2B 0E 03 02 0F
+Comment = Oddball OIW OID using 9796-2 padding rules
+Description = shaWithRSASignature (1 3 14 3 2 15)
+
+OID = 06 05 2B 0E 03 02 10
+Comment = Oddball OIW OID. Deprecated, use a plain DH OID instead
+Description = dhWithCommonModulus (1 3 14 3 2 16)
+Warning
+
+OID = 06 05 2B 0E 03 02 11
+Comment = Oddball OIW OID. Mode is ECB
+Description = desEDE (1 3 14 3 2 17)
+
+OID = 06 05 2B 0E 03 02 12
+Comment = Oddball OIW OID
+Description = sha (1 3 14 3 2 18)
+
+OID = 06 05 2B 0E 03 02 13
+Comment = Oddball OIW OID, DES-based hash, planned for X9.31 Part 2
+Description = mdc-2 (1 3 14 3 2 19)
+
+OID = 06 05 2B 0E 03 02 14
+Comment = Oddball OIW OID. Deprecated, use a plain DSA OID instead
+Description = dsaCommon (1 3 14 3 2 20)
+Warning
+
+OID = 06 05 2B 0E 03 02 15
+Comment = Oddball OIW OID. Deprecated, use a plain dsaWithSHA OID instead
+Description = dsaCommonWithSHA (1 3 14 3 2 21)
+Warning
+
+OID = 06 05 2B 0E 03 02 16
+Comment = Oddball OIW OID
+Description = rsaKeyTransport (1 3 14 3 2 22)
+
+OID = 06 05 2B 0E 03 02 17
+Comment = Oddball OIW OID
+Description = keyed-hash-seal (1 3 14 3 2 23)
+
+OID = 06 05 2B 0E 03 02 18
+Comment = Oddball OIW OID using 9796-2 padding rules
+Description = md2WithRSASignature (1 3 14 3 2 24)
+
+OID = 06 05 2B 0E 03 02 19
+Comment = Oddball OIW OID using 9796-2 padding rules
+Description = md5WithRSASignature (1 3 14 3 2 25)
+
+OID = 06 05 2B 0E 03 02 1A
+Comment = OIW
+Description = sha1 (1 3 14 3 2 26)
+
+# Yet another multiply-assigned OID
+OID = 06 05 2B 0E 03 02 1B
+Comment = OIW. This OID may also be assigned as ripemd-160
+Description = dsaWithSHA1 (1 3 14 3 2 27)
+
+OID = 06 05 2B 0E 03 02 1C
+Comment = OIW
+Description = dsaWithCommonSHA1 (1 3 14 3 2 28)
+
+OID = 06 05 2B 0E 03 02 1D
+Comment = Oddball OIW OID
+Description = sha-1WithRSAEncryption (1 3 14 3 2 29)
+
+OID = 06 05 2B 0E 03 03 01
+Comment = Oddball OIW OID
+Description = simple-strong-auth-mechanism (1 3 14 3 3 1)
+
+OID = 06 06 2B 0E 07 02 01 01
+Comment = Unsure about this OID
+Description = ElGamal (1 3 14 7 2 1 1)
+
+OID = 06 06 2B 0E 07 02 03 01
+Comment = Unsure about this OID
+Description = md2WithRSA (1 3 14 7 2 3 1)
+
+OID = 06 06 2B 0E 07 02 03 02
+Comment = Unsure about this OID
+Description = md2WithElGamal (1 3 14 7 2 3 2)
+
+# Teletrust
+
+OID = 06 03 2B 24 01
+Comment = Teletrust document
+Description = document (1 3 36 1)
+
+OID = 06 04 2B 24 01 01
+Comment = Teletrust document
+Description = finalVersion (1 3 36 1 1)
+
+OID = 06 04 2B 24 01 02
+Comment = Teletrust document
+Description = draft (1 3 36 1 2)
+
+OID = 06 03 2B 24 02
+Comment = Teletrust sio
+Description = sio (1 3 36 2)
+
+OID = 06 04 2B 24 02 01
+Comment = Teletrust sio
+Description = certificate (1 3 36 2 1)
+
+OID = 06 04 2B 24 02 01
+Comment = Teletrust sio
+Description = sedu (1 3 36 2 1)
+
+OID = 06 03 2B 24 03
+Comment = Teletrust algorithm
+Description = algorithm (1 3 36 3)
+
+OID = 06 04 2B 24 03 01
+Comment = Teletrust algorithm
+Description = encryptionAlgorithm (1 3 36 3 1)
+
+OID = 06 05 2B 24 03 01 01
+Comment = Teletrust encryption algorithm
+Description = des (1 3 36 3 1 1)
+
+OID = 06 06 2B 24 03 01 01 01
+Comment = Teletrust encryption algorithm
+Description = desECB_pad (1 3 36 3 1 1 1)
+
+OID = 06 07 2B 24 03 01 01 01 01
+Comment = Teletrust encryption algorithm
+Description = desECB_ISOpad (1 3 36 3 1 1 1 1)
+
+OID = 06 07 2B 24 03 01 01 02 01
+Comment = Teletrust encryption algorithm
+Description = desCBC_pad (1 3 36 3 1 1 2 1)
+
+OID = 06 08 2B 24 03 01 01 02 01 01
+Comment = Teletrust encryption algorithm
+Description = desCBC_ISOpad (1 3 36 3 1 1 2 1 1)
+
+OID = 06 05 2B 24 03 01 03
+Comment = Teletrust encryption algorithm
+Description = des_3 (1 3 36 3 1 3)
+
+OID = 06 07 2B 24 03 01 03 01 01
+Comment = Teletrust encryption algorithm. EDE triple DES
+Description = des_3ECB_pad (1 3 36 3 1 3 1 1)
+
+OID = 06 08 2B 24 03 01 03 01 01 01
+Comment = Teletrust encryption algorithm. EDE triple DES
+Description = des_3ECB_ISOpad (1 3 36 3 1 3 1 1 1)
+
+OID = 06 07 2B 24 03 01 03 02 01
+Comment = Teletrust encryption algorithm. EDE triple DES
+Description = des_3CBC_pad (1 3 36 3 1 3 2 1)
+
+OID = 06 08 2B 24 03 01 03 02 01 01
+Comment = Teletrust encryption algorithm. EDE triple DES
+Description = des_3CBC_ISOpad (1 3 36 3 1 3 2 1 1)
+
+OID = 06 05 2B 24 03 01 02
+Comment = Teletrust encryption algorithm
+Description = idea (1 3 36 3 1 2)
+
+OID = 06 06 2B 24 03 01 02 01
+Comment = Teletrust encryption algorithm
+Description = ideaECB (1 3 36 3 1 2 1)
+
+OID = 06 07 2B 24 03 01 02 01 01
+Comment = Teletrust encryption algorithm
+Description = ideaECB_pad (1 3 36 3 1 2 1 1)
+
+OID = 06 08 2B 24 03 01 02 01 01 01
+Comment = Teletrust encryption algorithm
+Description = ideaECB_ISOpad (1 3 36 3 1 2 1 1 1)
+
+OID = 06 06 2B 24 03 01 02 02
+Comment = Teletrust encryption algorithm
+Description = ideaCBC (1 3 36 3 1 2 2)
+
+OID = 06 07 2B 24 03 01 02 02 01
+Comment = Teletrust encryption algorithm
+Description = ideaCBC_pad (1 3 36 3 1 2 2 1)
+
+OID = 06 08 2B 24 03 01 02 02 01 01
+Comment = Teletrust encryption algorithm
+Description = ideaCBC_ISOpad (1 3 36 3 1 2 2 1 1)
+
+OID = 06 06 2B 24 03 01 02 03
+Comment = Teletrust encryption algorithm
+Description = ideaOFB (1 3 36 3 1 2 3)
+
+OID = 06 06 2B 24 03 01 02 04
+Comment = Teletrust encryption algorithm
+Description = ideaCFB (1 3 36 3 1 2 4)
+
+OID = 06 05 2B 24 03 01 04
+Comment = Teletrust encryption algorithm
+Description = rsaEncryption (1 3 36 3 1 4)
+
+OID = 06 08 2B 24 03 01 04 84 00 11
+Comment = Teletrust encryption algorithm
+Description = rsaEncryptionWithlmod512expe17 (1 3 36 3 1 4 512 17)
+
+OID = 06 05 2B 24 03 01 05
+Comment = Teletrust encryption algorithm
+Description = bsi-1 (1 3 36 3 1 5)
+
+OID = 06 06 2B 24 03 01 05 01
+Comment = Teletrust encryption algorithm
+Description = bsi_1ECB_pad (1 3 36 3 1 5 1)
+
+OID = 06 06 2B 24 03 01 05 02
+Comment = Teletrust encryption algorithm
+Description = bsi_1CBC_pad (1 3 36 3 1 5 2)
+
+OID = 06 07 2B 24 03 01 05 02 01
+Comment = Teletrust encryption algorithm
+Description = bsi_1CBC_PEMpad (1 3 36 3 1 5 2 1)
+
+OID = 06 04 2B 24 03 02
+Comment = Teletrust algorithm
+Description = hashAlgorithm (1 3 36 3 2)
+
+OID = 06 05 2B 24 03 02 01
+Comment = Teletrust hash algorithm
+Description = ripemd160 (1 3 36 3 2 1)
+
+OID = 06 05 2B 24 03 02 02
+Comment = Teletrust hash algorithm
+Description = ripemd128 (1 3 36 3 2 2)
+
+OID = 06 05 2B 24 03 02 03
+Comment = Teletrust hash algorithm
+Description = ripemd256 (1 3 36 3 2 3)
+
+OID = 06 05 2B 24 03 02 04
+Comment = Teletrust hash algorithm
+Description = mdc2singleLength (1 3 36 3 2 4)
+
+OID = 06 05 2B 24 03 02 05
+Comment = Teletrust hash algorithm
+Description = mdc2doubleLength (1 3 36 3 2 5)
+
+OID = 06 04 2B 24 03 03
+Comment = Teletrust algorithm
+Description = signatureAlgorithm (1 3 36 3 3)
+
+OID = 06 05 2B 24 03 03 01
+Comment = Teletrust signature algorithm
+Description = rsaSignature (1 3 36 3 3 1)
+
+OID = 06 06 2B 24 03 03 01 01
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1 (1 3 36 3 3 1 1)
+
+# What *were* they thinking?
+OID = 06 09 2B 24 03 03 01 01 84 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l512_l2 (1 3 36 3 3 1 1 512 2)
+OID = 06 09 2B 24 03 03 01 01 85 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l640_l2 (1 3 36 3 3 1 1 640 2)
+OID = 06 09 2B 24 03 03 01 01 86 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l768_l2 (1 3 36 3 3 1 1 768 2)
+OID = 06 09 2B 24 03 03 01 01 87 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l896_l2 (1 3 36 3 3 1 1 892 2)
+OID = 06 09 2B 24 03 03 01 01 88 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l1024_l2 (1 3 36 3 3 1 1 1024 2)
+OID = 06 09 2B 24 03 03 01 01 84 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l512_l3 (1 3 36 3 3 1 1 512 3)
+OID = 06 09 2B 24 03 03 01 01 85 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l640_l3 (1 3 36 3 3 1 1 640 3)
+OID = 06 09 2B 24 03 03 01 01 86 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l768_l3 (1 3 36 3 3 1 1 768 3)
+OID = 06 09 2B 24 03 03 01 01 87 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l896_l3 (1 3 36 3 3 1 1 896 3)
+OID = 06 09 2B 24 03 03 01 01 88 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l1024_l3 (1 3 36 3 3 1 1 1024 3)
+OID = 06 09 2B 24 03 03 01 01 84 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l512_l5 (1 3 36 3 3 1 1 512 5)
+OID = 06 09 2B 24 03 03 01 01 85 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l640_l5 (1 3 36 3 3 1 1 640 5)
+OID = 06 09 2B 24 03 03 01 01 86 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l768_l5 (1 3 36 3 3 1 1 768 5)
+OID = 06 09 2B 24 03 03 01 01 87 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l896_l5 (1 3 36 3 3 1 1 896 5)
+OID = 06 09 2B 24 03 03 01 01 88 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l1024_l5 (1 3 36 3 3 1 1 1024 5)
+OID = 06 09 2B 24 03 03 01 01 84 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l512_l9 (1 3 36 3 3 1 1 512 9)
+OID = 06 09 2B 24 03 03 01 01 85 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l640_l9 (1 3 36 3 3 1 1 640 9)
+OID = 06 09 2B 24 03 03 01 01 86 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l768_l9 (1 3 36 3 3 1 1 768 9)
+OID = 06 09 2B 24 03 03 01 01 87 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l896_l9 (1 3 36 3 3 1 1 896 9)
+OID = 06 09 2B 24 03 03 01 01 88 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l1024_l9 (1 3 36 3 3 1 1 1024 9)
+OID = 06 09 2B 24 03 03 01 01 84 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l512_l11 (1 3 36 3 3 1 1 512 11)
+OID = 06 09 2B 24 03 03 01 01 85 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l640_l11 (1 3 36 3 3 1 1 640 11)
+OID = 06 09 2B 24 03 03 01 01 86 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l768_l11 (1 3 36 3 3 1 1 768 11)
+OID = 06 09 2B 24 03 03 01 01 87 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l896_l11 (1 3 36 3 3 1 1 896 11)
+OID = 06 09 2B 24 03 03 01 01 88 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithsha1_l1024_l11 (1 3 36 3 3 1 1 1024 11)
+
+OID = 06 06 2B 24 03 03 01 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160 (1 3 36 3 3 1 2)
+
+OID = 06 09 2B 24 03 03 01 02 84 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l512_l2 (1 3 36 3 3 1 2 512 2)
+OID = 06 09 2B 24 03 03 01 02 85 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l640_l2 (1 3 36 3 3 1 2 640 2)
+OID = 06 09 2B 24 03 03 01 02 86 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l768_l2 (1 3 36 3 3 1 2 768 2)
+OID = 06 09 2B 24 03 03 01 02 87 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l896_l2 (1 3 36 3 3 1 2 892 2)
+OID = 06 09 2B 24 03 03 01 02 88 00 02
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l1024_l2 (1 3 36 3 3 1 2 1024 2)
+OID = 06 09 2B 24 03 03 01 02 84 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l512_l3 (1 3 36 3 3 1 2 512 3)
+OID = 06 09 2B 24 03 03 01 02 85 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l640_l3 (1 3 36 3 3 1 2 640 3)
+OID = 06 09 2B 24 03 03 01 02 86 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l768_l3 (1 3 36 3 3 1 2 768 3)
+OID = 06 09 2B 24 03 03 01 02 87 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l896_l3 (1 3 36 3 3 1 2 896 3)
+OID = 06 09 2B 24 03 03 01 02 88 00 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l1024_l3 (1 3 36 3 3 1 2 1024 3)
+OID = 06 09 2B 24 03 03 01 02 84 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l512_l5 (1 3 36 3 3 1 2 512 5)
+OID = 06 09 2B 24 03 03 01 02 85 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l640_l5 (1 3 36 3 3 1 2 640 5)
+OID = 06 09 2B 24 03 03 01 02 86 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l768_l5 (1 3 36 3 3 1 2 768 5)
+OID = 06 09 2B 24 03 03 01 02 87 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l896_l5 (1 3 36 3 3 1 2 896 5)
+OID = 06 09 2B 24 03 03 01 02 88 00 05
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l1024_l5 (1 3 36 3 3 1 2 1024 5)
+OID = 06 09 2B 24 03 03 01 02 84 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l512_l9 (1 3 36 3 3 1 2 512 9)
+OID = 06 09 2B 24 03 03 01 02 85 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l640_l9 (1 3 36 3 3 1 2 640 9)
+OID = 06 09 2B 24 03 03 01 02 86 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l768_l9 (1 3 36 3 3 1 2 768 9)
+OID = 06 09 2B 24 03 03 01 02 87 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l896_l9 (1 3 36 3 3 1 2 896 9)
+OID = 06 09 2B 24 03 03 01 02 88 00 09
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l1024_l9 (1 3 36 3 3 1 2 1024 9)
+OID = 06 09 2B 24 03 03 01 02 84 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l512_l11 (1 3 36 3 3 1 2 512 11)
+OID = 06 09 2B 24 03 03 01 02 85 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l640_l11 (1 3 36 3 3 1 2 640 11)
+OID = 06 09 2B 24 03 03 01 02 86 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l768_l11 (1 3 36 3 3 1 2 768 11)
+OID = 06 09 2B 24 03 03 01 02 87 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l896_l11 (1 3 36 3 3 1 2 896 11)
+OID = 06 09 2B 24 03 03 01 02 88 00 11
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithripemd160_l1024_l11 (1 3 36 3 3 1 2 1024 11)
+
+OID = 06 06 2B 24 03 03 01 03
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithrimpemd128 (1 3 36 3 3 1 3)
+
+OID = 06 06 2B 24 03 03 01 04
+Comment = Teletrust signature algorithm
+Description = rsaSignatureWithrimpemd256 (1 3 36 3 3 1 4)
+
+OID = 06 05 2B 24 03 03 02
+Comment = Teletrust signature algorithm
+Description = ecsieSign (1 3 36 3 3 2)
+
+OID = 06 06 2B 24 03 03 02 01
+Comment = Teletrust signature algorithm
+Description = ecsieSignWithsha1 (1 3 36 3 3 2 1)
+
+OID = 06 06 2B 24 03 03 02 02
+Comment = Teletrust signature algorithm
+Description = ecsieSignWithripemd160 (1 3 36 3 3 2 2)
+
+OID = 06 06 2B 24 03 03 02 03
+Comment = Teletrust signature algorithm
+Description = ecsieSignWithmd2 (1 3 36 3 3 2 3)
+
+OID = 06 06 2B 24 03 03 02 04
+Comment = Teletrust signature algorithm
+Description = ecsieSignWithmd5 (1 3 36 3 3 2 4)
+
+OID = 06 04 2B 24 03 04
+Comment = Teletrust algorithm
+Description = signatureScheme (1 3 36 3 4)
+
+OID = 06 05 2B 24 03 04 01
+Comment = Teletrust signature scheme
+Description = sigS_ISO9796-1 (1 3 36 3 4 1)
+
+OID = 06 05 2B 24 03 04 02
+Comment = Teletrust signature scheme
+Description = sigS_ISO9796-2 (1 3 36 3 4 2)
+
+OID = 06 05 2B 24 03 04 02 01
+Comment = Teletrust signature scheme. Unsure what this is supposed to be
+Description = sigS_ISO9796-2Withred (1 3 36 3 4 2 1)
+
+OID = 06 06 2B 24 03 04 02 02
+Comment = Teletrust signature scheme. Unsure what this is supposed to be
+Description = sigS_ISO9796-2Withrsa (1 3 36 3 4 2 2)
+
+OID = 06 06 2B 24 03 04 02 03
+Comment = Teletrust signature scheme. 9796-2 with random number in padding field
+Description = sigS_ISO9796-2Withrnd (1 3 36 3 4 2 3)
+
+OID = 06 03 2B 24 04
+Comment = Teletrust attribute
+Description = attribute (1 3 36 4)
+
+OID = 06 03 2B 24 05
+Comment = Teletrust policy
+Description = policy (1 3 36 5)
+
+OID = 06 03 2B 24 06
+Comment = Teletrust API
+Description = api (1 3 36 6)
+
+OID = 06 04 2B 24 06 01
+Comment = Teletrust API
+Description = manufacturer-specific_api (1 3 36 6 1)
+
+OID = 06 05 2B 24 06 01 01
+Comment = Teletrust API
+Description = utimaco-api (1 3 36 6 1 1)
+
+OID = 06 04 2B 24 06 02
+Comment = Teletrust API
+Description = functionality-specific_api (1 3 36 6 2)
+
+OID = 06 03 2B 24 07
+Comment = Teletrust key management
+Description = keymgmnt (1 3 36 7)
+
+OID = 06 04 2B 24 07 01
+Comment = Teletrust key management
+Description = keyagree (1 3 36 7 1)
+
+OID = 06 05 2B 24 07 01 01
+Comment = Teletrust key management
+Description = bsiPKE (1 3 36 7 1 1)
+
+OID = 06 04 2B 24 07 02
+Comment = Teletrust key management
+Description = keytrans (1 3 36 7 2)
+
+OID = 06 04 2B 24 07 02 01
+Comment = Teletrust key management. 9796-2 with key stored in hash field
+Description = encISO9796-2Withrsa (1 3 36 7 2 1)
+
+# Thawte
+
+OID = 06 04 2B 65 01 04
+Comment = Thawte
+Description = thawte-ce (1 3 101 1 4)
+
+OID = 06 05 2B 65 01 04 01
+Comment = Thawte certificate extension
+Description = strongExtranet (1 3 101 1 4 1)
+
+# X.520
+
+OID = 06 03 55 04 00
+Comment = X.520 id-at (2 5 4)
+Description = objectClass (2 5 4 0)
+
+OID = 06 03 55 04 01
+Comment = X.520 id-at (2 5 4)
+Description = aliasedEntryName (2 5 4 1)
+
+OID = 06 03 55 04 02
+Comment = X.520 id-at (2 5 4)
+Description = knowledgeInformation (2 5 4 2)
+
+OID = 06 03 55 04 03
+Comment = X.520 id-at (2 5 4)
+Description = commonName (2 5 4 3)
+
+OID = 06 03 55 04 04
+Comment = X.520 id-at (2 5 4)
+Description = surname (2 5 4 4)
+
+OID = 06 03 55 04 05
+Comment = X.520 id-at (2 5 4)
+Description = serialNumber (2 5 4 5)
+
+OID = 06 03 55 04 06
+Comment = X.520 id-at (2 5 4)
+Description = countryName (2 5 4 6)
+
+OID = 06 03 55 04 07
+Comment = X.520 id-at (2 5 4)
+Description = localityName (2 5 4 7)
+
+OID = 06 04 55 04 07 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveLocalityName (2 5 4 7 1)
+
+OID = 06 03 55 04 08
+Comment = X.520 id-at (2 5 4)
+Description = stateOrProvinceName (2 5 4 8)
+
+OID = 06 04 55 04 08 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveStateOrProvinceName (2 5 4 8 1)
+
+OID = 06 03 55 04 09
+Comment = X.520 id-at (2 5 4)
+Description = streetAddress (2 5 4 9)
+
+OID = 06 04 55 04 09 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveStreetAddress (2 5 4 9 1)
+
+OID = 06 03 55 04 0A
+Comment = X.520 id-at (2 5 4)
+Description = organizationName (2 5 4 10)
+
+OID = 06 04 55 04 0A 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveOrganizationName (2 5 4 10 1)
+
+OID = 06 03 55 04 0B
+Comment = X.520 id-at (2 5 4)
+Description = organizationalUnitName (2 5 4 11)
+
+OID = 06 04 55 04 0B 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveOrganizationalUnitName (2 5 4 11 1)
+
+OID = 06 03 55 04 0C
+Comment = X.520 id-at (2 5 4)
+Description = title (2 5 4 12)
+
+OID = 06 03 55 04 0D
+Comment = X.520 id-at (2 5 4)
+Description = description (2 5 4 13)
+
+OID = 06 03 55 04 0E
+Comment = X.520 id-at (2 5 4)
+Description = searchGuide (2 5 4 14)
+
+OID = 06 03 55 04 0F
+Comment = X.520 id-at (2 5 4)
+Description = businessCategory (2 5 4 15)
+
+OID = 06 03 55 04 10
+Comment = X.520 id-at (2 5 4)
+Description = postalAddress (2 5 4 16)
+
+OID = 06 04 55 04 10 01
+Comment = X.520 id-at (2 5 4)
+Description = collectivePostalAddress (2 5 4 16 1)
+
+OID = 06 03 55 04 11
+Comment = X.520 id-at (2 5 4)
+Description = postalCode (2 5 4 17)
+
+OID = 06 04 55 04 11 01
+Comment = X.520 id-at (2 5 4)
+Description = collectivePostalCode (2 5 4 17 1)
+
+OID = 06 03 55 04 12
+Comment = X.520 id-at (2 5 4)
+Description = postOfficeBox (2 5 4 18)
+
+OID = 06 04 55 04 12 01
+Comment = X.520 id-at (2 5 4)
+Description = collectivePostOfficeBox (2 5 4 18 1)
+
+OID = 06 03 55 04 13
+Comment = X.520 id-at (2 5 4)
+Description = physicalDeliveryOfficeName (2 5 4 19)
+
+OID = 06 04 55 04 13 01
+Comment = X.520 id-at (2 5 4)
+Description = collectivePhysicalDeliveryOfficeName (2 5 4 19 1)
+
+OID = 06 03 55 04 14
+Comment = X.520 id-at (2 5 4)
+Description = telephoneNumber (2 5 4 20)
+
+OID = 06 04 55 04 14 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveTelephoneNumber (2 5 4 20 1)
+
+OID = 06 03 55 04 15
+Comment = X.520 id-at (2 5 4)
+Description = telexNumber (2 5 4 21)
+
+OID = 06 04 55 04 15 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveTelexNumber (2 5 4 21 1)
+
+OID = 06 03 55 04 16
+Comment = X.520 id-at (2 5 4)
+Description = teletexTerminalIdentifier (2 5 4 22)
+
+OID = 06 04 55 04 16 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveTeletexTerminalIdentifier (2 5 4 22 1)
+
+OID = 06 03 55 04 17
+Comment = X.520 id-at (2 5 4)
+Description = facsimileTelephoneNumber (2 5 4 23)
+
+OID = 06 04 55 04 17 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveFacsimileTelephoneNumber (2 5 4 23 1)
+
+OID = 06 03 55 04 18
+Comment = X.520 id-at (2 5 4)
+Description = x121Address (2 5 4 24)
+
+OID = 06 03 55 04 19
+Comment = X.520 id-at (2 5 4)
+Description = internationalISDNNumber (2 5 4 25)
+
+OID = 06 04 55 04 19 01
+Comment = X.520 id-at (2 5 4)
+Description = collectiveInternationalISDNNumber (2 5 4 25 1)
+
+OID = 06 03 55 04 1A
+Comment = X.520 id-at (2 5 4)
+Description = registeredAddress (2 5 4 26)
+
+OID = 06 03 55 04 1B
+Comment = X.520 id-at (2 5 4)
+Description = destinationIndicator (2 5 4 27)
+
+OID = 06 03 55 04 1C
+Comment = X.520 id-at (2 5 4)
+Description = preferredDeliveryMehtod (2 5 4 28)
+
+OID = 06 03 55 04 1D
+Comment = X.520 id-at (2 5 4)
+Description = presentationAddress (2 5 4 29)
+
+OID = 06 03 55 04 1E
+Comment = X.520 id-at (2 5 4)
+Description = supportedApplicationContext (2 5 4 30)
+
+OID = 06 03 55 04 1F
+Comment = X.520 id-at (2 5 4)
+Description = member (2 5 4 31)
+
+OID = 06 03 55 04 20
+Comment = X.520 id-at (2 5 4)
+Description = owner (2 5 4 32)
+
+OID = 06 03 55 04 21
+Comment = X.520 id-at (2 5 4)
+Description = roleOccupant (2 5 4 33)
+
+OID = 06 03 55 04 22
+Comment = X.520 id-at (2 5 4)
+Description = seeAlso (2 5 4 34)
+
+OID = 06 03 55 04 23
+Comment = X.520 id-at (2 5 4)
+Description = userPassword (2 5 4 35)
+
+OID = 06 03 55 04 24
+Comment = X.520 id-at (2 5 4)
+Description = userCertificate (2 5 4 36)
+
+OID = 06 03 55 04 25
+Comment = X.520 id-at (2 5 4)
+Description = caCertificate (2 5 4 37)
+
+OID = 06 03 55 04 26
+Comment = X.520 id-at (2 5 4)
+Description = authorityRevocationList (2 5 4 38)
+
+OID = 06 03 55 04 27
+Comment = X.520 id-at (2 5 4)
+Description = certificateRevocationList (2 5 4 39)
+
+OID = 06 03 55 04 28
+Comment = X.520 id-at (2 5 4)
+Description = crossCertificatePair (2 5 4 40)
+
+OID = 06 03 55 04 29
+Comment = X.520 id-at (2 5 4)
+Description = name (2 5 4 41)
+
+OID = 06 03 55 04 2A
+Comment = X.520 id-at (2 5 4)
+Description = givenName (2 5 4 42)
+
+OID = 06 03 55 04 2B
+Comment = X.520 id-at (2 5 4)
+Description = initials (2 5 4 43)
+
+OID = 06 03 55 04 2C
+Comment = X.520 id-at (2 5 4)
+Description = generationQualifier (2 5 4 44)
+
+OID = 06 03 55 04 2D
+Comment = X.520 id-at (2 5 4)
+Description = uniqueIdentifier (2 5 4 45)
+
+OID = 06 03 55 04 2E
+Comment = X.520 id-at (2 5 4)
+Description = dnQualifier (2 5 4 46)
+
+OID = 06 03 55 04 2F
+Comment = X.520 id-at (2 5 4)
+Description = enhancedSearchGuide (2 5 4 47)
+
+OID = 06 03 55 04 30
+Comment = X.520 id-at (2 5 4)
+Description = protocolInformation (2 5 4 48)
+
+OID = 06 03 55 04 31
+Comment = X.520 id-at (2 5 4)
+Description = distinguishedName (2 5 4 49)
+
+OID = 06 03 55 04 32
+Comment = X.520 id-at (2 5 4)
+Description = uniqueMember (2 5 4 50)
+
+OID = 06 03 55 04 33
+Comment = X.520 id-at (2 5 4)
+Description = houseIdentifier (2 5 4 51)
+
+OID = 06 03 55 04 34
+Comment = X.520 id-at (2 5 4)
+Description = supportedAlgorithms (2 5 4 52)
+
+OID = 06 03 55 04 35
+Comment = X.520 id-at (2 5 4)
+Description = deltaRevocationList (2 5 4 53)
+
+OID = 06 03 55 04 3A
+Comment = X.520 id-at (2 5 4)
+Description = crossCertificatePair (2 5 4 58)
+
+# X500 algorithms
+
+OID = 06 02 55 08
+Description = X.500-Algorithms (2 5 8)
+
+OID = 06 03 55 08 01
+Description = X.500-Alg-Encryption (2 5 8 1)
+
+OID = 06 04 55 08 01 01
+Comment = X.500 algorithms. Ambiguous, since no padding rules specified
+Description = rsa (2 5 8 1 1)
+Warning
+
+# X.509. Some of the smaller values are from early X.509 drafts with
+# cross-pollination from X9.55 and are now deprecated. Alternative OIDs are
+# marked if these are known. In some cases there are multiple generations of
+# superseded OIDs
+
+OID = 06 03 55 1D 01
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 35) instead
+Description = authorityKeyIdentifier (2 5 29 1)
+Warning
+
+OID = 06 03 55 1D 02
+Comment = X.509 id-ce (2 5 29). Obsolete, use keyUsage/extKeyUsage instead
+Description = keyAttributes (2 5 29 2)
+Warning
+
+OID = 06 03 55 1D 03
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 32) instead
+Description = certificatePolicies (2 5 29 3)
+Warning
+
+OID = 06 03 55 1D 04
+Comment = X.509 id-ce (2 5 29). Obsolete, use keyUsage/extKeyUsage instead
+Description = keyUsageRestriction (2 5 29 4)
+Warning
+
+OID = 06 03 55 1D 05
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 33) instead
+Description = policyMapping (2 5 29 5)
+Warning
+
+OID = 06 03 55 1D 06
+Comment = X.509 id-ce (2 5 29). Obsolete, use nameConstraints instead
+Description = subtreesConstraint (2 5 29 6)
+Warning
+
+OID = 06 03 55 1D 07
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 17) instead
+Description = subjectAltName (2 5 29 7)
+Warning
+
+OID = 06 03 55 1D 08
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 18) instead
+Description = issuerAltName (2 5 29 8)
+Warning
+
+OID = 06 03 55 1D 09
+Comment = X.509 id-ce (2 5 29)
+Description = subjectDirectoryAttributes (2 5 29 9)
+
+OID = 06 03 55 1D 0A
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 19) instead
+Description = basicConstraints (2 5 29 10)
+Warning
+
+OID = 06 03 55 1D 0B
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 30) instead
+Description = nameConstraints (2 5 29 11)
+Warning
+
+OID = 06 03 55 1D 0C
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 36) instead
+Description = policyConstraints (2 5 29 12)
+Warning
+
+OID = 06 03 55 1D 0D
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 19) instead
+Description = basicConstraints (2 5 29 13)
+Warning
+
+OID = 06 03 55 1D 0E
+Comment = X.509 id-ce (2 5 29)
+Description = subjectKeyIdentifier (2 5 29 14)
+
+OID = 06 03 55 1D 0F
+Comment = X.509 id-ce (2 5 29)
+Description = keyUsage (2 5 29 15)
+
+OID = 06 03 55 1D 10
+Comment = X.509 id-ce (2 5 29)
+Description = privateKeyUsagePeriod (2 5 29 16)
+
+OID = 06 03 55 1D 11
+Comment = X.509 id-ce (2 5 29)
+Description = subjectAltName (2 5 29 17)
+
+OID = 06 03 55 1D 12
+Comment = X.509 id-ce (2 5 29)
+Description = issuerAltName (2 5 29 18)
+
+OID = 06 03 55 1D 13
+Comment = X.509 id-ce (2 5 29)
+Description = basicConstraints (2 5 29 19)
+
+OID = 06 03 55 1D 14
+Comment = X.509 id-ce (2 5 29)
+Description = cRLNumber (2 5 29 20)
+
+OID = 06 03 55 1D 15
+Comment = X.509 id-ce (2 5 29)
+Description = cRLReason (2 5 29 21)
+
+OID = 06 03 55 1D 16
+Comment = X.509 id-ce (2 5 29). Deprecated, alternative OID uncertain
+Description = expirationDate (2 5 29 22)
+Warning
+
+OID = 06 03 55 1D 17
+Comment = X.509 id-ce (2 5 29)
+Description = instructionCode (2 5 29 23)
+
+OID = 06 03 55 1D 18
+Comment = X.509 id-ce (2 5 29)
+Description = invalidityDate (2 5 29 24)
+
+OID = 06 03 55 1D 19
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 31) instead
+Description = cRLDistributionPoints (2 5 29 25)
+Warning
+
+OID = 06 03 55 1D 1A
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 28) instead
+Description = issuingDistributionPoint (2 5 29 26)
+Warning
+
+OID = 06 03 55 1D 1B
+Comment = X.509 id-ce (2 5 29)
+Description = deltaCRLIndicator (2 5 29 27)
+
+OID = 06 03 55 1D 1C
+Comment = X.509 id-ce (2 5 29)
+Description = issuingDistributionPoint (2 5 29 28)
+
+OID = 06 03 55 1D 1D
+Comment = X.509 id-ce (2 5 29)
+Description = certificateIssuer (2 5 29 29)
+
+OID = 06 03 55 1D 1E
+Comment = X.509 id-ce (2 5 29)
+Description = nameConstraints (2 5 29 30)
+
+OID = 06 03 55 1D 1F
+Comment = X.509 id-ce (2 5 29)
+Description = cRLDistributionPoints (2 5 29 31)
+
+OID = 06 03 55 1D 20
+Comment = X.509 id-ce (2 5 29)
+Description = certificatePolicies (2 5 29 32)
+
+OID = 06 03 55 1D 21
+Comment = X.509 id-ce (2 5 29)
+Description = policyMappings (2 5 29 33)
+
+OID = 06 03 55 1D 22
+Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 36) instead
+Description = policyConstraints (2 5 29 34)
+Warning
+
+OID = 06 03 55 1D 23
+Comment = X.509 id-ce (2 5 29)
+Description = authorityKeyIdentifier (2 5 29 35)
+
+OID = 06 03 55 1D 24
+Comment = X.509 id-ce (2 5 29)
+Description = policyConstraints (2 5 29 36)
+
+OID = 06 03 55 1D 25
+Comment = X.509 id-ce (2 5 29)
+Description = extKeyUsage (2 5 29 37)
+
+# DMS-SDN-702
+
+OID = 06 09 60 86 48 01 65 02 01 01 01
+Comment = DMS-SDN-702
+Description = sdnsSignatureAlgorithm (2 16 840 1 101 2 1 1 1)
+
+OID = 06 09 60 86 48 01 65 02 01 01 02
+Comment = DMS-SDN-702. Formerly known as mosaicSignatureAlgorithm, this OID is better known as dsaWithSHA-1.
+Description = fortezzaSignatureAlgorithm (2 16 840 1 101 2 1 1 2)
+
+OID = 06 09 60 86 48 01 65 02 01 01 03
+Comment = DMS-SDN-702
+Description = sdnsConfidentialityAlgorithm (2 16 840 1 101 2 1 1 3)
+
+OID = 06 09 60 86 48 01 65 02 01 01 04
+Comment = DMS-SDN-702. Formerly known as mosaicConfidentialityAlgorithm
+Description = fortezzaConfidentialityAlgorithm (2 16 840 1 101 2 1 1 4)
+
+OID = 06 09 60 86 48 01 65 02 01 01 05
+Comment = DMS-SDN-702
+Description = sdnsIntegrityAlgorithm (2 16 840 1 101 2 1 1 5)
+
+OID = 06 09 60 86 48 01 65 02 01 01 06
+Comment = DMS-SDN-702. Formerly known as mosaicIntegrityAlgorithm
+Description = fortezzaIntegrityAlgorithm (2 16 840 1 101 2 1 1 6)
+
+OID = 06 09 60 86 48 01 65 02 01 01 07
+Comment = DMS-SDN-702
+Description = sdnsTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 7)
+
+OID = 06 09 60 86 48 01 65 02 01 01 08
+Comment = DMS-SDN-702. Formerly know as mosaicTokenProtectionAlgorithm
+Description = fortezzaTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 8)
+
+OID = 06 09 60 86 48 01 65 02 01 01 09
+Comment = DMS-SDN-702
+Description = sdnsKeyManagementAlgorithm (2 16 840 1 101 2 1 1 9)
+
+OID = 06 09 60 86 48 01 65 02 01 01 0A
+Comment = DMS-SDN-702. Formerly known as mosaicKeyManagementAlgorithm
+Description = fortezzaKeyManagementAlgorithm (2 16 840 1 101 2 1 1 10)
+
+OID = 06 09 60 86 48 01 65 02 01 01 0B
+Comment = DMS-SDN-702
+Description = sdnsKMandSigAlgorithm (2 16 840 1 101 2 1 1 11)
+
+OID = 06 09 60 86 48 01 65 02 01 01 0C
+Comment = DMS-SDN-702. Formerly known as mosaicKMandSigAlgorithm
+Description = fortezzaKMandSigAlgorithm (2 16 840 1 101 2 1 1 12)
+
+OID = 06 09 60 86 48 01 65 02 01 01 0D
+Comment = DMS-SDN-702
+Description = SuiteASignatureAlgorithm (2 16 840 1 101 2 1 1 13)
+
+OID = 06 09 60 86 48 01 65 02 01 01 0E
+Comment = DMS-SDN-702
+Description = SuiteAConfidentialityAlgorithm (2 16 840 1 101 2 1 1 14)
+
+OID = 06 09 60 86 48 01 65 02 01 01 0F
+Comment = DMS-SDN-702
+Description = SuiteAIntegrityAlgorithm (2 16 840 1 101 2 1 1 15)
+
+OID = 06 09 60 86 48 01 65 02 01 01 10
+Comment = DMS-SDN-702
+Description = SuiteATokenProtectionAlgorithm (2 16 840 1 101 2 1 1 16)
+
+OID = 06 09 60 86 48 01 65 02 01 01 11
+Comment = DMS-SDN-702
+Description = SuiteAKeyManagementAlgorithm (2 16 840 1 101 2 1 1 17)
+
+OID = 06 09 60 86 48 01 65 02 01 01 12
+Comment = DMS-SDN-702
+Description = SuiteAKMandSigAlgorithm (2 16 840 1 101 2 1 1 18)
+
+OID = 06 09 60 86 48 01 65 02 01 01 13
+Comment = DMS-SDN-702. Formerly known as mosaicUpdatedSigAlgorithm
+Description = fortezzaUpdatedSigAlgorithm (2 16 840 1 101 2 1 1 19)
+
+OID = 06 09 60 86 48 01 65 02 01 01 14
+Comment = DMS-SDN-702. Formerly known as mosaicKMandUpdSigAlgorithms
+Description = fortezzaKMandUpdSigAlgorithms (2 16 840 1 101 2 1 1 20)
+
+OID = 06 09 60 86 48 01 65 02 01 01 15
+Comment = DMS-SDN-702. Formerly known as mosaicUpdatedIntegAlgorithm
+Description = fortezzaUpdatedIntegAlgorithm (2 16 840 1 101 2 1 1 21)
+
+OID = 06 09 60 86 48 01 65 02 01 01 16
+Comment = DMS-SDN-702. Formerly known as mosaicKeyEncryptionAlgorithm
+Description = keyExchangeAlgorithm (2 16 840 1 101 2 1 1 22)
+
+# CSOR (GAK-FIPS)
+
+OID = 06 07 60 86 48 01 65 03 01
+Comment = CSOR GAK
+Description = slabel (2 16 840 1 101 3 1)
+Warning
+
+OID = 06 07 60 86 48 01 65 03 02
+Comment = CSOR GAK
+Description = pki (2 16 840 1 101 3 2)
+Warning
+
+OID = 06 08 60 86 48 01 65 03 02 01
+Comment = CSOR GAK policy
+Description = GAK policyIdentifier (2 16 840 1 101 3 2 1)
+Warning
+
+OID = 06 08 60 86 48 01 65 03 02 02
+Comment = CSOR GAK extended key usage
+Description = GAK (2 16 840 1 101 3 2 2)
+Warning
+
+OID = 06 09 60 86 48 01 65 03 02 02 01
+Comment = CSOR GAK extended key usage
+Description = kRAKey (2 16 840 1 101 3 2 2 1)
+Warning
+
+OID = 06 08 60 86 48 01 65 03 02 03
+Comment = CSOR GAK extensions
+Description = extensions (2 16 840 1 101 3 2 3)
+Warning
+
+OID = 06 09 60 86 48 01 65 03 02 03 01
+Comment = CSOR GAK extensions
+Description = kRTechnique (2 16 840 1 101 3 2 3 1)
+Warning
+
+OID = 06 09 60 86 48 01 65 03 02 03 02
+Comment = CSOR GAK extensions
+Description = kRecoveryCapable (2 16 840 1 101 3 2 3 2)
+Warning
+
+OID = 06 09 60 86 48 01 65 03 02 03 03
+Comment = CSOR GAK extensions
+Description = kR (2 16 840 1 101 3 2 3 3)
+Warning
+
+OID = 06 08 60 86 48 01 65 03 02 04
+Comment = CSOR GAK
+Description = keyrecoveryschemes (2 16 840 1 101 3 2 4)
+Warning
+
+OID = 06 08 60 86 48 01 65 03 02 05
+Comment = CSOR GAK
+Description = krapola (2 16 840 1 101 3 2 5)
+Warning
+
+OID = 06 07 60 86 48 01 65 03 03
+Comment = CSOR GAK
+Description = arpa (2 16 840 1 101 3 3)
+Warning
+
+# Novell
+
+OID = 06 09 60 86 48 01 86 F8 37 01 09
+Comment = Novell
+Description = pki (2 16 840 1 113719 1 9)
+
+OID = 06 0A 60 86 48 01 86 F8 37 01 09 04
+Comment = Novell PKI
+Description = pkiAttributeType (2 16 840 1 113719 1 9 4)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 09 04 01
+Comment = Novell PKI attribute type
+Description = registeredAttributes (2 16 840 1 113719 1 9 4 1)
+
+OID = 06 0B 60 86 48 01 86 F8 37 01 09 04 02
+Comment = Novell PKI attribute type
+Description = relianceLimit (2 16 840 1 113719 1 9 4 2)
+
+# Netscape
+
+OID = 06 08 60 86 48 01 86 F8 42 01
+Comment = Netscape
+Description = cert-extension (2 16 840 1 113730 1)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 01
+Comment = Netscape certificate extension
+Description = netscape-cert-type (2 16 840 1 113730 1 1)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 02
+Comment = Netscape certificate extension
+Description = netscape-base-url (2 16 840 1 113730 1 2)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 03
+Comment = Netscape certificate extension
+Description = netscape-revocation-url (2 16 840 1 113730 1 3)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 04
+Comment = Netscape certificate extension
+Description = netscape-ca-revocation-url (2 16 840 1 113730 1 4)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 05
+Comment = Netscape certificate extension
+Description = netscape-cert-sequence (2 16 840 1 113730 2 5)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 06
+Comment = Netscape certificate extension
+Description = netscape-cert-url (2 16 840 1 113730 2 6)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 07
+Comment = Netscape certificate extension
+Description = netscape-cert-renewal-url (2 16 840 1 113730 1 7)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 08
+Comment = Netscape certificate extension
+Description = netscape-ca-policy-url (2 16 840 1 113730 1 8)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 09
+Comment = Netscape certificate extension
+Description = HomePage-url (2 16 840 1 113730 1 9)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 0A
+Comment = Netscape certificate extension
+Description = EntityLogo (2 16 840 1 113730 1 10)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 0B
+Comment = Netscape certificate extension
+Description = UserPicture (2 16 840 1 113730 1 11)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 0C
+Comment = Netscape certificate extension
+Description = netscape-ssl-server-name (2 16 840 1 113730 1 12)
+
+OID = 06 09 60 86 48 01 86 F8 42 01 0D
+Comment = Netscape certificate extension
+Description = netscape-comment (2 16 840 1 113730 1 13)
+
+OID = 06 08 60 86 48 01 86 F8 42 02
+Comment = Netscape
+Description = data-type (2 16 840 1 113730 2)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 01
+Comment = Netscape data type
+Description = GIF (2 16 840 1 113730 2 1)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 02
+Comment = Netscape data type
+Description = JPEG (2 16 840 1 113730 2 2)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 03
+Comment = Netscape data type
+Description = URL (2 16 840 1 113730 2 3)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 04
+Comment = Netscape data type
+Description = HTML (2 16 840 1 113730 2 4)
+
+OID = 06 09 60 86 48 01 86 F8 42 02 05
+Comment = Netscape data type
+Description = CertSeq (2 16 840 1 113730 2 5)
+
+OID = 06 08 60 86 48 01 86 F8 42 03
+Comment = Netscape
+Description = directory (2 16 840 1 113730 3)
+
+OID = 06 09 60 86 48 01 86 F8 42 03 01
+Comment = Netscape directory
+Description = ldapDefinitions (2 16 840 1 113730 3 1)
+
+OID = 06 0A 60 86 48 01 86 F8 42 03 01 01
+Comment = Netscape LDAP definitions
+Description = carLicense (2 16 840 1 113730 3 1 1)
+
+OID = 06 0A 60 86 48 01 86 F8 42 03 01 02
+Comment = Netscape LDAP definitions
+Description = departmentNumber (2 16 840 1 113730 3 1 2)
+
+OID = 06 0A 60 86 48 01 86 F8 42 03 01 03
+Comment = Netscape LDAP definitions
+Description = employeeNumber (2 16 840 1 113730 3 1 3)
+
+OID = 06 0A 60 86 48 01 86 F8 42 03 01 04
+Comment = Netscape LDAP definitions
+Description = employeeType (2 16 840 1 113730 3 1 4)
+
+OID = 06 0A 60 86 48 01 86 F8 42 03 02 02
+Comment = Netscape LDAP definitions
+Description = inetOrgPerson (2 16 840 1 113730 3 2 2)
+
+OID = 06 09 60 86 48 01 86 F8 42 04 01
+Comment = Netscape
+Description = serverGatedCrypto (2 16 840 1 113730 4 1)
+
+# Verisign
+
+OID = 06 0A 60 86 48 01 86 F8 45 01 06 03
+Comment = Verisign
+Description = Unknown Verisign extension (2 16 840 1 113733 1 6 3)
+
+OID = 06 0A 60 86 48 01 86 F8 45 01 06 06
+Comment = Verisign
+Description = Unknown Verisign extension (2 16 840 1 113733 1 6 6)
+
+OID = 06 0B 60 86 48 01 86 F8 45 01 07 01 01
+Comment = Verisign
+Description = Verisign certificatePolicy (2 16 840 1 113733 1 7 1 1)
+
+OID = 06 0C 60 86 48 01 86 F8 45 01 07 01 01 01
+Comment = Verisign
+Description = Unknown Verisign policy qualifier (2 16 840 1 113733 1 7 1 1 1)
+
+OID = 06 0C 60 86 48 01 86 F8 45 01 07 01 01 02
+Comment = Verisign
+Description = Unknown Verisign policy qualifier (2 16 840 1 113733 1 7 1 1 2)
+
+OID = 06 0A 60 86 48 01 86 F8 45 01 08 01
+Comment = Verisign
+Description = Verisign SGC CA? (2 16 840 1 113733 1 8 1)
+
+# SET
+
+OID = 06 03 67 2A 00
+Comment = SET
+Description = contentType (2 23 42 0)
+
+OID = 06 04 67 2A 00 00
+Comment = SET contentType
+Description = PANData (2 23 42 0 0)
+
+OID = 06 04 67 2A 00 01
+Comment = SET contentType
+Description = PANToken (2 23 42 0 1)
+
+OID = 06 04 67 2A 00 02
+Comment = SET contentType
+Description = PANOnly (2 23 42 0 2)
+
+# And on and on and on for another 80-odd OIDs which I'm not going to type in
+
+OID = 06 03 67 2A 01
+Comment = SET
+Description = msgExt (2 23 42 1)
+
+OID = 06 03 67 2A 02
+Comment = SET
+Description = field (2 23 42 2)
+
+OID = 06 04 67 2A 02 00
+Comment = SET field
+Description = fullName (2 23 42 2 0)
+
+OID = 06 04 67 2A 02 01
+Comment = SET field
+Description = givenName (2 23 42 2 1)
+
+OID = 06 04 67 2A 02 02
+Comment = SET field
+Description = familyName (2 23 42 2 2)
+
+OID = 06 04 67 2A 02 03
+Comment = SET field
+Description = birthFamilyName (2 23 42 2 3)
+
+OID = 06 04 67 2A 02 04
+Comment = SET field
+Description = placeName (2 23 42 2 4)
+
+OID = 06 04 67 2A 02 05
+Comment = SET field
+Description = identificationNumber (2 23 42 2 5)
+
+OID = 06 04 67 2A 02 06
+Comment = SET field
+Description = month (2 23 42 2 6)
+
+OID = 06 04 67 2A 02 07
+Comment = SET field
+Description = date (2 23 42 2 7)
+
+OID = 06 04 67 2A 02 08
+Comment = SET field
+Description = address (2 23 42 2 8)
+
+OID = 06 04 67 2A 02 09
+Comment = SET field
+Description = telephone (2 23 42 2 9)
+
+OID = 06 04 67 2A 02 0A
+Comment = SET field
+Description = amount (2 23 42 2 10)
+
+OID = 06 04 67 2A 02 0B
+Comment = SET field
+Description = accountNumber (2 23 42 2 7 11)
+
+OID = 06 04 67 2A 02 0C
+Comment = SET field
+Description = passPhrase (2 23 42 2 7 12)
+
+OID = 06 03 67 2A 03
+Comment = SET
+Description = attribute (2 23 42 3)
+
+OID = 06 04 67 2A 03 00
+Comment = SET attribute
+Description = cert (2 23 42 3 0)
+
+OID = 06 05 67 2A 03 00 00
+Comment = SET cert attribute
+Description = rootKeyThumb (2 23 42 3 0 0)
+
+OID = 06 05 67 2A 03 00 01
+Comment = SET cert attribute
+Description = additionalPolicy (2 23 42 3 0 1)
+
+OID = 06 03 67 2A 04
+Comment = SET
+Description = algorithm (2 23 42 4)
+
+OID = 06 03 67 2A 05
+Comment = SET
+Description = policy (2 23 42 5)
+
+OID = 06 04 67 2A 05 00
+Comment = SET policy
+Description = root (2 23 42 5 0)
+
+OID = 06 03 67 2A 06
+Comment = SET
+Description = module (2 23 42 6)
+
+OID = 06 03 67 2A 07
+Comment = SET
+Description = certExt (2 23 42 7)
+
+OID = 06 04 67 2A 07 00
+Comment = SET cert extension
+Description = hashedRootKey (2 23 42 7 0)
+
+OID = 06 04 67 2A 07 01
+Comment = SET cert extension
+Description = certificateType (2 23 42 7 1)
+
+OID = 06 04 67 2A 07 02
+Comment = SET cert extension
+Description = merchantData (2 23 42 7 2)
+
+OID = 06 04 67 2A 07 03
+Comment = SET cert extension
+Description = cardCertRequired (2 23 42 7 3)
+
+OID = 06 04 67 2A 07 04
+Comment = SET cert extension
+Description = tunneling (2 23 42 7 4)
+
+OID = 06 04 67 2A 07 05
+Comment = SET cert extension
+Description = setExtensions (2 23 42 7 5)
+
+OID = 06 04 67 2A 07 06
+Comment = SET cert extension
+Description = setQualifier (2 23 42 7 6)
+
+OID = 06 03 67 2A 08
+Comment = SET
+Description = brand (2 23 42 8)
+
+OID = 06 04 67 2A 08 01
+Comment = SET brand
+Description = IATA-ATA (2 23 42 8 1)
+
+OID = 06 04 67 2A 08 04
+Comment = SET brand
+Description = VISA (2 23 42 8 4)
+
+OID = 06 04 67 2A 08 05
+Comment = SET brand
+Description = MasterCard (2 23 42 8 5)
+
+OID = 06 04 67 2A 08 1E
+Comment = SET brand
+Description = Diners (2 23 42 8 30)
+
+OID = 06 04 67 2A 08 22
+Comment = SET brand
+Description = AmericanExpress (2 23 42 8 34)
+
+OID = 06 05 67 2A 08 AE 7B
+Comment = SET brand
+Description = Novus (2 23 42 8 6011)
+
+OID = 06 03 67 2A 09
+Comment = SET
+Description = vendor (2 23 42 9)
+
+OID = 06 04 67 2A 09 00
+Comment = SET vendor
+Description = GlobeSet (2 23 42 9 0)
+
+OID = 06 04 67 2A 09 01
+Comment = SET vendor
+Description = IBM (2 23 42 9 1)
+
+OID = 06 04 67 2A 09 02
+Comment = SET vendor
+Description = CyberCash (2 23 42 9 2)
+
+OID = 06 04 67 2A 09 03
+Comment = SET vendor
+Description = Terisa (2 23 42 9 3)
+
+OID = 06 04 67 2A 09 04
+Comment = SET vendor
+Description = RSADSI (2 23 42 9 4)
+
+OID = 06 04 67 2A 09 05
+Comment = SET vendor
+Description = VeriFone (2 23 42 9 5)
+
+OID = 06 04 67 2A 09 06
+Comment = SET vendor
+Description = TrinTech (2 23 42 9 6)
+
+OID = 06 04 67 2A 09 07
+Comment = SET vendor
+Description = BankGate (2 23 42 9 7)
+
+OID = 06 04 67 2A 09 08
+Comment = SET vendor
+Description = GTE (2 23 42 9 8)
+
+OID = 06 04 67 2A 09 09
+Comment = SET vendor
+Description = CompuSource (2 23 42 9 9)
+
+OID = 06 04 67 2A 09 0A
+Comment = SET vendor
+Description = Griffin (2 23 42 9 10)
+
+OID = 06 04 67 2A 09 0B
+Comment = SET vendor
+Description = Certicom (2 23 42 9 11)
+
+OID = 06 04 67 2A 09 0C
+Comment = SET vendor
+Description = OSS (2 23 42 9 12)
+
+OID = 06 04 67 2A 09 0D
+Comment = SET vendor
+Description = TenthMountain (2 23 42 9 13)
+
+OID = 06 04 67 2A 09 0E
+Comment = SET vendor
+Description = Antares (2 23 42 9 14)
+
+OID = 06 04 67 2A 09 0F
+Comment = SET vendor
+Description = ECC (2 23 42 9 15)
+
+OID = 06 04 67 2A 09 10
+Comment = SET vendor
+Description = Maithean (2 23 42 9 16)
+
+OID = 06 04 67 2A 09 11
+Comment = SET vendor
+Description = Netscape (2 23 42 9 17)
+
+OID = 06 04 67 2A 09 12
+Comment = SET vendor
+Description = Verisign (2 23 42 9 18)
+
+OID = 06 04 67 2A 09 13
+Comment = SET vendor
+Description = BlueMoney (2 23 42 9 19)
+
+OID = 06 04 67 2A 09 14
+Comment = SET vendor
+Description = Lacerte (2 23 42 9 20)
+
+OID = 06 04 67 2A 09 15
+Comment = SET vendor
+Description = Fujitsu (2 23 42 9 21)
+
+OID = 06 04 67 2A 09 16
+Comment = SET vendor
+Description = eLab (2 23 42 9 22)
+
+OID = 06 04 67 2A 09 17
+Comment = SET vendor
+Description = Entrust (2 23 42 9 23)
+
+OID = 06 04 67 2A 09 18
+Comment = SET vendor
+Description = VIAnet (2 23 42 9 24)
+
+OID = 06 04 67 2A 09 19
+Comment = SET vendor
+Description = III (2 23 42 9 25)
+
+OID = 06 04 67 2A 09 1A
+Comment = SET vendor
+Description = OpenMarket (2 23 42 9 26)
+
+OID = 06 04 67 2A 09 1B
+Comment = SET vendor
+Description = Lexem (2 23 42 9 27)
+
+OID = 06 04 67 2A 09 1C
+Comment = SET vendor
+Description = Intertrader (2 23 42 9 28)
+
+OID = 06 04 67 2A 09 1D
+Comment = SET vendor
+Description = Persimmon (2 23 42 9 29)
+
+OID = 06 04 67 2A 09 1E
+Comment = SET vendor
+Description = NABLE (2 23 42 9 30)
+
+OID = 06 04 67 2A 09 1F
+Comment = SET vendor
+Description = espace-net (2 23 42 9 31)
+
+OID = 06 04 67 2A 09 20
+Comment = SET vendor
+Description = Hitachi (2 23 42 9 32)
+
+OID = 06 04 67 2A 09 21
+Comment = SET vendor
+Description = Microsoft (2 23 42 9 33)
+
+OID = 06 04 67 2A 09 22
+Comment = SET vendor
+Description = NEC (2 23 42 9 34)
+
+OID = 06 04 67 2A 09 23
+Comment = SET vendor
+Description = Mitsubishi (2 23 42 9 35)
+
+OID = 06 04 67 2A 09 24
+Comment = SET vendor
+Description = NCR (2 23 42 9 36)
+
+OID = 06 04 67 2A 09 25
+Comment = SET vendor
+Description = e-COMM (2 23 42 9 37)
+
+OID = 06 04 67 2A 09 26
+Comment = SET vendor
+Description = Gemplus (2 23 42 9 38)
+
+OID = 06 03 67 2A 0A
+Comment = SET
+Description = national (2 23 42 10)
+
+OID = 06 05 67 2A 0A 81 40
+Comment = SET national
+Description = Japan (2 23 42 10 192)
+
+# Draft SET. These were invented for testing in pre-1.0 drafts, but have
+# been used nonetheless by implementors
+
+OID = 06 04 86 8D 6F 02
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = hashedRootKey (2 54 1775 2)
+Warning
+
+OID = 06 04 86 8D 6F 03
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = certificateType (2 54 1775 3)
+Warning
+
+OID = 06 04 86 8D 6F 04
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = merchantData (2 54 1775 4)
+Warning
+
+OID = 06 04 86 8D 6F 05
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = cardCertRequired (2 54 1775 5)
+Warning
+
+OID = 06 04 86 8D 6F 06
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = tunneling (2 54 1775 6)
+Warning
+
+OID = 06 04 86 8D 6F 07
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = setQualifier (2 54 1775 7)
+Warning
+
+OID = 06 04 86 8D 6F 63
+Comment = SET. Deprecated, use (2 23 42 7 0) instead
+Description = set-data (2 54 1775 99)
+Warning
+
+# Apple
+
+OID = 06 06 2A 86 48 86 F7 63
+Comment = Apple Computer, Inc.
+Description = apple (1 2 840 113635)
+
+OID = 6 07 2A 86 48 86 F7 63 64
+Comment = Apple Data Security
+Description = appleDataSecurity (1 2 840 113635 100)
+
+OID = 06 08 2A 86 48 86 F7 63 64 01
+Comment = Apple Trust Policy
+Description = appleTrustPolicy (1 2 840 113635 100 1)
+
+OID = 06 08 2A 86 48 86 F7 63 64 02
+Comment = Apple Security Algorithms
+Description = appleSecurityAlgorithm (1 2 840 113635 100 2)
+
+OID = 06 09 2A 86 48 86 F7 63 64 01 01
+Comment = Apple iSign
+Description = iSignTP (1 2 840 113635 100 1 1)
+
+OID = 06 09 2A 86 48 86 F7 63 64 01 02
+Comment = Apple X509 Basic
+Description = AppleX509Basic (1 2 840 113635 100 1 2)
+
+OID = 06 09 2A 86 48 86 F7 63 64 02 01
+Comment = Apple FEE
+Description = fee (1 2 840 113635 100 2 1)
+
+OID = 06 09 2A 86 48 86 F7 63 64 02 02
+Comment = Apple ASC
+Description = asc (1 2 840 113635 100 2 2)
+
+OID = 06 09 2A 86 48 86 F7 63 64 02 03
+Comment = Apple FEE/MD5 signature
+Description = feeMD5 (1 2 840 113635 100 2 3)
+
+OID = 06 09 2A 86 48 86 F7 63 64 02 04
+Comment = Apple FEE/SHA1 signature
+Description = feeSHA1 (1 2 840 113635 100 2 4)
+
+OID = 06 09 2A 86 48 86 F7 63 64 02 05
+Comment = Apple FEED encryption
+Description = appleFeed (1 2 840 113635 100 2 5)
+
+OID = 06 09 2A 86 48 86 F7 63 64 02 06
+Comment = Apple FEEDExp signature
+Description = appleFeedExp (1 2 840 113635 100 2 6)
+
+OID = 06 09 2A 86 48 86 F7 63 64 02 07
+Comment = Apple FEE/ECDSA signature
+Description = feeECDSA (1 2 840 113635 100 2 7)
+
+
+# Extended key usage
+OID = 06 04 55 1D 25 03
+Comment = Code Signing
+Description = id-kp-codeSigning (OID 2 5 29 37 3)
+
+# Intel's CDSA-specific SHA1withECDSA
+OID = 06 0B 60 86 48 01 86 F8 4D 02 02 05 51
+Comment = CDSA SHA1 with ECDSA
+Description = sha1WithECDSA (OID 2 16 840 1 113741 2 2 5 81)
+
+# End of Fahnenstange
--- /dev/null
+/*
+ File: fileIo.c
+
+ Description: simple file read/write utilities
+
+ Author: dmitch
+
+ Copyright: © Copyright 2001 Apple Computer, Inc. All rights reserved.
+
+ Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
+ Computer, Inc. ("Apple") in consideration of your agreement to
+ the following terms, and your use, installation, modification
+ or redistribution of this Apple software constitutes acceptance
+ of these terms. If you do not agree with these terms, please
+ do not use, install, modify or redistribute this Apple software.
+
+ In consideration of your agreement to abide by the following
+ terms, and subject to these terms, Apple grants you a personal,
+ non-exclusive license, under Apple's copyrights in this
+ original Apple software (the "Apple Software"), to use,
+ reproduce, modify and redistribute the Apple Software, with
+ or without modifications, in source and/or binary forms;
+ provided that if you redistribute the Apple Software in
+ its entirety and without modifications, you must retain
+ this notice and the following text and disclaimers in all
+ such redistributions of the Apple Software. Neither the
+ name, trademarks, service marks or logos of Apple Computer,
+ Inc. may be used to endorse or promote products derived from the
+ Apple Software without specific prior written permission from
+ Apple. Except as expressly stated in this notice, no other
+ rights or licenses, express or implied, are granted by Apple
+ herein, including but not limited to any patent rights that
+ may be infringed by your derivative works or by other works
+ in which the Apple Software may be incorporated.
+
+ The Apple Software is provided by Apple on an "AS IS" basis.
+ APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
+ REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE
+ OR IN COMBINATION WITH YOUR PRODUCTS.
+
+ IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
+ INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION
+ AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
+ AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING
+ NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE
+ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "fileIo.h"
+
+int writeFile(
+ const char *fileName,
+ const unsigned char *bytes,
+ unsigned numBytes)
+{
+ int rtn;
+ int fd;
+
+ fd = open(fileName, O_RDWR | O_CREAT | O_TRUNC, 0600);
+ if(fd <= 0) {
+ return errno;
+ }
+ rtn = lseek(fd, 0, SEEK_SET);
+ if(rtn < 0) {
+ return errno;
+ }
+ rtn = write(fd, bytes, (size_t)numBytes);
+ if(rtn != (int)numBytes) {
+ if(rtn >= 0) {
+ printf("writeFile: short write\n");
+ }
+ rtn = EIO;
+ }
+ else {
+ rtn = 0;
+ }
+ close(fd);
+ return rtn;
+}
+
+/*
+ * Read entire file.
+ */
+int readFile(
+ const char *fileName,
+ unsigned char **bytes, // mallocd and returned
+ unsigned *numBytes) // returned
+{
+ int rtn;
+ int fd;
+ char *buf;
+ struct stat sb;
+ unsigned size;
+
+ *numBytes = 0;
+ *bytes = NULL;
+ fd = open(fileName, O_RDONLY, 0);
+ if(fd <= 0) {
+ return errno;
+ }
+ rtn = fstat(fd, &sb);
+ if(rtn) {
+ goto errOut;
+ }
+ size = sb.st_size;
+ buf = malloc(size);
+ if(buf == NULL) {
+ rtn = ENOMEM;
+ goto errOut;
+ }
+ rtn = lseek(fd, 0, SEEK_SET);
+ if(rtn < 0) {
+ goto errOut;
+ }
+ rtn = read(fd, buf, (size_t)size);
+ if(rtn != (int)size) {
+ if(rtn >= 0) {
+ printf("readFile: short read\n");
+ }
+ rtn = EIO;
+ }
+ else {
+ rtn = 0;
+ *bytes = buf;
+ *numBytes = size;
+ }
+errOut:
+ close(fd);
+ return rtn;
+}
--- /dev/null
+/*
+ File: fileIo.h
+
+ Description: simple file read/write utilities
+
+ Author: dmitch
+
+ Copyright: © Copyright 2001 Apple Computer, Inc. All rights reserved.
+
+ Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
+ Computer, Inc. ("Apple") in consideration of your agreement to
+ the following terms, and your use, installation, modification
+ or redistribution of this Apple software constitutes acceptance
+ of these terms. If you do not agree with these terms, please
+ do not use, install, modify or redistribute this Apple software.
+
+ In consideration of your agreement to abide by the following
+ terms, and subject to these terms, Apple grants you a personal,
+ non-exclusive license, under Apple's copyrights in this
+ original Apple software (the "Apple Software"), to use,
+ reproduce, modify and redistribute the Apple Software, with
+ or without modifications, in source and/or binary forms;
+ provided that if you redistribute the Apple Software in
+ its entirety and without modifications, you must retain
+ this notice and the following text and disclaimers in all
+ such redistributions of the Apple Software. Neither the
+ name, trademarks, service marks or logos of Apple Computer,
+ Inc. may be used to endorse or promote products derived from the
+ Apple Software without specific prior written permission from
+ Apple. Except as expressly stated in this notice, no other
+ rights or licenses, express or implied, are granted by Apple
+ herein, including but not limited to any patent rights that
+ may be infringed by your derivative works or by other works
+ in which the Apple Software may be incorporated.
+
+ The Apple Software is provided by Apple on an "AS IS" basis.
+ APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
+ REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE
+ OR IN COMBINATION WITH YOUR PRODUCTS.
+
+ IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
+ INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION
+ AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
+ AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING
+ NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE
+ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int readFile(
+ const char *fileName,
+ unsigned char **bytes, // mallocd and returned
+ unsigned *numBytes); // returned
+
+int writeFile(
+ const char *fileName,
+ const unsigned char *bytes,
+ unsigned numBytes);
+
+#ifdef __cplusplus
+}
+#endif
--- /dev/null
+/*
+ * oidParser.cpp - parse an Intel-style OID, with the assistance of dumpasn1.cfg
+ */
+
+#include <Security/cssmtype.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include "oidParser.h"
+#include "fileIo.h"
+#include <fcntl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+/* get config file from .. or from . */
+#define CONFIG_FILE_NAME "dumpasn1.cfg"
+static char *CONFIG_FILE1 = "../"CONFIG_FILE_NAME;
+static char *CONFIG_FILE2 = CONFIG_FILE_NAME;
+/* or from here via getenv */
+#define CONFIG_FILE_ENV "LOCAL_BUILD_DIR"
+
+static char *OID_ENTRY_START = "OID = ";
+static char *OID_DESCR_START = "Description = ";
+/*
+ * Read entire file with extra bytes left over in the mallocd buffer.
+ */
+int readFileExtra(
+ char *fileName,
+ unsigned extraBytes,
+ unsigned char **bytes, // mallocd and returned
+ unsigned *numBytes) // returned
+{
+ int rtn;
+ int fd;
+ unsigned char *buf;
+ struct stat sb;
+ unsigned size;
+
+ *numBytes = 0;
+ *bytes = NULL;
+ fd = open(fileName, O_RDONLY, 0);
+ if(fd <= 0) {
+ return 1;
+ }
+ rtn = fstat(fd, &sb);
+ if(rtn) {
+ goto errOut;
+ }
+ size = sb.st_size;
+ buf = (unsigned char *)malloc(size + extraBytes);
+ if(buf == NULL) {
+ rtn = ENOMEM;
+ goto errOut;
+ }
+ rtn = lseek(fd, 0, SEEK_SET);
+ if(rtn < 0) {
+ goto errOut;
+ }
+ rtn = read(fd, buf, (size_t)size);
+ if(rtn != (int)size) {
+ if(rtn >= 0) {
+ printf("readFile: short read\n");
+ }
+ rtn = EIO;
+ }
+ else {
+ rtn = 0;
+ *bytes = buf;
+ *numBytes = size;
+ }
+errOut:
+ close(fd);
+ return rtn;
+}
+
+/*
+ * Attempt to read dumpasn1.cfg from various places. If we can't find it,
+ * printOid() function will just print raw bytes as it
+ * would if the .cfg file did not contain the desired OID.
+ */
+static CSSM_DATA_PTR readConfig()
+{
+ CSSM_DATA_PTR configData = NULL;
+ int rtn;
+
+ configData = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA));
+ if(configData == NULL) {
+ return NULL;
+ }
+ /* malloc one extra byte, we'll null it later */
+ rtn = readFileExtra(CONFIG_FILE1, 1, &configData->Data,
+ (unsigned *)&configData->Length);
+ if(rtn) {
+ rtn = readFileExtra(CONFIG_FILE2, 1, &configData->Data,
+ (unsigned *)&configData->Length);
+ }
+ if(rtn) {
+ char fileName[100];
+ char *localBuildDir = getenv(CONFIG_FILE_ENV);
+ if(localBuildDir == NULL) {
+ rtn = 1;
+ }
+ else {
+ sprintf(fileName, "%s/%s", localBuildDir, CONFIG_FILE_NAME);
+ rtn = readFileExtra(fileName, 1, &configData->Data,
+ (unsigned *)&configData->Length);
+ }
+ }
+ if(rtn == 0) {
+ /* make the whole shebang one long C string */
+ configData->Data[configData->Length++] = '\0';
+ return configData;
+ }
+ else {
+ printf("""warning: no OID parser config file\n");
+ free(configData);
+ return NULL;
+ }
+}
+
+/*
+ * The heart of this module.
+ *
+ * -- Convert Intel-style OID to a string which might be found
+ * in the config file
+ * -- search config file for that string
+ * -- if found, use that entry in config file to output meaningful
+ * string and return CSSM_TRUE. Else return CSSM_FALSE.
+ */
+static CSSM_BOOL parseOidWithConfig(
+ const CSSM_DATA_PTR configData,
+ const CSSM_OID_PTR oid,
+ char *strBuf)
+{
+ char *fullOidStr = NULL;
+ char *ourEntry = NULL;
+ char *nextEntry = NULL;
+ char *descStart = NULL;
+ char *cp;
+ unsigned i;
+ CSSM_BOOL brtn;
+ char *nextCr; // next CR if any
+ char *nextNl; // next NL if any
+ char *eol; // end of line
+ int len;
+
+ if(configData == NULL) {
+ return CSSM_FALSE;
+ }
+
+ /* cook up a full OID string, with tag and length */
+ fullOidStr = (char *)malloc((3 * oid->Length) +
+ // 2 chars plus space per byte
+ strlen(OID_ENTRY_START) + // "OID = "
+ 6 + // 06 xx - tag and length
+ 1); // NULL
+ if(fullOidStr == NULL) {
+ return CSSM_FALSE;
+ }
+ /* subsequent errors to errOut: */
+
+ sprintf(fullOidStr, "OID = 06 %02X", (unsigned)oid->Length);
+ cp = fullOidStr + strlen(fullOidStr);
+ for(i=0; i<oid->Length; i++) {
+ /* move cp to current end of string */
+ cp += strlen(cp);
+ /* add one byte */
+ sprintf(cp, " %02X", oid->Data[i]);
+ }
+
+ /*
+ * Let's play it loose and assume that there are no embedded NULLs
+ * in the config file. Thus we can use the spiffy string functions
+ * in stdlib.
+ */
+ ourEntry = strstr((char *)configData->Data, fullOidStr);
+ if(ourEntry == NULL) {
+ brtn = CSSM_FALSE;
+ goto errOut;
+ }
+
+ /* get position of NEXT full entry - may be NULL (end of file) */
+ nextEntry = strstr(ourEntry+1, OID_ENTRY_START);
+
+ /* get position of our entry's description line */
+ descStart = strstr(ourEntry+1, OID_DESCR_START);
+
+ /* handle not found/overflow */
+ if( (descStart == NULL) || // no more description lines
+ ( (descStart > nextEntry) && // no description in THIS entry
+ (nextEntry != NULL) ) ) { // make sure this is valid
+ brtn = CSSM_FALSE;
+ goto errOut;
+ }
+
+ /* set descStart to after the leader */
+ descStart += strlen(OID_DESCR_START);
+
+ /*
+ * descStart points to the text we're interested in.
+ * First find end of line, any style.
+ */
+ nextNl = strchr(descStart, '\n');
+ nextCr = strchr(descStart, '\r');
+ if((nextNl == NULL) && (nextCr == NULL)) {
+ /* no line terminator, go to eof */
+ eol = (char *)configData->Data + configData->Length;
+ }
+ else if(nextCr == NULL) {
+ eol = nextNl;
+ }
+ else if(nextNl == NULL) {
+ eol = nextCr;
+ }
+ else if(nextNl < nextCr) {
+ /* both present, take first one */
+ eol = nextNl;
+ }
+ else {
+ eol = nextCr;
+ }
+
+ /* caller's string buf = remainder of description line */
+ len = eol - descStart;
+ if(len > (OID_PARSER_STRING_SIZE - 1)) {
+ /* fixed-length output buf, avoid overflow */
+ len = OID_PARSER_STRING_SIZE - 1;
+ }
+ memcpy(strBuf, descStart, len);
+ strBuf[len] = '\0';
+ brtn = CSSM_TRUE;
+errOut:
+ if(fullOidStr != NULL) {
+ free(fullOidStr);
+ }
+ return brtn;
+}
+
+/*** OidParser class ***/
+OidParser::OidParser(bool noConfig)
+{
+ if(noConfig) {
+ configData = NULL;
+ }
+ else {
+ configData = readConfig();
+ }
+}
+
+OidParser::~OidParser()
+{
+ if(configData == NULL) {
+ return;
+ }
+ if(configData->Data != NULL) {
+ free(configData->Data);
+ }
+ free(configData);
+}
+
+/*
+ * Parse an Intel-style OID, generating a C string in caller-supplied buffer.
+ */
+void OidParser::oidParse(
+ const unsigned char *oidp,
+ unsigned oidLen,
+ char *strBuf)
+{
+ unsigned i;
+ CSSM_OID oid;
+
+ oid.Data = (uint8 *)oidp;
+ oid.Length = oidLen;
+
+ if((oidLen == 0) || (oidp == NULL)) {
+ strcpy(strBuf, "EMPTY");
+ return;
+ }
+ if(parseOidWithConfig(configData, &oid, strBuf) == CSSM_FALSE) {
+ /* no config file, just dump the bytes */
+ char cbuf[8];
+
+ sprintf(strBuf, "OID : < 06 %02X ", (unsigned)oid.Length);
+ for(i=0; i<oid.Length; i++) {
+ sprintf(cbuf, "%02X ", oid.Data[i]);
+ strcat(strBuf, cbuf);
+ }
+ strcat(strBuf, ">");
+ }
+}
+
+
--- /dev/null
+/*
+ * oidParser.cpp - parse an Intel-style OID, with the assistance of dumpasn1.cfg.
+ * The config file islooked dfor int e following locations:
+ *
+ * current working directory (.)
+ * parent directory (..)
+ * The directory specified by the environment variable LOCAL_BUILD_DIR
+ *
+ * OidParser will still work if the config file is not found, but OIDs will be
+ * dispayed in raw hex format.
+ */
+
+#ifndef _OID_PARSER_H_
+#define _OID_PARSER_H_
+
+#include <Security/cssmtype.h>
+
+/*
+ * Generated strings go into a client-allocated char array of
+ * this size.
+ */
+#define OID_PARSER_STRING_SIZE 120
+
+class OidParser
+{
+private:
+ CSSM_DATA_PTR configData; // contents of dumpasn1.cfg
+public:
+ /* costruct with noConfig true - skip reading config file */
+ OidParser(bool noConfig=false);
+ ~OidParser();
+
+ /*
+ * Parse an Intel-style OID, generating a C string in
+ * caller-supplied buffer.
+ */
+ void oidParse(
+ const unsigned char *oidp,
+ unsigned oidLen,
+ char *strBuf);
+
+};
+
+#endif /* _OID_PARSER_H_ */
--- /dev/null
+/*
+ File: pem.h
+
+ Description: PEM encode/decode routines
+
+ Author: dmitch
+
+ Copyright: © Copyright 2002 Apple Computer, Inc. All rights reserved.
+
+ Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
+ Computer, Inc. ("Apple") in consideration of your agreement to
+ the following terms, and your use, installation, modification
+ or redistribution of this Apple software constitutes acceptance
+ of these terms. If you do not agree with these terms, please
+ do not use, install, modify or redistribute this Apple software.
+
+ In consideration of your agreement to abide by the following
+ terms, and subject to these terms, Apple grants you a personal,
+ non-exclusive license, under Apple's copyrights in this
+ original Apple software (the "Apple Software"), to use,
+ reproduce, modify and redistribute the Apple Software, with
+ or without modifications, in source and/or binary forms;
+ provided that if you redistribute the Apple Software in
+ its entirety and without modifications, you must retain
+ this notice and the following text and disclaimers in all
+ such redistributions of the Apple Software. Neither the
+ name, trademarks, service marks or logos of Apple Computer,
+ Inc. may be used to endorse or promote products derived from the
+ Apple Software without specific prior written permission from
+ Apple. Except as expressly stated in this notice, no other
+ rights or licenses, express or implied, are granted by Apple
+ herein, including but not limited to any patent rights that
+ may be infringed by your derivative works or by other works
+ in which the Apple Software may be incorporated.
+
+ The Apple Software is provided by Apple on an "AS IS" basis.
+ APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
+ REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE
+ OR IN COMBINATION WITH YOUR PRODUCTS.
+
+ IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
+ INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION
+ AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
+ AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING
+ NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE
+ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include "pem.h"
+#include <stdlib.h>
+#include <stdio.h>
+#include <strings.h>
+#include "cuEnc64.h"
+
+int pemEncode(
+ const unsigned char *inData,
+ unsigned inDataLen,
+ unsigned char **outData,
+ unsigned *outDataLen,
+ const char *headerString)
+{
+ unsigned char *enc;
+ unsigned encLen;
+
+ /* First base64 encode */
+ enc = enc64WithLines(inData, inDataLen, 64, &encLen);
+ if(enc == NULL) {
+ /* malloc error is actually the only known failure */
+ printf("***pemEncode: Error encoding file. Aborting.\n");
+ return -1;
+ }
+
+ /* estimate outsize - just be sloppy, way conservative */
+ unsigned outSize = encLen + (2 * strlen(headerString)) + 200;
+ *outData = (unsigned char *)malloc(outSize);
+ sprintf((char *)*outData, "-----BEGIN %s-----\n%s-----END %s-----\n",
+ headerString, (char *)enc, headerString);
+ *outDataLen = strlen((char *)*outData);
+
+ if((*outData)[*outDataLen - 1] == '\0') {
+ (*outDataLen)--;
+ }
+ free(enc);
+ return 0;
+}
+
+int pemDecode(
+ const unsigned char *inData,
+ unsigned inDataLen,
+ unsigned char **outData,
+ unsigned *outDataLen)
+{
+ char *cp;
+ int freeCp = 0;
+ char *curr1, *curr2;
+ char *startPem = NULL;
+ char *endPem = NULL;
+ unsigned char *out;
+ unsigned outLen;
+ int ourRtn = 0;
+
+ /* make the whole thing a NULL-terminated string */
+ if(inData[inDataLen - 1] != '\0') {
+ cp = (char *)malloc(inDataLen + 1);
+ memmove(cp, inData, inDataLen);
+ cp[inDataLen] = '\0';
+ inDataLen++;
+ freeCp = 1;
+ }
+ else {
+ /* already is */
+ cp = (char *)inData;
+ }
+
+ /* cp is start of NULL-terminated buffer, size inDataLen */
+ /* skip over everything until "-----" */
+ curr1 = strstr(cp, "-----");
+ if(curr1 == NULL) {
+ printf("***pemDecode: no terminator found\n");
+ ourRtn = -1;
+ goto abort;
+ }
+
+ /* find end of separator line, handling both flavors of terminator */
+ cp = curr1;
+ curr1 = strchr(cp, '\n');
+ curr2 = strchr(cp, '\r');
+ if((curr1 == NULL) & (curr2 == NULL)) {
+ printf("***pemDecode: Bad PEM format (1)\n");
+ ourRtn = -1;
+ goto abort;
+ }
+ if(curr1 == NULL) {
+ startPem = curr2;
+ }
+ else {
+ startPem = curr1;
+ }
+
+ /* startPem points to end of separator line */
+ /* locate ending terminator and lop it off */
+ curr1 = strstr(startPem, "-----");
+ if(curr1 == NULL) {
+ printf("***pemDecode: Bad PEM format (2)\n");
+ ourRtn = -1;
+ goto abort;
+ }
+ endPem = curr1;
+ /* endPem points to last PEM data plus one */
+
+ out = dec64((unsigned char *)startPem, endPem-startPem, &outLen);
+ if(out == NULL) {
+ printf("Bad PEM format (3)\n");
+ ourRtn = -1;
+ goto abort;
+ }
+ *outData = out;
+ *outDataLen = outLen;
+abort:
+ if(freeCp) {
+ free(cp);
+ }
+ return ourRtn;
+}
+
--- /dev/null
+/*
+ File: pem.h
+
+ Description: PEM encode/decode routines
+
+ Author: dmitch
+
+ Copyright: © Copyright 2002 Apple Computer, Inc. All rights reserved.
+
+ Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
+ Computer, Inc. ("Apple") in consideration of your agreement to
+ the following terms, and your use, installation, modification
+ or redistribution of this Apple software constitutes acceptance
+ of these terms. If you do not agree with these terms, please
+ do not use, install, modify or redistribute this Apple software.
+
+ In consideration of your agreement to abide by the following
+ terms, and subject to these terms, Apple grants you a personal,
+ non-exclusive license, under Apple's copyrights in this
+ original Apple software (the "Apple Software"), to use,
+ reproduce, modify and redistribute the Apple Software, with
+ or without modifications, in source and/or binary forms;
+ provided that if you redistribute the Apple Software in
+ its entirety and without modifications, you must retain
+ this notice and the following text and disclaimers in all
+ such redistributions of the Apple Software. Neither the
+ name, trademarks, service marks or logos of Apple Computer,
+ Inc. may be used to endorse or promote products derived from the
+ Apple Software without specific prior written permission from
+ Apple. Except as expressly stated in this notice, no other
+ rights or licenses, express or implied, are granted by Apple
+ herein, including but not limited to any patent rights that
+ may be infringed by your derivative works or by other works
+ in which the Apple Software may be incorporated.
+
+ The Apple Software is provided by Apple on an "AS IS" basis.
+ APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
+ REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE
+ OR IN COMBINATION WITH YOUR PRODUCTS.
+
+ IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
+ INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION
+ AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
+ AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING
+ NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE
+ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int pemEncode(
+ const unsigned char *inData,
+ unsigned inFileLen,
+ unsigned char **outData,
+ unsigned *outDataLen,
+ const char *headerString);
+
+int pemDecode(
+ const unsigned char *inData,
+ unsigned inFileLen,
+ unsigned char **outData,
+ unsigned *outDataLen);
+
+#ifdef __cplusplus
+}
+#endif
--- /dev/null
+/*
+ * Parse a cert, dump contents.
+ */
+#include "cdsaUtils.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <Security/oidscert.h>
+#include <Security/x509defs.h>
+#include <Security/oidsattr.h>
+#include <Security/cssmapple.h>
+#include <string.h>
+#include "printCert.h"
+#include "oidParser.h"
+#include "timeStr.h"
+#include <Security/certextensions.h>
+
+static char *months[] = {
+ "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+};
+
+/*
+ * Convert a CSSM_DATA_PTR, referring to a DER-encoded int, to a
+ * uint32.
+ */
+static uint32 DER_ToInt(const CSSM_DATA *DER_Data)
+{
+ uint32 rtn = 0;
+ uint32 i = 0;
+
+ while(i < DER_Data->Length) {
+ rtn |= DER_Data->Data[i];
+ if(++i == DER_Data->Length) {
+ break;
+ }
+ rtn <<= 8;
+ }
+ return rtn;
+}
+
+static void printTime(const CSSM_X509_TIME *cssmTime)
+{
+ struct tm tm;
+
+ /* ignore cssmTime->timeType for now */
+ if(appTimeStringToTm((char *)cssmTime->time.Data, cssmTime->time.Length, &tm)) {
+ printf("***Bad time string format***\n");
+ return;
+ }
+ if(tm.tm_mon > 11) {
+ printf("***Bad time string format***\n");
+ return;
+ }
+ printf("%02d:%02d:%02d %s %d, %04d\n",
+ tm.tm_hour, tm.tm_min, tm.tm_sec,
+ months[tm.tm_mon], tm.tm_mday, tm.tm_year + 1900);
+
+}
+
+static void printDataAsHex(
+ const CSSM_DATA *d,
+ unsigned maxToPrint = 0) // optional, 0 means print it all
+{
+ unsigned i;
+ bool more = false;
+ uint32 len = d->Length;
+ uint8 *cp = d->Data;
+
+ if((maxToPrint != 0) && (len > maxToPrint)) {
+ len = maxToPrint;
+ more = true;
+ }
+ for(i=0; i<len; i++) {
+ printf("%02X ", ((unsigned char *)cp)[i]);
+ }
+ if(more) {
+ printf("...\n");
+ }
+ else {
+ printf("\n");
+ }
+}
+
+/*
+ * Identify CSSM_BER_TAG with a C string.
+ */
+static char *tagTypeString(
+ CSSM_BER_TAG tagType)
+{
+ static char unknownType[80];
+
+ switch(tagType) {
+ case BER_TAG_UNKNOWN:
+ return "BER_TAG_UNKNOWN";
+ case BER_TAG_BOOLEAN:
+ return "BER_TAG_BOOLEAN";
+ case BER_TAG_INTEGER:
+ return "BER_TAG_INTEGER";
+ case BER_TAG_BIT_STRING:
+ return "BER_TAG_BIT_STRING";
+ case BER_TAG_OCTET_STRING:
+ return "BER_TAG_OCTET_STRING";
+ case BER_TAG_NULL:
+ return "BER_TAG_NULL";
+ case BER_TAG_OID:
+ return "BER_TAG_OID";
+ case BER_TAG_SEQUENCE:
+ return "BER_TAG_SEQUENCE";
+ case BER_TAG_SET:
+ return "BER_TAG_SET";
+ case BER_TAG_PRINTABLE_STRING:
+ return "BER_TAG_PRINTABLE_STRING";
+ case BER_TAG_T61_STRING:
+ return "BER_TAG_T61_STRING";
+ case BER_TAG_IA5_STRING:
+ return "BER_TAG_IA5_STRING";
+ case BER_TAG_UTC_TIME:
+ return "BER_TAG_UTC_TIME";
+ case BER_TAG_GENERALIZED_TIME:
+ return "BER_TAG_GENERALIZED_TIME";
+ default:
+ sprintf(unknownType, "Other type (0x%x)", tagType);
+ return unknownType;
+ }
+}
+
+/*
+ * Print an OID, assumed to be in BER encoded "Intel" format
+ * Length is inferred from oid->Length
+ * Tag is implied
+ */
+static void printOid(OidParser &parser, const CSSM_DATA *oid)
+{
+ char strBuf[OID_PARSER_STRING_SIZE];
+
+ if(oid == NULL) {
+ printf("NULL\n");
+ return;
+ }
+ if((oid->Length == 0) || (oid->Data == NULL)) {
+ printf("EMPTY\n");
+ return;
+ }
+ parser.oidParse(oid->Data, oid->Length, strBuf);
+ printf("%s\n", strBuf);
+}
+
+/*
+ * Used to print generic blobs which we don't really understand.
+ * The bytesToPrint argument is usually thing->Length; it's here because snacc
+ * peports lengths of bit strings in BITS. Caller knows this and
+ * modifies bytesToPrint accordingly. In any case, bytesToPrint is the
+ * max number of valid bytes in *thing->Data.
+ */
+#define BLOB_LENGTH_PRINT 3
+
+static void printBlobBytes(
+ char *blobType,
+ char *quanta, // e.g., "bytes', "bits"
+ uint32 bytesToPrint,
+ const CSSM_DATA *thing)
+{
+ uint32 dex;
+ uint32 toPrint = bytesToPrint;
+
+ if(toPrint > BLOB_LENGTH_PRINT) {
+ toPrint = BLOB_LENGTH_PRINT;
+ }
+ printf("%s; Length %u %s; data = ",
+ blobType, (unsigned)thing->Length, quanta);
+ for(dex=0; dex<toPrint; dex++) {
+ printf("0x%x ", thing->Data[dex]);
+ if(dex == (toPrint - 1)) {
+ break;
+ }
+ }
+ if(dex < bytesToPrint) {
+ printf(" ...\n");
+ }
+ else {
+ printf("\n");
+ }
+}
+
+/*
+ * Print an IA5String or Printable string. Null terminator is not assumed.
+ * Trailing newline is printed.
+ */
+static void printString(
+ const CSSM_DATA *str)
+{
+ unsigned i;
+ char *cp = (char *)str->Data;
+ for(i=0; i<str->Length; i++) {
+ printf("%c", *cp++);
+ }
+ printf("\n");
+}
+
+static void printDerThing(
+ CSSM_BER_TAG tagType,
+ const CSSM_DATA *thing,
+ OidParser &parser)
+{
+ switch(tagType) {
+ case BER_TAG_INTEGER:
+ printf("%u\n", (unsigned)DER_ToInt(thing));
+ return;
+ case BER_TAG_BOOLEAN:
+ if(thing->Length != 1) {
+ printf("***malformed BER_TAG_BOOLEAN: length %d data ",
+ (unsigned)thing->Length);
+ }
+ printf("%u\n", (unsigned)DER_ToInt(thing));
+ return;
+ case BER_TAG_PRINTABLE_STRING:
+ case BER_TAG_IA5_STRING:
+ case BER_TAG_T61_STRING: // mostly printable....
+ printString(thing);
+ return;
+ case BER_TAG_OCTET_STRING:
+ printBlobBytes("Byte string", "bytes", thing->Length, thing);
+ return;
+ case BER_TAG_BIT_STRING:
+ printBlobBytes("Bit string", "bits", (thing->Length + 7) / 8, thing);
+ return;
+ case BER_TAG_SEQUENCE:
+ printBlobBytes("Sequence", "bytes", thing->Length, thing);
+ return;
+ case BER_TAG_SET:
+ printBlobBytes("Set", "bytes", thing->Length, thing);
+ return;
+ case BER_TAG_OID:
+ printf("OID = ");
+ printOid(parser, thing);
+ break;
+ default:
+ printf("not displayed (tagType = %s; length %u)\n",
+ tagTypeString(tagType), (unsigned)thing->Length);
+ break;
+
+ }
+}
+
+static void printSigAlg(
+ CSSM_X509_ALGORITHM_IDENTIFIER *sigAlg,
+ OidParser &parser)
+{
+ printOid(parser, &sigAlg->algorithm);
+ if(sigAlg->parameters.Data != NULL) {
+ printf(" alg params : ");
+ printDataAsHex(&sigAlg->parameters, 8);
+ }
+}
+
+/* compare two OIDs, return CSSM_TRUE if identical */
+static CSSM_BOOL compareOids(
+ const CSSM_OID *oid1,
+ const CSSM_OID *oid2)
+{
+ if((oid1 == NULL) || (oid2 == NULL)) {
+ return CSSM_FALSE;
+ }
+ if(oid1->Length != oid2->Length) {
+ return CSSM_FALSE;
+ }
+ if(memcmp(oid1->Data, oid2->Data, oid1->Length)) {
+ return CSSM_FALSE;
+ }
+ else {
+ return CSSM_TRUE;
+ }
+}
+
+static CSSM_RETURN printName(
+ const CSSM_X509_NAME_PTR x509Name,
+ OidParser &parser)
+{
+ CSSM_X509_TYPE_VALUE_PAIR *ptvp;
+ CSSM_X509_RDN_PTR rdnp;
+ unsigned rdnDex;
+ unsigned pairDex;
+ char *fieldName;
+
+ for(rdnDex=0; rdnDex<x509Name->numberOfRDNs; rdnDex++) {
+ rdnp = &x509Name->RelativeDistinguishedName[rdnDex];
+ for(pairDex=0; pairDex<rdnp->numberOfPairs; pairDex++) {
+ ptvp = &rdnp->AttributeTypeAndValue[pairDex];
+ if(compareOids(&ptvp->type, &CSSMOID_CountryName)) {
+ fieldName = "Country ";
+ }
+ else if(compareOids(&ptvp->type, &CSSMOID_OrganizationName)) {
+ fieldName = "Org ";
+ }
+ else if(compareOids(&ptvp->type, &CSSMOID_LocalityName)) {
+ fieldName = "Locality ";
+ }
+ else if(compareOids(&ptvp->type, &CSSMOID_OrganizationalUnitName)) {
+ fieldName = "OrgUnit ";
+ }
+ else if(compareOids(&ptvp->type, &CSSMOID_CommonName)) {
+ fieldName = "Common Name ";
+ }
+ else if(compareOids(&ptvp->type, &CSSMOID_Surname)) {
+ fieldName = "Surname ";
+ }
+ else if(compareOids(&ptvp->type, &CSSMOID_Title)) {
+ fieldName = "Title ";
+ }
+ else if(compareOids(&ptvp->type, &CSSMOID_Surname)) {
+ fieldName = "Surname ";
+ }
+ else if(compareOids(&ptvp->type, &CSSMOID_StateProvinceName)) {
+ fieldName = "State ";
+ }
+ else if(compareOids(&ptvp->type, &CSSMOID_CollectiveStateProvinceName)) {
+ fieldName = "Coll. State ";
+ }
+ else if(compareOids(&ptvp->type, &CSSMOID_EmailAddress)) {
+ /* deprecated, used by Thawte */
+ fieldName = "Email addrs ";
+ }
+ else {
+ fieldName = "Other name ";
+ }
+ printf(" %s : ", fieldName);
+ printDerThing(ptvp->valueType, &ptvp->value, parser);
+ } /* for each type/value pair */
+ } /* for each RDN */
+
+ return CSSM_OK;
+}
+
+static void printKeyHeader(
+ const CSSM_KEYHEADER &hdr)
+{
+ printf(" Algorithm : ");
+ switch(hdr.AlgorithmId) {
+ case CSSM_ALGID_RSA:
+ printf("RSA\n");
+ break;
+ case CSSM_ALGID_DSA:
+ printf("DSA\n");
+ break;
+ case CSSM_ALGID_FEE:
+ printf("FEE\n");
+ break;
+ default:
+ printf("Unknown(%d(d), 0x%x)\n", (unsigned)hdr.AlgorithmId,
+ (unsigned)hdr.AlgorithmId);
+ }
+ printf(" Key Size : %u bits\n", (unsigned)hdr.LogicalKeySizeInBits);
+ printf(" Key Use : ");
+ CSSM_KEYUSE usage = hdr.KeyUsage;
+ if(usage & CSSM_KEYUSE_ANY) {
+ printf("CSSM_KEYUSE_ANY ");
+ }
+ if(usage & CSSM_KEYUSE_ENCRYPT) {
+ printf("CSSM_KEYUSE_ENCRYPT ");
+ }
+ if(usage & CSSM_KEYUSE_DECRYPT) {
+ printf("CSSM_KEYUSE_DECRYPT ");
+ }
+ if(usage & CSSM_KEYUSE_SIGN) {
+ printf("CSSM_KEYUSE_SIGN ");
+ }
+ if(usage & CSSM_KEYUSE_VERIFY) {
+ printf("CSSM_KEYUSE_VERIFY ");
+ }
+ if(usage & CSSM_KEYUSE_SIGN_RECOVER) {
+ printf("CSSM_KEYUSE_SIGN_RECOVER ");
+ }
+ if(usage & CSSM_KEYUSE_VERIFY_RECOVER) {
+ printf("CSSM_KEYUSE_VERIFY_RECOVER ");
+ }
+ if(usage & CSSM_KEYUSE_WRAP) {
+ printf("CSSM_KEYUSE_WRAP ");
+ }
+ if(usage & CSSM_KEYUSE_UNWRAP) {
+ printf("CSSM_KEYUSE_UNWRAP ");
+ }
+ if(usage & CSSM_KEYUSE_DERIVE) {
+ printf("CSSM_KEYUSE_DERIVE ");
+ }
+ printf("\n");
+
+}
+
+/*
+ * Print contents of a CE_GeneralNames as best we can.
+ */
+static void printGeneralNames(
+ CE_GeneralNames *generalNames,
+ OidParser &parser)
+{
+ unsigned i;
+ CE_GeneralName *name;
+
+ for(i=0; i<generalNames->numNames; i++) {
+ name = &generalNames->generalName[i];
+ switch(name->nameType) {
+ case GNT_RFC822Name:
+ printf(" RFC822Name : ");
+ printString(&name->name);
+ break;
+ case GNT_DNSName:
+ printf(" DNSName : ");
+ printString(&name->name);
+ break;
+ case GNT_URI:
+ printf(" URI : ");
+ printString(&name->name);
+ break;
+ case GNT_IPAddress:
+ printf(" IP Address : ");
+ for(unsigned i=0; i<name->name.Length; i++) {
+ printf("%d", name->name.Data[i]);
+ if(i < (name->name.Length - 1)) {
+ printf(".");
+ }
+ }
+ printf("\n");
+ break;
+ case GNT_RegisteredID:
+ printf(" RegisteredID : ");
+ printOid(parser, &name->name);
+ break;
+ case GNT_X400Address:
+ /* ORAddress, a very complicated struct - punt */
+ printf(" X400Address : ");
+ printBlobBytes("Sequence", "bytes", name->name.Length, &name->name);
+ break;
+ case GNT_DirectoryName:
+ /* encoded Name (i.e. CSSM_X509_NAME) */
+ printf(" Dir Name : ");
+ printBlobBytes("Byte string", "bytes", name->name.Length, &name->name);
+ break;
+ case GNT_EdiPartyName:
+ /* sequence EDIPartyName */
+ printf(" EdiPartyName : ");
+ printBlobBytes("Sequence", "bytes", name->name.Length, &name->name);
+ break;
+ case GNT_OtherName:
+ printf(" OtherName : ");
+ printOid(parser, &name->name);
+ break;
+ }
+ }
+}
+
+static int printExtensionCommon(
+ const CSSM_DATA &value,
+ OidParser &parser,
+ bool expectParsed = true)
+{
+ if(value.Length != sizeof(CSSM_X509_EXTENSION)) {
+ printf("***malformed CSSM_FIELD (1)\n");
+ return 1;
+ }
+ CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data;
+ printf("Extension struct : "); printOid(parser, &cssmExt->extnId);
+ printf(" Critical : %s\n", cssmExt->critical ? "TRUE" : "FALSE");
+ switch(cssmExt->format) {
+ case CSSM_X509_DATAFORMAT_ENCODED:
+ if(expectParsed) {
+ printf("Bad CSSM_X509_EXTENSION; expected FORMAT_PARSED\n");
+ return 1;
+ }
+ if((cssmExt->BERvalue.Data == NULL) ||
+ (cssmExt->value.parsedValue != NULL)) {
+ printf("***Malformed CSSM_X509_EXTENSION (1)\n");
+ return 1;
+ }
+ break;
+ case CSSM_X509_DATAFORMAT_PARSED:
+ if(!expectParsed) {
+ printf("Bad CSSM_X509_EXTENSION; expected FORMAT_ENCODED\n");
+ return 1;
+ }
+ if((cssmExt->BERvalue.Data != NULL) ||
+ (cssmExt->value.parsedValue == NULL)) {
+ printf("***Malformed CSSM_X509_EXTENSION (2)\n");
+ return 1;
+ }
+ break;
+ default:
+ printf("***Unknown CSSM_X509_EXTENSION.format\n");
+ return 1;
+ }
+ return 0;
+}
+
+static void printKeyUsage(
+ const CSSM_DATA &value)
+{
+ CE_KeyUsage usage;
+ CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data;
+
+ usage = *((CE_KeyUsage *)cssmExt->value.parsedValue);
+ printf(" usage : ");
+ if(usage & CE_KU_DigitalSignature) {
+ printf("DigitalSignature ");
+ }
+ if(usage & CE_KU_NonRepudiation) {
+ printf("NonRepudiation ");
+ }
+ if(usage & CE_KU_KeyEncipherment) {
+ printf("KeyEncipherment ");
+ }
+ if(usage & CE_KU_DataEncipherment) {
+ printf("DataEncipherment ");
+ }
+ if(usage & CE_KU_KeyAgreement) {
+ printf("KeyAgreement ");
+ }
+ if(usage & CE_KU_KeyCertSign) {
+ printf("KeyCertSign ");
+ }
+ if(usage & CE_KU_CRLSign) {
+ printf("CRLSign ");
+ }
+ if(usage & CE_KU_EncipherOnly) {
+ printf("EncipherOnly ");
+ }
+ if(usage & CE_KU_DecipherOnly) {
+ printf("DecipherOnly ");
+ }
+ printf("\n");
+
+}
+
+static void printBasicConstraints(
+ const CSSM_DATA &value)
+{
+ CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data;
+ CE_BasicConstraints *bc = (CE_BasicConstraints *)cssmExt->value.parsedValue;
+ printf(" CA : %s\n", bc->cA ? "TRUE" : "FALSE");
+ if(bc->pathLenConstraintPresent) {
+ printf(" pathLenConstr : %u\n",
+ (unsigned)bc->pathLenConstraint);
+ }
+}
+
+static void printExtKeyUsage(
+ const CSSM_DATA &value,
+ OidParser &parser)
+{
+ CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data;
+ CE_ExtendedKeyUsage *eku = (CE_ExtendedKeyUsage *)cssmExt->value.parsedValue;
+ unsigned oidDex;
+ for(oidDex=0; oidDex<eku->numPurposes; oidDex++) {
+ printf(" purpose %2d : ", oidDex);
+ printOid(parser, &eku->purposes[oidDex]);
+ }
+}
+
+static void printAuthorityKeyId(
+ const CSSM_DATA &value,
+ OidParser &parser)
+{
+ CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data;
+ CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)cssmExt->value.parsedValue;
+ if(akid->keyIdentifierPresent) {
+ printf(" keyIdentifier : "); printDataAsHex(&akid->keyIdentifier, 8);
+ }
+ if(akid->generalNamesPresent) {
+ printGeneralNames(akid->generalNames, parser);
+ }
+ if(akid->serialNumberPresent) {
+ printf(" serialNumber : "); printDataAsHex(&akid->serialNumber, 8);
+ }
+}
+
+static void printSubjectAltName(
+ const CSSM_DATA &value,
+ OidParser &parser)
+{
+ CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data;
+ CE_GeneralNames *san = (CE_GeneralNames *)cssmExt->value.parsedValue;
+ printGeneralNames(san, parser);
+}
+
+static void printCertPolicies(
+ const CSSM_DATA &value,
+ OidParser &parser)
+{
+ CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data;
+ CE_CertPolicies *cdsaObj = (CE_CertPolicies *)cssmExt->value.parsedValue;
+ for(unsigned polDex=0; polDex<cdsaObj->numPolicies; polDex++) {
+ CE_PolicyInformation *cPolInfo = &cdsaObj->policies[polDex];
+ printf(" Policy %2d : ID ", polDex);
+ printOid(parser, &cPolInfo->certPolicyId);
+ for(unsigned qualDex=0; qualDex<cPolInfo->numPolicyQualifiers; qualDex++) {
+ CE_PolicyQualifierInfo *cQualInfo = &cPolInfo->policyQualifiers[qualDex];
+ printf(" Qual %2d : ID ", qualDex);
+ printOid(parser, &cQualInfo->policyQualifierId);
+ if(cuCompareCssmData(&cQualInfo->policyQualifierId,
+ &CSSMOID_QT_CPS)) {
+ printf(" CPS : ");
+ printString(&cQualInfo->qualifier);
+ }
+ else {
+ printf(" unparsed : ");
+ printDataAsHex(&cQualInfo->qualifier, 8);
+ }
+ }
+ }
+}
+
+static void printNetscapeCertType(
+ const CSSM_DATA &value)
+{
+ CE_NetscapeCertType certType;
+ CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)value.Data;
+
+ certType = *((CE_NetscapeCertType *)cssmExt->value.parsedValue);
+ printf(" certType : ");
+ if(certType & CE_NCT_SSL_Client) {
+ printf("SSL_Client ");
+ }
+ if(certType & CE_NCT_SSL_Server) {
+ printf("SSL_Server ");
+ }
+ if(certType & CE_NCT_SMIME) {
+ printf("S/MIME ");
+ }
+ if(certType & CE_NCT_ObjSign) {
+ printf("ObjectSign ");
+ }
+ if(certType & CE_NCT_Reserved) {
+ printf("Reserved ");
+ }
+ if(certType & CE_NCT_SSL_CA) {
+ printf("SSL_CA ");
+ }
+ if(certType & CE_NCT_SMIME_CA) {
+ printf("SMIME_CA ");
+ }
+ if(certType & CE_NCT_ObjSignCA) {
+ printf("ObjSignCA ");
+ }
+ printf("\n");
+}
+
+/* print one field */
+void printCertField(
+ const CSSM_FIELD &field,
+ OidParser &parser,
+ CSSM_BOOL verbose)
+{
+ const CSSM_DATA *thisData = &field.FieldValue;
+ const CSSM_OID *thisOid = &field.FieldOid;
+
+ if(cuCompareCssmData(thisOid, &CSSMOID_X509V1Version)) {
+ if(verbose) {
+ printf("Version : %u\n",
+ (unsigned)DER_ToInt(thisData));
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SerialNumber)) {
+ printf("Serial Number : "); printDataAsHex(thisData, 0);
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1IssuerNameCStruct)) {
+ printf("Issuer Name :\n");
+ CSSM_X509_NAME_PTR name = (CSSM_X509_NAME_PTR)thisData->Data;
+ if((name == NULL) || (thisData->Length != sizeof(CSSM_X509_NAME))) {
+ printf(" ***malformed CSSM_X509_NAME\n");
+ }
+ else {
+ printName(name, parser);
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SubjectNameCStruct)) {
+ printf("Subject Name :\n");
+ CSSM_X509_NAME_PTR name = (CSSM_X509_NAME_PTR)thisData->Data;
+ if((name == NULL) || (thisData->Length != sizeof(CSSM_X509_NAME))) {
+ printf(" ***malformed CSSM_X509_NAME\n");
+ }
+ else {
+ printName(name, parser);
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1ValidityNotBefore)) {
+ CSSM_X509_TIME *cssmTime = (CSSM_X509_TIME *)thisData->Data;
+ if((cssmTime == NULL) || (thisData->Length != sizeof(CSSM_X509_TIME))) {
+ printf(" ***malformed CSSM_X509_TIME\n");
+ }
+ else if(verbose) {
+ printf("Not Before : "); printString(&cssmTime->time);
+ printf(" : ");
+ printTime(cssmTime);
+ }
+ else {
+ printf("Not Before : ");
+ printTime(cssmTime);
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1ValidityNotAfter)) {
+ CSSM_X509_TIME *cssmTime = (CSSM_X509_TIME *)thisData->Data;
+ if((cssmTime == NULL) || (thisData->Length != sizeof(CSSM_X509_TIME))) {
+ printf(" ***malformed CSSM_X509_TIME\n");
+ }
+ else if(verbose) {
+ printf("Not After : "); printString(&cssmTime->time);
+ printf(" : ");
+ printTime(cssmTime);
+ }
+ else {
+ printf("Not After : ");
+ printTime(cssmTime);
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SignatureAlgorithmTBS)) {
+ if(verbose) {
+ /* normally skip, it's the same as TBS sig alg */
+ printf("TBS Sig Algorithm : ");
+ CSSM_X509_ALGORITHM_IDENTIFIER *algId =
+ (CSSM_X509_ALGORITHM_IDENTIFIER *)thisData->Data;
+ if((algId == NULL) ||
+ (thisData->Length != sizeof(CSSM_X509_ALGORITHM_IDENTIFIER))) {
+ printf(" ***malformed CSSM_X509_ALGORITHM_IDENTIFIER\n");
+ }
+ else {
+ printSigAlg(algId, parser);
+ }
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SignatureAlgorithm)) {
+ printf("Cert Sig Algorithm : ");
+ CSSM_X509_ALGORITHM_IDENTIFIER *algId =
+ (CSSM_X509_ALGORITHM_IDENTIFIER *)thisData->Data;
+ if((algId == NULL) ||
+ (thisData->Length != sizeof(CSSM_X509_ALGORITHM_IDENTIFIER))) {
+ printf(" ***malformed CSSM_X509_ALGORITHM_IDENTIFIER\n");
+ }
+ else {
+ printSigAlg(algId, parser);
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1CertificateIssuerUniqueId)) {
+ if(verbose) {
+ printf("Issuer UniqueId : ");
+ printDerThing(BER_TAG_BIT_STRING, thisData, parser);
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1CertificateSubjectUniqueId)) {
+ if(verbose) {
+ printf("Subject UniqueId : ");
+ printDerThing(BER_TAG_BIT_STRING, thisData, parser);
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SubjectPublicKeyCStruct)) {
+ CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *pubKeyInfo =
+ (CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *)thisData->Data;
+ printf("Pub Key Algorithm : ");
+ if((pubKeyInfo == NULL) ||
+ (thisData->Length != sizeof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO))) {
+ printf(" ***malformed CSSM_X509_SUBJECT_PUBLIC_KEY_INFO\n");
+ }
+ else {
+ printSigAlg(&pubKeyInfo->algorithm, parser);
+ printf("Pub key Bytes : Length %u bytes : ",
+ (unsigned)pubKeyInfo->subjectPublicKey.Length);
+ printDataAsHex(&pubKeyInfo->subjectPublicKey, 8);
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_CSSMKeyStruct)) {
+ CSSM_KEY_PTR cssmKey = (CSSM_KEY_PTR)thisData->Data;
+ printf("CSSM Key :\n");
+ if((cssmKey == NULL) ||
+ (thisData->Length != sizeof(CSSM_KEY))) {
+ printf(" ***malformed CSSM_KEY\n");
+ }
+ else {
+ printKeyHeader(cssmKey->KeyHeader);
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1Signature)) {
+ printf("Signature : %u bytes : ",
+ (unsigned)thisData->Length);
+ printDataAsHex(thisData, 8);
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V3CertificateExtensionCStruct)) {
+ if(printExtensionCommon(*thisData, parser, false)) {
+ return;
+ }
+ CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)thisData->Data;
+ printf(" Unparsed data : "); printDataAsHex(&cssmExt->BERvalue, 8);
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_KeyUsage)) {
+ if(printExtensionCommon(*thisData, parser)) {
+ return;
+ }
+ printKeyUsage(*thisData);
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_BasicConstraints)) {
+ if(printExtensionCommon(*thisData, parser)) {
+ return;
+ }
+ printBasicConstraints(*thisData);
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_ExtendedKeyUsage)) {
+ if(printExtensionCommon(*thisData, parser)) {
+ return;
+ }
+ printExtKeyUsage(*thisData, parser);
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_SubjectKeyIdentifier)) {
+ if(printExtensionCommon(*thisData, parser)) {
+ return;
+ }
+ CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)thisData->Data;
+ CSSM_DATA_PTR cdata = (CSSM_DATA_PTR)cssmExt->value.parsedValue;
+ if((cdata == NULL) || (cdata->Data == NULL)) {
+ printf("****Malformed extension (no parsedValue)\n");
+ }
+ else {
+ printf(" Subject KeyID : "); printDataAsHex(cdata, 8);
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_AuthorityKeyIdentifier)) {
+ if(printExtensionCommon(*thisData, parser)) {
+ return;
+ }
+ printAuthorityKeyId(*thisData, parser);
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_SubjectAltName)) {
+ if(printExtensionCommon(*thisData, parser)) {
+ return;
+ }
+ printSubjectAltName(*thisData, parser);
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_CertificatePolicies)) {
+ if(printExtensionCommon(*thisData, parser)) {
+ return;
+ }
+ printCertPolicies(*thisData, parser);
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_NetscapeCertType)) {
+ if(printExtensionCommon(*thisData, parser)) {
+ return;
+ }
+ printNetscapeCertType(*thisData);
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1IssuerName)) {
+ if(verbose) {
+ printf("Normalized Issuer : ");
+ printDataAsHex(thisData, 8);
+ }
+ }
+ else if(cuCompareCssmData(thisOid, &CSSMOID_X509V1SubjectName)) {
+ if(verbose) {
+ printf("Normalized Subject : ");
+ printDataAsHex(thisData, 8);
+ }
+ }
+ else {
+ printf("other field: : "); printOid(parser, thisOid);
+ }
+}
+
+/* connect to CSSM/CL lazily, once */
+static CSSM_CL_HANDLE clHand = 0;
+
+int printCert(
+ const unsigned char *certData,
+ unsigned certLen,
+ CSSM_BOOL verbose)
+{
+ CSSM_FIELD_PTR fieldPtr; // mallocd by CL
+ uint32 i;
+ uint32 numFields;
+ OidParser parser;
+ CSSM_DATA cert;
+
+ if(clHand == 0) {
+ clHand = cuClStartup();
+ if(clHand == 0) {
+ printf("***Error connecting to CSSM cert module; aborting cert display\n");
+ return 0;
+ }
+ }
+ cert.Data = (uint8 *)certData;
+ cert.Length = certLen;
+
+ CSSM_RETURN crtn = CSSM_CL_CertGetAllFields(clHand,
+ &cert,
+ &numFields,
+ &fieldPtr);
+ if(crtn) {
+ cuPrintError("CSSM_CL_CertGetAllFields", crtn);
+ return crtn;
+ }
+
+ for(i=0; i<numFields; i++) {
+ printCertField(fieldPtr[i], parser, verbose);
+ }
+
+ crtn = CSSM_CL_FreeFields(clHand, numFields, &fieldPtr);
+ if(crtn) {
+ cuPrintError("CSSM_CL_FreeFields", crtn);
+ return crtn;
+ }
+ return 0;
+}
+
+void printCertShutdown()
+{
+ if(clHand != 0) {
+ CSSM_ModuleDetach(clHand);
+ }
+}
--- /dev/null
+/*
+ * parseCert.h - text-based cert parser using CL
+ */
+
+#ifndef _PARSE_CERT_H_
+#define _PARSE_CERT_H_
+
+#include <Security/cssmtype.h>
+#include "oidParser.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* print one field */
+void printCertField(
+ const CSSM_FIELD &field,
+ OidParser &parser,
+ CSSM_BOOL verbose);
+
+int printCert(
+ const unsigned char *certData,
+ unsigned certLen,
+ CSSM_BOOL verbose);
+
+void printCertShutdown();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PARSE_CERT_H_ */
--- /dev/null
+#include "timeStr.h"
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+
+/*
+ * Given a string containing either a UTC-style or "generalized time"
+ * time string, convert to a struct tm (in GMT/UTC). Returns nonzero on
+ * error.
+ */
+int appTimeStringToTm(
+ const char *str,
+ unsigned len,
+ struct tm *tmp)
+{
+ char szTemp[5];
+ unsigned isUtc;
+ unsigned x;
+ unsigned i;
+ char *cp;
+
+ if((str == NULL) || (len == 0) || (tmp == NULL)) {
+ return 1;
+ }
+
+ /* tolerate NULL terminated or not */
+ if(str[len - 1] == '\0') {
+ len--;
+ }
+ switch(len) {
+ case UTC_TIME_STRLEN: // 2-digit year, not Y2K compliant
+ isUtc = 1;
+ break;
+ case GENERALIZED_TIME_STRLEN: // 4-digit year
+ isUtc = 0;
+ break;
+ default: // unknown format
+ return 1;
+ }
+
+ cp = (char *)str;
+
+ /* check that all characters except last are digits */
+ for(i=0; i<(len - 1); i++) {
+ if ( !(isdigit(cp[i])) ) {
+ return 1;
+ }
+ }
+
+ /* check last character is a 'Z' */
+ if(cp[len - 1] != 'Z' ) {
+ return 1;
+ }
+
+ /* YEAR */
+ szTemp[0] = *cp++;
+ szTemp[1] = *cp++;
+ if(!isUtc) {
+ /* two more digits */
+ szTemp[2] = *cp++;
+ szTemp[3] = *cp++;
+ szTemp[4] = '\0';
+ }
+ else {
+ szTemp[2] = '\0';
+ }
+ x = atoi( szTemp );
+ if(isUtc) {
+ /*
+ * 2-digit year.
+ * 0 <= year < 50 : assume century 21
+ * 50 <= year < 70 : illegal per PKIX
+ * 70 < year <= 99 : assume century 20
+ */
+ if(x < 50) {
+ x += 2000;
+ }
+ else if(x < 70) {
+ return 1;
+ }
+ else {
+ /* century 20 */
+ x += 1900;
+ }
+ }
+ /* by definition - tm_year is year - 1900 */
+ tmp->tm_year = x - 1900;
+
+ /* MONTH */
+ szTemp[0] = *cp++;
+ szTemp[1] = *cp++;
+ szTemp[2] = '\0';
+ x = atoi( szTemp );
+ /* in the string, months are from 1 to 12 */
+ if((x > 12) || (x <= 0)) {
+ return 1;
+ }
+ /* in a tm, 0 to 11 */
+ tmp->tm_mon = x - 1;
+
+ /* DAY */
+ szTemp[0] = *cp++;
+ szTemp[1] = *cp++;
+ szTemp[2] = '\0';
+ x = atoi( szTemp );
+ /* 1..31 in both formats */
+ if((x > 31) || (x <= 0)) {
+ return 1;
+ }
+ tmp->tm_mday = x;
+
+ /* HOUR */
+ szTemp[0] = *cp++;
+ szTemp[1] = *cp++;
+ szTemp[2] = '\0';
+ x = atoi( szTemp );
+ if((x > 23) || (x < 0)) {
+ return 1;
+ }
+ tmp->tm_hour = x;
+
+ /* MINUTE */
+ szTemp[0] = *cp++;
+ szTemp[1] = *cp++;
+ szTemp[2] = '\0';
+ x = atoi( szTemp );
+ if((x > 59) || (x < 0)) {
+ return 1;
+ }
+ tmp->tm_min = x;
+
+ /* SECOND */
+ szTemp[0] = *cp++;
+ szTemp[1] = *cp++;
+ szTemp[2] = '\0';
+ x = atoi( szTemp );
+ if((x > 59) || (x < 0)) {
+ return 1;
+ }
+ tmp->tm_sec = x;
+ return 0;
+}
+
--- /dev/null
+#ifndef _TIME_STR_H_
+#define _TIME_STR_H_
+
+#include <time.h>
+
+#define UTC_TIME_STRLEN 13
+#define GENERALIZED_TIME_STRLEN 15
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Given a string containing either a UTC-style or "generalized time"
+ * time string, convert to a struct tm (in GMT/UTC). Returns nonzero on
+ * error.
+ */
+int appTimeStringToTm(
+ const char *str,
+ unsigned len,
+ struct tm *tmp);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _TIME_STR_H_ */
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// ACL.cpp
+//
+#include <Security/ACL.h>
+#include <Security/SecCFTypes.h>
+#include <Security/osxsigning.h>
+#include <Security/osxsigner.h>
+#include <Security/trackingallocator.h>
+#include <Security/TrustedApplication.h>
+#include <Security/SecTrustedApplication.h>
+#include <Security/devrandom.h>
+#include <Security/uniformrandom.h>
+#include "keychainacl.h"
+#include <memory>
+
+
+using namespace KeychainCore;
+
+
+//
+// The default form of a prompt selector
+//
+const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR ACL::defaultSelector = {
+ CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION, 0
+};
+
+
+//
+// Create an ACL object from the result of a CSSM ACL query
+//
+ACL::ACL(Access &acc, const AclEntryInfo &info, CssmAllocator &alloc)
+ : allocator(alloc), access(acc), mState(unchanged), mSubjectForm(NULL)
+{
+ // parse the subject
+ parse(info.proto().subject());
+
+ // fill in AclEntryInfo layer information
+ const AclEntryPrototype &proto = info.proto();
+ mAuthorizations = proto.authorization();
+ mDelegate = proto.delegate();
+ mEntryTag = proto.tag();
+
+ // take CSSM entry handle from info layer
+ mCssmHandle = info.handle();
+}
+
+ACL::ACL(Access &acc, const AclOwnerPrototype &owner, CssmAllocator &alloc)
+ : allocator(alloc), access(acc), mState(unchanged), mSubjectForm(NULL)
+{
+ // parse subject
+ parse(owner.subject());
+
+ // for an owner "entry", the next-layer information is fixed (and fake)
+ mAuthorizations.insert(CSSM_ACL_AUTHORIZATION_CHANGE_ACL);
+ mDelegate = owner.delegate();
+ mEntryTag[0] = '\0';
+
+ // use fixed (fake) entry handle
+ mCssmHandle = ownerHandle;
+}
+
+
+//
+// Create a new ACL that authorizes anyone to do anything.
+// This constructor produces a "pure" ANY ACL, without descriptor or selector.
+// To generate a "standard" form of ANY, use the appListForm constructor below,
+// then change its form to allowAnyForm.
+//
+ACL::ACL(Access &acc, CssmAllocator &alloc)
+ : allocator(alloc), access(acc), mSubjectForm(NULL)
+{
+ mState = inserted; // new
+ mForm = allowAllForm; // everybody
+ mAuthorizations.insert(CSSM_ACL_AUTHORIZATION_ANY); // anything
+ mDelegate = false;
+
+ //mPromptDescription stays empty
+ mPromptSelector = defaultSelector;
+
+ // randomize the CSSM handle
+ UniformRandomBlobs<DevRandomGenerator>().random(mCssmHandle);
+}
+
+
+//
+// Create a new ACL in standard form.
+// As created, it authorizes all activities.
+//
+ACL::ACL(Access &acc, string description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector,
+ CssmAllocator &alloc)
+ : allocator(alloc), access(acc), mSubjectForm(NULL)
+{
+ mState = inserted; // new
+ mForm = appListForm;
+ mAuthorizations.insert(CSSM_ACL_AUTHORIZATION_ANY); // anything
+ mDelegate = false;
+
+ mPromptDescription = description;
+ mPromptSelector = promptSelector;
+
+ // randomize the CSSM handle
+ UniformRandomBlobs<DevRandomGenerator>().random(mCssmHandle);
+}
+
+
+//
+// Destroy an ACL
+//
+ACL::~ACL()
+{
+}
+
+
+//
+// Does this ACL authorize a particular right?
+//
+bool ACL::authorizes(AclAuthorization right) const
+{
+ return mAuthorizations.find(right) != mAuthorizations.end()
+ ||
+ mAuthorizations.find(CSSM_ACL_AUTHORIZATION_ANY) != mAuthorizations.end();
+}
+
+
+//
+// Add an application to the trusted-app list of this ACL.
+// Will fail unless this is a standard "simple" form ACL.
+//
+void ACL::addApplication(TrustedApplication *app)
+{
+ switch (mForm) {
+ case appListForm: // simple...
+ mAppList.push_back(app);
+ modify();
+ break;
+ case allowAllForm: // hmm...
+ if (!mPromptDescription.empty()) {
+ // verbose "any" form (has description, "any" override)
+ mAppList.push_back(app);
+ modify();
+ break;
+ }
+ // pure "any" form without description. Cannot convert to appListForm
+ default:
+ MacOSError::throwMe(errSecACLNotSimple);
+ }
+}
+
+
+//
+// Mark an ACL as modified.
+//
+void ACL::modify()
+{
+ if (mState == unchanged) {
+ debug("SecAccess", "ACL %p marked modified", this);
+ mState = modified;
+ }
+}
+
+
+//
+// Mark an ACL as "removed"
+// Removed ACLs have no valid contents (they are invalid on their face).
+// When "updated" to the originating item, they will cause the corresponding
+// ACL entry to be deleted. Otherwise, they are irrelevant.
+// Note: Removing an ACL does not actually remove it from its Access's map.
+//
+void ACL::remove()
+{
+ mAppList.clear();
+ mForm = invalidForm;
+ mState = deleted;
+}
+
+
+//
+// (Re)place this ACL's setting into the AclBearer specified.
+// If update, assume this is an update operation and the ACL was
+// originally derived from this object; specifically, assume the
+// CSSM handle is valid. If not update, assume this is a different
+// object that has no related ACL entry (yet).
+//
+void ACL::setAccess(AclBearer &target, bool update,
+ const AccessCredentials *cred)
+{
+ // determine what action we need to perform
+ State action = state();
+ if (!update)
+ action = (action == deleted) ? unchanged : inserted;
+
+ // the owner acl (pseudo) "entry" is a special case
+ if (isOwner()) {
+ switch (action) {
+ case unchanged:
+ debug("SecAccess", "ACL %p owner unchanged", this);
+ return;
+ case inserted: // means modify the initial owner
+ case modified:
+ {
+ debug("SecAccess", "ACL %p owner modified", this);
+ makeSubject();
+ assert(mSubjectForm);
+ AclOwnerPrototype proto(*mSubjectForm, mDelegate);
+ target.changeOwner(proto, cred);
+ return;
+ }
+ default:
+ assert(false);
+ return;
+ }
+ }
+
+ // simple cases
+ switch (action) {
+ case unchanged: // ignore
+ debug("SecAccess", "ACL %p handle 0x%lx unchanged", this, entryHandle());
+ return;
+ case deleted: // delete
+ debug("SecAccess", "ACL %p handle 0x%lx deleted", this, entryHandle());
+ target.deleteAcl(entryHandle(), cred);
+ return;
+ default:
+ break;
+ }
+
+ // build the byzantine data structures that CSSM loves so much
+ makeSubject();
+ assert(mSubjectForm);
+ AclEntryPrototype proto(*mSubjectForm, mDelegate);
+ assert(mEntryTag.size() <= CSSM_MODULE_STRING_SIZE); // no kidding
+ strcpy(proto.tag(), mEntryTag.c_str());
+ AutoAuthorizationGroup tags(mAuthorizations, allocator);
+ proto.authorization() = tags;
+ AclEntryInput input(proto);
+ switch (action) {
+ case inserted: // insert
+ debug("SecAccess", "ACL %p inserted", this);
+ target.addAcl(input, cred);
+ break;
+ case modified: // update
+ debug("SecAccess", "ACL %p handle 0x%lx modified", this, entryHandle());
+ target.changeAcl(entryHandle(), input, cred);
+ break;
+ default:
+ assert(false);
+ }
+}
+
+
+//
+// Parse an AclEntryPrototype (presumably from a CSSM "Get" ACL operation
+// into internal form.
+//
+void ACL::parse(const TypedList &subject)
+{
+ try {
+ switch (subject.type()) {
+ case CSSM_ACL_SUBJECT_TYPE_ANY:
+ // subsume an "any" as a standard form
+ mForm = allowAllForm;
+ return;
+ case CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT:
+ // pure keychain prompt - interpret as applist form with no apps
+ parsePrompt(subject);
+ mForm = appListForm;
+ return;
+ case CSSM_ACL_SUBJECT_TYPE_THRESHOLD:
+ {
+ // app-list format: THRESHOLD(1, n): sign(1), ..., sign(n), PROMPT
+ if (subject[1] != 1)
+ throw ParseError();
+ uint32 count = subject[2];
+
+ // parse final (PROMPT) element
+ const TypedList &end = subject[count + 2]; // last choice
+ if (end.type() != CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT)
+ throw ParseError(); // not PROMPT at end
+ parsePrompt(end);
+
+ // check for leading ANY
+ const TypedList &first = subject[3];
+ if (first.type() == CSSM_ACL_SUBJECT_TYPE_ANY) {
+ mForm = allowAllForm;
+ return;
+ }
+
+ // parse other (SIGN) elements
+ for (uint32 n = 0; n < count - 1; n++)
+ mAppList.push_back(new TrustedApplication(subject[n + 3]));
+ }
+ mForm = appListForm;
+ return;
+ default:
+ mForm = customForm;
+ return;
+ }
+ } catch (const ParseError &) {
+ debug("SecAccess", "acl compile failed; marking custom");
+ mForm = customForm;
+ mAppList.clear();
+ }
+}
+
+void ACL::parsePrompt(const TypedList &subject)
+{
+ assert(subject.length() == 3);
+ mPromptSelector = *subject[1].data().interpretedAs<CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR>();
+ mPromptDescription = subject[2].toString();
+}
+
+
+//
+// Take this ACL and produce its meaning as a CSSM ACL subject in mSubjectForm
+//
+void ACL::makeSubject()
+{
+ // release previous value, if any
+ chunkFree(mSubjectForm, allocator);
+
+ switch (form()) {
+ case allowAllForm:
+ if (mPromptDescription.empty()) {
+ // no description -> pure ANY
+ mSubjectForm = new(allocator) TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY);
+ } else {
+ // have description -> threshold(1 of 2) of { ANY, PROMPT }
+ mSubjectForm = new(allocator) TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_THRESHOLD,
+ new(allocator) ListElement(1),
+ new(allocator) ListElement(2));
+ *mSubjectForm += new(allocator) ListElement(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY));
+ TypedList prompt(allocator, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT,
+ new(allocator) ListElement(allocator, CssmData::wrap(mPromptSelector)),
+ new(allocator) ListElement(allocator, mPromptDescription));
+ *mSubjectForm += new(allocator) ListElement(prompt);
+ }
+ return;
+ case appListForm: {
+ // threshold(1 of n+1) of { app1, ..., appn, PROMPT }
+ uint32 appCount = mAppList.size();
+ mSubjectForm = new(allocator) TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_THRESHOLD,
+ new(allocator) ListElement(1),
+ new(allocator) ListElement(appCount + 1));
+ for (uint32 n = 0; n < appCount; n++)
+ *mSubjectForm +=
+ new(allocator) ListElement(mAppList[n]->makeSubject(allocator));
+ TypedList prompt(allocator, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT,
+ new(allocator) ListElement(allocator, CssmData::wrap(mPromptSelector)),
+ new(allocator) ListElement(allocator, mPromptDescription));
+ *mSubjectForm += new(allocator) ListElement(prompt);
+ }
+ return;
+ case customForm:
+ assert(false); // @@@ not yet
+ default:
+ assert(false); // unexpected
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// ACL.h - ACL control wrappers
+//
+#ifndef _SECURITY_ACL_H_
+#define _SECURITY_ACL_H_
+
+#include <Security/SecRuntime.h>
+#include <Security/cssmaclpod.h>
+#include <Security/aclclient.h>
+#include <Security/cssmdata.h>
+#include <vector>
+
+namespace Security {
+namespace KeychainCore {
+
+using CssmClient::AclBearer;
+
+class Access;
+class TrustedApplication;
+
+
+//
+// An ACL Entry for an Access object
+//
+class ACL : public SecCFObject {
+ NOCOPY(ACL)
+public:
+ // create from CSSM layer ACL entry
+ ACL(Access &acc, const AclEntryInfo &info,
+ CssmAllocator &alloc = CssmAllocator::standard());
+ // create from CSSM layer owner prototype
+ ACL(Access &acc, const AclOwnerPrototype &owner,
+ CssmAllocator &alloc = CssmAllocator::standard());
+ // create an "any" ACL
+ ACL(Access &acc, CssmAllocator &alloc = CssmAllocator::standard());
+ // create from "standard form" arguments (with empty application list)
+ ACL(Access &acc, string description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector,
+ CssmAllocator &alloc = CssmAllocator::standard());
+ virtual ~ACL();
+
+ CssmAllocator &allocator;
+
+ enum State {
+ unchanged, // unchanged from source
+ inserted, // new
+ modified, // was changed (replace)
+ deleted // was deleted (now invalid)
+ };
+ State state() const { return mState; }
+
+ enum Form {
+ invalidForm, // invalid
+ customForm, // not a recognized format (but valid)
+ allowAllForm, // indiscriminate
+ appListForm // list of apps + prompt confirm
+ };
+ Form form() const { return mForm; }
+ void form(Form f) { mForm = f; }
+
+ Access &access; // we belong to this Access
+
+public:
+ AclAuthorizationSet &authorizations() { return mAuthorizations; }
+ bool authorizes(AclAuthorization right) const;
+ void setAuthorization(CSSM_ACL_AUTHORIZATION_TAG auth)
+ { mAuthorizations.clear(); mAuthorizations.insert(auth); }
+
+ typedef vector< RefPointer<TrustedApplication> > ApplicationList;
+ ApplicationList &applications()
+ { assert(form() == appListForm); return mAppList; }
+ void addApplication(TrustedApplication *app);
+
+ CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &promptSelector()
+ { assert(form() == appListForm); return mPromptSelector; }
+ string &promptDescription()
+ { assert(form() == appListForm); return mPromptDescription; }
+
+ CSSM_ACL_HANDLE entryHandle() const { return mCssmHandle; }
+
+ static const CSSM_ACL_HANDLE ownerHandle = 0xff0e2743; // pseudo-handle for owner ACL
+ bool isOwner() const { return mCssmHandle == ownerHandle; }
+ void makeOwner() { mCssmHandle = ownerHandle; }
+
+ void modify();
+ void remove();
+
+public:
+ void setAccess(AclBearer &target, bool update = false,
+ const AccessCredentials *cred = NULL);
+
+public:
+ struct ParseError { };
+
+public:
+ static const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR defaultSelector;
+
+private:
+ void parse(const TypedList &subject);
+ void parsePrompt(const TypedList &subject);
+ void makeSubject();
+ void clearSubjects(Form newForm);
+
+private:
+ State mState; // change state
+ Form mForm; // format type
+
+ // AclEntryPrototype fields (minus subject, which is virtually constructed)
+ CSSM_ACL_HANDLE mCssmHandle; // CSSM entry handle (for updates)
+ string mEntryTag; // CSSM entry tag (64 bytes or so, they say)
+ bool mDelegate; // CSSM delegate flag
+ AclAuthorizationSet mAuthorizations; // rights for this ACL entry
+
+ // composite AclEntryPrototype (constructed when needed)
+ TypedList *mSubjectForm;
+
+ // following values valid only if form() == appListForm
+ ApplicationList mAppList; // list of trusted applications
+ CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR mPromptSelector; // selector field of PROMPT subject
+ string mPromptDescription; // description field of PROMPT subject
+};
+
+
+} // end namespace KeychainCore
+} // end namespace Security
+
+#endif // !_SECURITY_ACL_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// Access.cpp
+//
+#include <Security/Access.h>
+#include <Security/SecBase.h>
+#include "SecBridge.h"
+#include <Security/devrandom.h>
+#include <Security/uniformrandom.h>
+#include <vector>
+
+using namespace KeychainCore;
+
+
+//
+// Create a default Access object.
+// This construct an Access with "default form", whatever that happens to be
+// in this release.
+//
+Access::Access(const string &descriptor, const ACL::ApplicationList &trusted)
+{
+ makeStandard(descriptor, trusted);
+}
+
+Access::Access(const string &descriptor)
+{
+ ACL::ApplicationList trusted;
+ trusted.push_back(new TrustedApplication);
+ makeStandard(descriptor, trusted);
+}
+
+void Access::makeStandard(const string &descriptor, const ACL::ApplicationList &trusted)
+{
+ // owner "entry"
+ RefPointer<ACL> owner = new ACL(*this, descriptor, ACL::defaultSelector);
+ owner->setAuthorization(CSSM_ACL_AUTHORIZATION_CHANGE_ACL);
+ addOwner(owner);
+
+ // encrypt entry
+ RefPointer<ACL> encrypt = new ACL(*this, descriptor, ACL::defaultSelector);
+ encrypt->setAuthorization(CSSM_ACL_AUTHORIZATION_ENCRYPT);
+ encrypt->form(ACL::allowAllForm);
+ add(encrypt);
+
+ // decrypt entry
+ RefPointer<ACL> decrypt = new ACL(*this, descriptor, ACL::defaultSelector);
+ decrypt->setAuthorization(CSSM_ACL_AUTHORIZATION_DECRYPT);
+ decrypt->applications() = trusted;
+ add(decrypt);
+}
+
+
+//
+// Create an Access object whose initial value is taken
+// from a CSSM ACL bearing object.
+//
+Access::Access(AclBearer &source)
+{
+ // retrieve and set
+ AutoAclOwnerPrototype owner;
+ source.getOwner(owner);
+ AutoAclEntryInfoList acls;
+ source.getAcl(acls);
+ compile(*owner, acls.count(), acls.entries());
+}
+
+
+//
+// Create an Access object from CSSM-layer access controls
+//
+Access::Access(const CSSM_ACL_OWNER_PROTOTYPE &owner,
+ uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls)
+{
+ compile(owner, aclCount, acls);
+}
+
+
+Access::~Access()
+{
+}
+
+
+//
+// Return all ACL components in a newly-made CFArray.
+//
+CFArrayRef Access::copySecACLs() const
+{
+ return makeCFArray(gTypes().acl, mAcls);
+}
+
+CFArrayRef Access::copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const
+{
+ list<ACL *> choices;
+ for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++)
+ if (it->second->authorizations().find(action) != it->second->authorizations().end())
+ choices.push_back(it->second);
+ return choices.empty() ? NULL : makeCFArray(gTypes().acl, choices);
+}
+
+
+//
+// Enter the complete access configuration into a AclBearer.
+// If update, skip any part marked unchanged. (If not update, skip
+// any part marked deleted.)
+//
+void Access::setAccess(AclBearer &target, bool update = false)
+{
+ AclFactory factory;
+ editAccess(target, update, factory.promptCred());
+}
+
+void Access::setAccess(AclBearer &target, Maker &maker)
+{
+ // remove initial-setup ACL
+ target.deleteAcl(Maker::creationEntryTag, maker.cred());
+
+ // insert our own ACL entries
+ editAccess(target, false, maker.cred());
+}
+
+void Access::editAccess(AclBearer &target, bool update, const AccessCredentials *cred)
+{
+ assert(mAcls[ownerHandle]); // have owner
+
+ // apply all non-owner ACLs first
+ for (Map::iterator it = mAcls.begin(); it != mAcls.end(); it++)
+ if (!it->second->isOwner())
+ it->second->setAccess(target, update, cred);
+
+ // finally, apply owner
+ mAcls[ownerHandle]->setAccess(target, update, cred);
+}
+
+
+//
+// A convenience function to add one application to a standard ("simple") form
+// ACL entry. This will only work if
+// -- there is exactly one ACL entry authorizing the right
+// -- that entry is in simple form
+//
+void Access::addApplicationToRight(AclAuthorization right, TrustedApplication *app)
+{
+ vector<ACL *> acls;
+ findAclsForRight(right, acls);
+ if (acls.size() != 1)
+ MacOSError::throwMe(errSecACLNotSimple); // let's not guess here...
+ (*acls.begin())->addApplication(app);
+}
+
+
+//
+// Add a new ACL to the resident set. The ACL must have been
+// newly made for this Access.
+//
+void Access::add(ACL *newAcl)
+{
+ if (&newAcl->access != this)
+ MacOSError::throwMe(paramErr);
+ assert(!mAcls[newAcl->entryHandle()]);
+ mAcls[newAcl->entryHandle()] = newAcl;
+}
+
+
+//
+// Add the owner ACL to the resident set. The ACL must have been
+// newly made for this Access.
+// Since an Access must have exactly one owner ACL, this call
+// should only be made (exactly once) for a newly created Access.
+//
+void Access::addOwner(ACL *newAcl)
+{
+ newAcl->makeOwner();
+ assert(mAcls.find(ownerHandle) == mAcls.end()); // no owner yet
+ add(newAcl);
+}
+
+
+//
+// Compile a set of ACL entries and owner into internal form.
+//
+void Access::compile(const CSSM_ACL_OWNER_PROTOTYPE &owner,
+ uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls)
+{
+ // add owner acl
+ mAcls[ownerHandle] = new ACL(*this, AclOwnerPrototype::overlay(owner));
+
+ // add acl entries
+ const AclEntryInfo *acl = AclEntryInfo::overlay(acls);
+ for (uint32 n = 0; n < aclCount; n++) {
+ debug("SecAccess", "%p compiling entry %ld", this, acl[n].handle());
+ mAcls[acl[n].handle()] = new ACL(*this, acl[n]);
+ }
+ debug("SecAccess", "%p %ld entries compiled", this, mAcls.size());
+}
+
+
+//
+// Creation helper objects
+//
+const char Access::Maker::creationEntryTag[] = "___setup___";
+
+Access::Maker::Maker(CssmAllocator &alloc)
+ : allocator(alloc), mKey(alloc), mCreds(allocator)
+{
+ // generate random key
+ mKey.malloc(keySize);
+ UniformRandomBlobs<DevRandomGenerator>().random(mKey.get());
+
+ // create entry info for resource creation
+ mInput = AclEntryPrototype(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_PASSWORD,
+ new(allocator) ListElement(mKey.get())));
+ mInput.proto().tag(creationEntryTag);
+
+ // create credential sample for access
+ mCreds += TypedList(allocator, CSSM_SAMPLE_TYPE_PASSWORD, new(allocator) ListElement(mKey.get()));
+}
+
+void Access::Maker::initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds)
+{
+ //@@@ make up ctx.entry-info
+ ctx.input() = mInput;
+ ctx.credentials(creds);
+}
+
+const AccessCredentials *Access::Maker::cred()
+{
+ return &mCreds;
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// Access.h - Access control wrappers
+//
+#ifndef _SECURITY_ACCESS_H_
+#define _SECURITY_ACCESS_H_
+
+#include <Security/SecRuntime.h>
+#include <Security/ACL.h>
+#include <Security/trackingallocator.h>
+#include <Security/cssmaclpod.h>
+#include <Security/cssmacl.h>
+#include <Security/aclclient.h>
+#include <Security/TrustedApplication.h>
+#include <map>
+
+namespace Security {
+namespace KeychainCore {
+
+using CssmClient::AclBearer;
+
+
+class Access : public SecCFObject {
+ NOCOPY(Access)
+public:
+ class Maker {
+ NOCOPY(Maker)
+ static const size_t keySize = 16; // number of (random) bytes
+ friend class Access;
+ public:
+ Maker(CssmAllocator &alloc = CssmAllocator::standard());
+
+ void initialOwner(ResourceControlContext &ctx, const AccessCredentials *creds = NULL);
+ const AccessCredentials *cred();
+
+ TrackingAllocator allocator;
+
+ static const char creationEntryTag[];
+
+ private:
+ CssmAutoData mKey;
+ AclEntryInput mInput;
+ AutoCredentials mCreds;
+ };
+
+public:
+ Access(const string &description);
+ Access(const string &description, const ACL::ApplicationList &trusted);
+ Access(AclBearer &source);
+ Access(const CSSM_ACL_OWNER_PROTOTYPE &owner,
+ uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
+ virtual ~Access();
+
+public:
+ CFArrayRef copySecACLs() const;
+ CFArrayRef copySecACLs(CSSM_ACL_AUTHORIZATION_TAG action) const;
+
+ void add(ACL *newAcl);
+ void addOwner(ACL *newOwnerAcl);
+
+ void setAccess(AclBearer &target, bool update = false);
+ void setAccess(AclBearer &target, Maker &maker);
+
+ template <class Container>
+ void findAclsForRight(AclAuthorization right, Container &cont)
+ {
+ cont.clear();
+ for (Map::const_iterator it = mAcls.begin(); it != mAcls.end(); it++)
+ if (it->second->authorizes(right))
+ cont.push_back(it->second);
+ }
+
+ void addApplicationToRight(AclAuthorization right, TrustedApplication *app);
+
+protected:
+ void makeStandard(const string &description, const ACL::ApplicationList &trusted);
+ void compile(const CSSM_ACL_OWNER_PROTOTYPE &owner,
+ uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls);
+
+ void editAccess(AclBearer &target, bool update, const AccessCredentials *cred);
+
+private:
+ static const CSSM_ACL_HANDLE ownerHandle = ACL::ownerHandle;
+ typedef map<CSSM_ACL_HANDLE, RefPointer<ACL> > Map;
+
+ Map mAcls; // set of ACL entries
+};
+
+
+} // end namespace KeychainCore
+} // end namespace Security
+
+#endif // !_SECURITY_ACCESS_H_
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
Contains: Code that communicates with processes that install a callback
with the Keychain Manager to receive keychain events.
- Written by: Sari Harrison, Craig Mortensen
-
- Copyright: © 1998-2000 by Apple Computer, Inc., all rights reserved.
-
- Change History (most recent first):
-
- To Do:
*/
#include "CCallbackMgr.h"
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include "Globals.h"
#include <Security/DLDBListCFPref.h>
+#include <Security/SecCFTypes.h>
-//using namespace std;
using namespace KeychainCore;
using namespace CssmClient;
-static const UInt32 kTicksBetweenIdleEvents = 5L;
-
#pragma mark ÑÑÑÑ CallbackInfo ÑÑÑÑ
CallbackInfo::CallbackInfo() : mCallback(NULL),mEventMask(0),mContext(NULL)
{
}
-CallbackInfo::CallbackInfo(SecKeychainCallbackProcPtr inCallbackFunction,SecKeychainEventMask inEventMask,void *inContext)
- : mCallback(inCallbackFunction),mEventMask(inEventMask),mContext(inContext)
+CallbackInfo::CallbackInfo(SecKeychainCallback inCallbackFunction,
+ SecKeychainEventMask inEventMask, void *inContext)
+ : mCallback(inCallbackFunction), mEventMask(inEventMask), mContext(inContext)
{
}
CCallbackMgr::CCallbackMgr() :
// register for receiving Keychain events via CF
- Observer( kSecEventNotificationName, NULL, CFNotificationSuspensionBehaviorDeliverImmediately )
+ Observer(kSecEventNotificationName, NULL, CFNotificationSuspensionBehaviorDeliverImmediately)
{
}
return *mCCallbackMgr;
}
-void CCallbackMgr::AddCallback( SecKeychainCallbackProcPtr inCallbackFunction,
+void CCallbackMgr::AddCallback( SecKeychainCallback inCallbackFunction,
SecKeychainEventMask inEventMask,
void* inContext)
CCallbackMgr::Instance().mEventCallbacks.push_back(info);
}
-#if 0
-void CCallbackMgr::AddCallbackUPP(KCCallbackUPP inCallbackFunction,
- KCEventMask inEventMask,
- void* inContext)
-{
- CallbackInfo info( reinterpret_cast<SecKeychainCallbackProcPtr>(inCallbackFunction), inEventMask, inContext );
- CallbackInfo existingInfo;
-
-#if TARGET_API_MAC_OS8
- OSErr err = noErr;
- err = ::GetCurrentProcess( &info.mProcessID );
- KCThrowIf_( err );
-#endif
-
- CallbackInfoListIterator ix = find( CCallbackMgr::Instance().mEventCallbacks.begin(),
- CCallbackMgr::Instance().mEventCallbacks.end(), info );
-
- // make sure it is not already there
- if ( ix!=CCallbackMgr::Instance().mEventCallbacks.end() )
- {
- // It's already there. This could mean that the old process died unexpectedly,
- // so we need to validate the process ID of the existing callback.
-#if TARGET_API_MAC_OS8
- if (ValidProcess(ix->mProcessID)) // existing callback is OK, so don't add this one.
- MacOSError::throwMe(errKCDuplicateCallback);
-
- // Process is gone, so remove the old entry
- CCallbackMgr::Instance().mEventCallbacks.erase(ix);
-#else
- // On Mac OS X this list is per process so this is always a duplicate
- MacOSError::throwMe(errKCDuplicateCallback);
-#endif
- }
-
- CCallbackMgr::Instance().mEventCallbacks.push_back(info);
-}
-#endif
-
class Predicate
{
- SecKeychainCallbackProcPtr mCallbackFunction;
+ SecKeychainCallback mCallbackFunction;
public:
- Predicate(SecKeychainCallbackProcPtr inCallbackFunction) : mCallbackFunction(inCallbackFunction) {}
+ Predicate(SecKeychainCallback inCallbackFunction) : mCallbackFunction(inCallbackFunction) {}
bool operator()(const CallbackInfo &cbInfo) { return cbInfo.mCallback == mCallbackFunction; }
};
-void CCallbackMgr::RemoveCallback(SecKeychainCallbackProcPtr inCallbackFunction)
+void CCallbackMgr::RemoveCallback(SecKeychainCallback inCallbackFunction)
{
size_t oldSize = CCallbackMgr::Instance().mEventCallbacks.size();
Predicate predicate(inCallbackFunction);
MacOSError::throwMe(errSecInvalidCallback);
}
-#if 0
-void CCallbackMgr::RemoveCallbackUPP(KCCallbackUPP inCallbackFunction)
-{
- size_t oldSize = CCallbackMgr::Instance().mEventCallbacks.size();
- Predicate predicate(reinterpret_cast<SecKeychainCallbackProcPtr>(inCallbackFunction));
- CCallbackMgr::Instance().mEventCallbacks.remove_if(predicate);
-
- if (oldSize == CCallbackMgr::Instance().mEventCallbacks.size())
- MacOSError::throwMe(errKCInvalidCallback);
-}
-#endif
-
-bool CCallbackMgr::ThisProcessUsesSystemEvtCallback()
-{
- const SecKeychainEventMask theMask = 1 << kSecSystemEvent;
-
-
- for ( CallbackInfoListIterator ix = CCallbackMgr::Instance().mEventCallbacks.begin();
- ix!=CCallbackMgr::Instance().mEventCallbacks.end(); ++ix )
- {
- if ( ix->mEventMask & theMask)
- return true;
- }
- return false;
-}
-
-//%%% jch move this function to SecurityHI
-bool CCallbackMgr::ThisProcessCanDisplayUI()
-{
- return true;
-}
-
-#if 0
-void CCallbackMgr::Idle()
-{
- static unsigned long lastTickCount = 0;
- unsigned long tickCount = ::TickCount( );
-
- if (tickCount > lastTickCount+kTicksBetweenIdleEvents)
- {
- lastTickCount = tickCount;
- }
-}
-#endif
-
-void CCallbackMgr::AlertClients(SecKeychainEvent inEvent, bool inOKToAllocateMemory)
-{
- AlertClients(inEvent, Keychain(), Item(), inOKToAllocateMemory);
-}
-
void CCallbackMgr::AlertClients(SecKeychainEvent inEvent,
+ pid_t inPid,
const Keychain &inKeychain,
- const Item &inItem,
- bool inOKToAllocateMemory)
+ const Item &inItem)
{
// Deal with events that we care about ourselves first.
if (inEvent == kSecDefaultChangedEvent)
SecKeychainCallbackInfo cbInfo;
cbInfo.version = 0; // @@@ kKeychainAPIVersion;
- cbInfo.item = inItem ? ItemRef::handle(inItem) : 0;
- cbInfo.keychain = inKeychain ? KeychainRef::handle(inKeychain) : 0;
-
-#if 0
- //%%%cpm- need to change keychaincore.i so we don't to the reinterpret_cast
- // we need a carbon-version of the callbackmgr to register for events
- // and call the "C" real callback mgr (use the ix->mCallback when this is ready)
-
- // until then, we rely on CarbonCore for the UPP stuff
- InvokeKCCallbackUPP(inEvent,reinterpret_cast<KCCallbackInfo*>(&cbInfo),ix->mContext,
- reinterpret_cast<KCCallbackUPP>(ix->mCallback));
-#else
- ix->mCallback(inEvent,&cbInfo,ix->mContext);
-#endif
+ cbInfo.item = inItem ? gTypes().item.handle(*inItem) : 0;
+ cbInfo.keychain = inKeychain ? gTypes().keychain.handle(*inKeychain) : 0;
+ cbInfo.pid = inPid;
+
+ ix->mCallback(inEvent, &cbInfo, ix->mContext);
}
}
thisEvent = sint32( event );
+ CFNumberRef pid = reinterpret_cast<CFNumberRef>
+ (CFDictionaryGetValue(userInfo, kSecEventPidKey));
+ pid_t thisPid;
+ if (!pid || !CFNumberGetValue(pid, kCFNumberSInt32Type, &thisPid))
+ {
+ thisPid = 0;
+ }
+
CFDictionaryRef kc = reinterpret_cast<CFDictionaryRef>
(CFDictionaryGetValue(userInfo, kSecEventKeychainKey));
Keychain thisKeychain;
}
// Notify our process of this event.
- CCallbackMgr::AlertClients(thisEvent, thisKeychain, thisItem);
+ CCallbackMgr::AlertClients(thisEvent, thisPid, thisKeychain, thisItem);
}
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 1998-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
/*
- File: CCallbackMgr.h
-
- Contains: Code that communicates with processes that install a callback
- with the Keychain Manager to receive keychain events.
-
- Written by: Sari Harrison, Craig Mortensen
-
- Copyright: © 1998-2000 by Apple Computer, Inc., all rights reserved.
-
- Change History (most recent first):
-
- To Do:
-*/
-
-#ifndef __CCALLBACKMGR__
-#define __CCALLBACKMGR__
+ * CCallbackMgr.h -- Code that communicates with processes that install a callback
+ * with the Keychain Manager to receive keychain events.
+ */
+#ifndef _SECURITY_CCALLBACKMGR_H_
+#define _SECURITY_CCALLBACKMGR_H_
-#include <Security/SecKeychainAPI.h>
#include <Security/KCEventObserver.h>
#include <Security/KCEventNotifier.h>
#include <Security/Keychains.h>
public:
~CallbackInfo();
CallbackInfo();
- CallbackInfo(SecKeychainCallbackProcPtr inCallbackFunction,SecKeychainEventMask inEventMask,void *inContext);
+ CallbackInfo(SecKeychainCallback inCallbackFunction,SecKeychainEventMask inEventMask,void *inContext);
bool operator ==(const CallbackInfo& other) const;
bool operator !=(const CallbackInfo& other) const;
- SecKeychainCallbackProcPtr mCallback;
- SecKeychainEventMask mEventMask;
- void *mContext;
+ SecKeychainCallback mCallback;
+ SecKeychainEventMask mEventMask;
+ void *mContext;
};
// typedefs
typedef list<CallbackInfo>::iterator CallbackInfoListIterator;
typedef list<CallbackInfo>::const_iterator ConstCallbackInfoListIterator;
-#ifdef _CPP_CCALLBACKMGR
-# pragma export on
-#endif
-
class CCallbackMgr : Observer
{
static CCallbackMgr& Instance();
- static void AddCallback( SecKeychainCallbackProcPtr inCallbackFunction, SecKeychainEventMask inEventMask, void* inContext);
+ static void AddCallback( SecKeychainCallback inCallbackFunction, SecKeychainEventMask inEventMask, void* inContext);
//static void AddCallbackUPP(KCCallbackUPP inCallbackFunction, KCEventMask inEventMask, void* inContext);
- static void RemoveCallback( SecKeychainCallbackProcPtr inCallbackFunction );
+ static void RemoveCallback( SecKeychainCallback inCallbackFunction );
//static void RemoveCallbackUPP(KCCallbackUPP inCallbackFunction);
- static bool HasCallbacks() { return CCallbackMgr::Instance().mEventCallbacks.size() > 0; };
- static bool ThisProcessUsesSystemEvtCallback();
- static bool ThisProcessCanDisplayUI();
+ static bool HasCallbacks()
+ { return CCallbackMgr::Instance().mEventCallbacks.size() > 0; };
- static void AlertClients( SecKeychainEvent inEvent, bool inOKToAllocateMemory);
-#if 0
- static void Idle();
-#endif
-
private:
virtual void Event ( CFNotificationCenterRef center,
const void* object,
CFDictionaryRef userInfo );
- static void AlertClients( SecKeychainEvent inEvent, const Keychain& inKeychain,
- const Item &inItem, bool inOKToAllocateMemory = true);
+ static void AlertClients( SecKeychainEvent inEvent, pid_t inPid,
+ const Keychain& inKeychain, const Item &inItem);
list<CallbackInfo> mEventCallbacks;
static CCallbackMgr* mCCallbackMgr;
} // end namespace Security
-#endif // __CCALLBACKMGR__
+#endif // !_SECURITY_CCALLBACKMGR_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// Certificate.cpp
+//
+#include <Security/Certificate.h>
+#include <Security/Schema.h>
+#include <Security/oidscert.h>
+#include <Security/SecCertificate.h>
+#include <Security/cspclient.h>
+
+using namespace KeychainCore;
+
+CL
+Certificate::clForType(CSSM_CERT_TYPE type)
+{
+ return CL(gGuidAppleX509CL);
+}
+
+Certificate::Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding) :
+ ItemImpl(CSSM_DL_DB_RECORD_X509_CERTIFICATE, reinterpret_cast<SecKeychainAttributeList *>(NULL), UInt32(data.Length), reinterpret_cast<const void *>(data.Data)),
+ mHaveTypeAndEncoding(true),
+ mType(type),
+ mEncoding(encoding),
+ mCL(clForType(type)),
+ mCertHandle(0)
+{
+}
+
+// db item contstructor
+Certificate::Certificate(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId) :
+ ItemImpl(keychain, primaryKey, uniqueId),
+ mHaveTypeAndEncoding(false),
+ mCL(NULL),
+ mCertHandle(0)
+{
+}
+
+// PrimaryKey item contstructor
+Certificate::Certificate(const Keychain &keychain, const PrimaryKey &primaryKey) :
+ ItemImpl(keychain, primaryKey),
+ mHaveTypeAndEncoding(false),
+ mCL(NULL),
+ mCertHandle(0)
+{
+ // @@@ In this case we don't know the type...
+}
+
+Certificate::Certificate(Certificate &certificate) :
+ ItemImpl(certificate),
+ mHaveTypeAndEncoding(certificate.mHaveTypeAndEncoding),
+ mType(certificate.mType),
+ mEncoding(certificate.mEncoding),
+ mCL(certificate.mCL),
+ mCertHandle(0)
+{
+}
+
+Certificate::~Certificate()
+{
+ if (mCertHandle)
+ CSSM_CL_CertAbortCache(mCL->handle(), mCertHandle);
+}
+
+CSSM_HANDLE
+Certificate::certHandle()
+{
+ const CSSM_DATA *cert = &data();
+ if (!mCertHandle)
+ {
+ if (CSSM_RETURN retval = CSSM_CL_CertCache(mCL->handle(), cert, &mCertHandle))
+ CssmError::throwMe(retval);
+ }
+
+ return mCertHandle;
+}
+
+/* Return a zero terminated list of CSSM_DATA_PTR's with the values of the field specified by field. Caller must call releaseFieldValues to free the storage allocated by this call. */
+CSSM_DATA_PTR *
+Certificate::copyFieldValues(const CSSM_OID &field)
+{
+ CSSM_CL_HANDLE clHandle = mCL->handle();
+ CSSM_DATA_PTR fieldValue, *fieldValues;
+ CSSM_HANDLE resultsHandle = 0;
+ uint32 numberOfFields = 0;
+ CSSM_RETURN result;
+
+ result = CSSM_CL_CertGetFirstCachedFieldValue(clHandle, certHandle(), &field, &resultsHandle, &numberOfFields, &fieldValue);
+ if (result)
+ {
+ if (result == CSSMERR_CL_NO_FIELD_VALUES)
+ return NULL;
+
+ CssmError::throwMe(result);
+ }
+
+ fieldValues = new CSSM_DATA_PTR[numberOfFields + 1];
+ fieldValues[0] = fieldValue;
+ fieldValues[numberOfFields] = NULL;
+
+ for (uint32 value = 1; value < numberOfFields; ++value)
+ {
+ CSSM_RETURN cresult = CSSM_CL_CertGetNextCachedFieldValue(clHandle, resultsHandle, &fieldValues[value]);
+ if (cresult)
+ {
+ fieldValues[value] = NULL;
+ result = cresult;
+ break; // No point in continuing really.
+ }
+ }
+
+ if (result)
+ {
+ releaseFieldValues(field, fieldValues);
+ CssmError::throwMe(result);
+ }
+
+ return fieldValues;
+}
+
+void
+Certificate::releaseFieldValues(const CSSM_OID &field, CSSM_DATA_PTR *fieldValues)
+{
+ if (fieldValues)
+ {
+ CSSM_CL_HANDLE clHandle = mCL->handle();
+
+ for (int ix = 0; fieldValues[ix]; ++ix)
+ CSSM_CL_FreeFieldValue(clHandle, &field, fieldValues[ix]);
+
+ delete[] fieldValues;
+ }
+}
+
+void
+Certificate::addParsedAttribute(const CSSM_DB_ATTRIBUTE_INFO &info, const CSSM_OID &field)
+{
+ CSSM_DATA_PTR *fieldValues = copyFieldValues(field);
+ if (fieldValues)
+ {
+ CssmDbAttributeData &anAttr = mDbAttributes->add(info);
+ for (int ix = 0; fieldValues[ix]; ++ix)
+ anAttr.add(*fieldValues[ix], *mDbAttributes);
+
+ releaseFieldValues(field, fieldValues);
+ }
+}
+
+/* Return a CSSM_DATA_PTR with the value of the first field specified by field. Caller must call releaseFieldValue to free the storage allocated by this call. */
+CSSM_DATA_PTR
+Certificate::copyFirstFieldValue(const CSSM_OID &field)
+{
+ CSSM_CL_HANDLE clHandle = mCL->handle();
+ CSSM_DATA_PTR fieldValue;
+ CSSM_HANDLE resultsHandle = 0;
+ uint32 numberOfFields = 0;
+ CSSM_RETURN result;
+
+ result = CSSM_CL_CertGetFirstCachedFieldValue(clHandle, certHandle(), &field, &resultsHandle, &numberOfFields, &fieldValue);
+ if (result)
+ {
+ if (result == CSSMERR_CL_NO_FIELD_VALUES)
+ return NULL;
+
+ CssmError::throwMe(result);
+ }
+
+ result = CSSM_CL_CertAbortQuery(clHandle, resultsHandle);
+
+ if (result)
+ {
+ releaseFieldValue(field, fieldValue);
+ CssmError::throwMe(result);
+ }
+
+ return fieldValue;
+}
+
+void
+Certificate::releaseFieldValue(const CSSM_OID &field, CSSM_DATA_PTR fieldValue)
+{
+ if (fieldValue)
+ {
+ CSSM_CL_HANDLE clHandle = mCL->handle();
+ CSSM_CL_FreeFieldValue(clHandle, &field, fieldValue);
+ }
+}
+
+
+
+/*
+ This method computes the keyIdentifier for the public key in the cert as
+ described below:
+
+ The keyIdentifier is composed of the 160-bit SHA-1 hash of the
+ value of the BIT STRING subjectPublicKey (excluding the tag,
+ length, and number of unused bits).
+*/
+void
+Certificate::publicKeyHash(CssmData &digestData)
+{
+#if 0
+ CSSM_DATA_PTR *keysPtr = copyFieldValues(CSSMOID_X509V1SubjectPublicKey);
+
+ if (keysPtr && keysPtr[0])
+ {
+ CssmData &key = CssmData::overlay(*keysPtr[0]);
+ CssmClient::CSP csp(gGuidAppleCSP);
+ CssmClient::Digest digest(csp, CSSM_ALGID_SHA1);
+ digest.digest(key, digestData);
+ }
+
+ releaseFieldValues(CSSMOID_X509V1SubjectPublicKey, keysPtr);
+#else
+ CSSM_DATA_PTR keyPtr = copyFirstFieldValue(CSSMOID_CSSMKeyStruct);
+ if (keyPtr && keyPtr->Data)
+ {
+ CssmClient::CSP csp(gGuidAppleCSP);
+ CssmClient::PassThrough passThrough(csp);
+ CSSM_KEY *key = reinterpret_cast<CSSM_KEY *>(keyPtr->Data);
+ void *outData;
+ CssmData *cssmData;
+
+ /* Given a CSSM_KEY_PTR in any format, obtain the SSHA-1 hash of the
+ * associated key blob.
+ * Key is specified in CSSM_CSP_CreatePassThroughContext.
+ * Hash is allocated bythe CSP, in the App's memory, and returned
+ * in *outData. */
+ passThrough.key(key);
+ passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData);
+ cssmData = reinterpret_cast<CssmData *>(outData);
+ assert(cssmData->Length <= digestData.Length);
+ digestData.Length = cssmData->Length;
+ memcpy(digestData.Data, cssmData->Data, cssmData->Length);
+ csp.allocator().free(cssmData->Data);
+ csp.allocator().free(cssmData);
+ }
+
+ releaseFieldValue(CSSMOID_CSSMKeyStruct, keyPtr);
+#endif
+}
+
+void
+Certificate::addLabel()
+{
+ // Set label attribute for this certificate, based on the X509 subject name.
+ const CSSM_OID &fieldOid = CSSMOID_X509V1SubjectNameCStruct;
+ CSSM_DATA_PTR fieldValue = copyFirstFieldValue(fieldOid);
+ if (fieldValue && fieldValue->Data)
+ {
+ CSSM_X509_NAME_PTR x509Name = (CSSM_X509_NAME_PTR)fieldValue->Data;
+ CSSM_X509_TYPE_VALUE_PAIR *ptvp=0;
+ CSSM_X509_RDN_PTR rdnp;
+ unsigned int rdnDex, pairDex;
+
+ // iterate through all RDN pairs; ptvp points to last entry when done
+ if (x509Name->numberOfRDNs) {
+ rdnp = &x509Name->RelativeDistinguishedName[x509Name->numberOfRDNs-1];
+ if (rdnp->numberOfPairs)
+ ptvp = &rdnp->AttributeTypeAndValue[rdnp->numberOfPairs-1];
+ }
+ if (ptvp)
+ {
+ CSSM_BER_TAG btag = ptvp->valueType;
+ if (btag==BER_TAG_PRINTABLE_STRING || btag==BER_TAG_IA5_STRING ||
+ btag==BER_TAG_T61_STRING || btag==BER_TAG_PKIX_UTF8_STRING)
+ {
+ mDbAttributes->add(Schema::attributeInfo(kSecLabelItemAttr), ptvp->value);
+ }
+ }
+ releaseFieldValue(fieldOid, fieldValue);
+ }
+}
+
+void
+Certificate::populateAttributes()
+{
+ addParsedAttribute(Schema::attributeInfo(kSecSubjectItemAttr), CSSMOID_X509V1SubjectName);
+ addParsedAttribute(Schema::attributeInfo(kSecIssuerItemAttr), CSSMOID_X509V1IssuerName);
+ addParsedAttribute(Schema::attributeInfo(kSecSerialNumberItemAttr), CSSMOID_X509V1SerialNumber);
+
+ addParsedAttribute(Schema::attributeInfo(kSecSubjectKeyIdentifierItemAttr), CSSMOID_SubjectKeyIdentifier);
+
+ if(!mHaveTypeAndEncoding)
+ MacOSError::throwMe(errSecDataNotAvailable); // @@@ Or some other error.
+
+ // Adjust mType based on the actual version of the cert.
+ CSSM_DATA_PTR versionPtr = copyFirstFieldValue(CSSMOID_X509V1Version);
+ if (versionPtr && versionPtr->Data && versionPtr->Length == sizeof(uint32))
+ {
+ mType = CSSM_CERT_X_509v1 + (*reinterpret_cast<uint32 *>(versionPtr->Data));
+ }
+ else
+ mType = CSSM_CERT_X_509v1;
+
+ releaseFieldValue(CSSMOID_X509V1Version, versionPtr);
+
+ mDbAttributes->add(Schema::attributeInfo(kSecCertTypeItemAttr), mType);
+ mDbAttributes->add(Schema::attributeInfo(kSecCertEncodingItemAttr), mEncoding);
+
+ uint8 digestBytes[20];
+ CssmData digestData(digestBytes, 20);
+ publicKeyHash(digestData);
+
+ mDbAttributes->add(Schema::attributeInfo(kSecPublicKeyHashItemAttr), digestData);
+ addLabel();
+}
+
+const CssmData &
+Certificate::data()
+{
+ CssmDataContainer *data = mData.get();
+ if (!data && mKeychain)
+ {
+ // Make sure mUniqueId is set.
+ dbUniqueRecord();
+ data = new CssmDataContainer();
+ mData.reset(data);
+ mUniqueId->get(NULL, data);
+ }
+
+ // If the data hasn't been set we can't return it.
+ if (!data)
+ MacOSError::throwMe(errSecDataNotAvailable);
+
+ return *data;
+}
+
+CSSM_CERT_TYPE
+Certificate::type()
+{
+ if (!mHaveTypeAndEncoding)
+ {
+ SecKeychainAttribute attr;
+ attr.tag = kSecCertTypeItemAttr;
+ attr.data = &mType;
+ attr.length = sizeof(mType);
+ getAttribute(attr, NULL);
+ }
+
+ return mType;
+}
+
+CSSM_CERT_ENCODING
+Certificate::encoding()
+{
+ if (!mHaveTypeAndEncoding)
+ {
+ SecKeychainAttribute attr;
+ attr.tag = kSecCertEncodingItemAttr;
+ attr.data = &mEncoding;
+ attr.length = sizeof(mEncoding);
+ getAttribute(attr, NULL);
+ }
+
+ return mEncoding;
+}
+
+void
+Certificate::getSubject(CSSM_X509_NAME &outSubject)
+{
+}
+
+void
+Certificate::getIssuer(CSSM_X509_NAME &outName)
+{
+}
+
+CSSM_CL_HANDLE
+Certificate::clHandle()
+{
+ if (!mCL)
+ mCL = clForType(type());
+
+ return mCL->handle();
+}
+
+bool
+Certificate::operator < (Certificate &other)
+{
+ return data() < other.data();
+}
+
+bool
+Certificate::operator == (Certificate &other)
+{
+ return data() == other.data();
+}
+
+void
+Certificate::update()
+{
+ ItemImpl::update();
+}
+
+Item
+Certificate::copyTo(const Keychain &keychain)
+{
+ return ItemImpl::copyTo(keychain);
+}
+
+void
+Certificate::didModify()
+{
+}
+
+PrimaryKey
+Certificate::add(Keychain &keychain)
+{
+ // If we already have a Keychain we can't be added.
+ if (mKeychain)
+ MacOSError::throwMe(errSecDuplicateItem);
+
+ populateAttributes();
+
+ CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType();
+
+ Db db(keychain->database());
+ // add the item to the (regular) db
+ try
+ {
+ mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
+ }
+ catch (const CssmError &e)
+ {
+ if (e.cssmError() != CSSMERR_DL_INVALID_RECORDTYPE)
+ throw;
+
+ // Create the cert relation and try again.
+ db->createRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE, "CSSM_DL_DB_RECORD_X509_CERTIFICATE",
+ Schema::X509CertificateSchemaAttributeCount,
+ Schema::X509CertificateSchemaAttributeList,
+ Schema::X509CertificateSchemaIndexCount,
+ Schema::X509CertificateSchemaIndexList);
+
+ mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
+ }
+
+ mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId);
+ mKeychain = keychain;
+
+ return mPrimaryKey;
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// Certificate.h - Certificate objects
+//
+#ifndef _SECURITY_CERTIFICATE_H_
+#define _SECURITY_CERTIFICATE_H_
+
+#include <Security/Item.h>
+
+// @@@ This should not be here.
+#include <Security/SecBase.h>
+#include <Security/clclient.h>
+namespace Security
+{
+
+namespace KeychainCore
+{
+
+class Certificate : public ItemImpl
+{
+ NOCOPY(Certificate)
+public:
+ static CL clForType(CSSM_CERT_TYPE type);
+
+ // new item constructor
+ Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding);
+
+ // db item contstructor
+ Certificate(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
+
+ // PrimaryKey item contstructor
+ Certificate(const Keychain &keychain, const PrimaryKey &primaryKey);
+
+ Certificate(Certificate &certificate);
+ virtual ~Certificate();
+
+ virtual void update();
+ virtual Item copyTo(const Keychain &keychain);
+ virtual void didModify(); // Forget any attributes and data we just wrote to the db
+
+ const CssmData &data();
+ CSSM_CERT_TYPE type();
+ CSSM_CERT_ENCODING encoding();
+ void getSubject(CSSM_X509_NAME &outSubject);
+ void getIssuer(CSSM_X509_NAME &outName);
+ CSSM_CL_HANDLE clHandle();
+
+ bool operator < (Certificate &other);
+ bool operator == (Certificate &other);
+
+protected:
+ virtual PrimaryKey add(Keychain &keychain);
+ CSSM_HANDLE certHandle();
+
+ CSSM_DATA_PTR *copyFieldValues(const CSSM_OID &field);
+ void releaseFieldValues(const CSSM_OID &field, CSSM_DATA_PTR *fieldValues);
+
+ void addParsedAttribute(const CSSM_DB_ATTRIBUTE_INFO &info, const CSSM_OID &field);
+
+ CSSM_DATA_PTR copyFirstFieldValue(const CSSM_OID &field);
+ void releaseFieldValue(const CSSM_OID &field, CSSM_DATA_PTR fieldValue);
+
+ void publicKeyHash(CssmData &digestData);
+ void addLabel();
+ void populateAttributes();
+
+private:
+ bool mHaveTypeAndEncoding;
+ CSSM_CERT_TYPE mType;
+ CSSM_CERT_ENCODING mEncoding;
+ CssmClient::CL mCL;
+ CSSM_HANDLE mCertHandle;
+};
+
+} // end namespace KeychainCore
+
+} // end namespace Security
+
+#endif // !_SECURITY_CERTIFICATE_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// CertificateRequest.cpp
+//
+#include <Security/CertificateRequest.h>
+
+using namespace KeychainCore;
+
+CertificateRequest::CertificateRequest(int a)
+{
+}
+
+CertificateRequest::~CertificateRequest()
+{
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// CertificateRequest.h
+//
+#ifndef _SECURITY_CERTIFICATEREQUEST_H_
+#define _SECURITY_CERTIFICATEREQUEST_H_
+
+#include <Security/SecRuntime.h>
+
+namespace Security
+{
+
+namespace KeychainCore
+{
+
+class CertificateRequest : public SecCFObject
+{
+ NOCOPY(CertificateRequest)
+public:
+ CertificateRequest(int a);
+ virtual ~CertificateRequest();
+
+private:
+};
+
+} // end namespace KeychainCore
+
+} // end namespace Security
+
+#endif // !_SECURITY_CERTIFICATEREQUEST_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: Certificates.cpp
+
+ Contains: Working with Certificates
+
+ Copyright: 2002 by Apple Computer, Inc., all rights reserved.
+
+ To Do:
+*/
+
+#include <Security/Certificates.h>
+#include <Security/CertLibRef.h>//%%%should be included in Certificates.h
+
+using namespace KeychainCore;
+
+void CertificateImpl::CertificateImplCommonInit(CSSM_CERT_TYPE type)
+{
+ mType = type;
+ mCLReference = NULL;
+ //
+ // Create a CL reference for this certificate type.
+ // %%%find us the 1st CL reference we can find for this cert type (this can change)
+ //
+ CertLibCursorImpl* cursor = NULL;
+ cursor = new CertLibCursorImpl(type);
+ if (!cursor)
+ MacOSError::throwMe(errSecItemNotFound/*%%%*/);
+
+ CertLib certLib;//%%%allocated on the stack?!
+ if (!cursor->next(certLib))
+ {
+ delete cursor;
+ MacOSError::throwMe(errSecItemNotFound/*%%%*/);
+ }
+ delete cursor;
+
+ mCLReference = CertLibRef::handle(certLib); // 'tis a SecCertificateLibraryRef
+}
+
+CertificateImpl::CertificateImpl(const CSSM_DATA* data, CSSM_CERT_TYPE type):
+ mItem(NULL)
+{
+ CertificateImplCommonInit(type);
+ (void*)mData.Data = malloc(data->Length);
+ memcpy(mData.Data, data->Data, data->Length);
+ mData.Length = data->Length;
+}
+
+CertificateImpl::CertificateImpl(SecKeychainItemRef item, CSSM_CERT_TYPE type)
+{
+ CertificateImplCommonInit(type);
+ mItem = item;
+ SecRetain(item);
+ mData.Data = NULL;
+ mData.Length = 0;
+}
+
+CertificateImpl::~CertificateImpl()
+{
+ if (mData.Data)
+ {
+ if (mItem)
+ SecKeychainItemFreeContent(NULL, mData.Data); // free if copied via SecKeychainItemCopyContent.
+ else
+ free(mData.Data); // free if copied from the caller when cert ref was created.
+ }
+ if (mItem)
+ SecRelease(mItem);
+
+ if (mCLReference)
+ SecRelease(mCLReference);
+}
+
+CSSM_DATA* CertificateImpl::getData()
+{
+ if (mItem)
+ {
+ if (mData.Data)
+ SecKeychainItemFreeContent(NULL, mData.Data);
+
+ OSStatus result = SecKeychainItemCopyContent(mItem, NULL, NULL, &mData.Length, (void**)&(mData.Data));
+ if (result)
+ MacOSError::throwMe(result);
+ } // otherwise, return the data originally specified when the cert ref was created.
+ return &mData;
+}
+
+CSSM_X509_NAME* CertificateImpl::getSubject()
+{
+ return NULL;//%%%use mCLReference to get subject
+}
+
+CSSM_X509_NAME* CertificateImpl::getIssuer()
+{
+ return NULL;//%%%use mCLReference to get issuer
+}
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
/*
- DLDBListCFPref.h
-*/
-
-#ifndef __DLDBLISTCFPREF_H_
-#define __DLDBLISTCFPREF_H_
+ * DLDBListCFPref.h
+ */
+#ifndef _SECURITY_DLDBLISTCFPREF_H_
+#define _SECURITY_DLDBLISTCFPREF_H_
+#include <Security/cfutilities.h>
#include <CoreFoundation/CFDictionary.h>
#include <CoreFoundation/CFPreferences.h>
#include <Security/DLDBList.h>
} // end namespace Security
-#endif /* __DLDBLISTCFPREF_H_ */
+#endif /* !_SECURITY_DLDBLISTCFPREF_H_ */
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
* specific language governing rights and limitations under the License.
*/
-
-/*
- File: DefaultKeychain.h
-
- Contains: User preference for default keychain
-
- Written by: John Hurley
-
- Copyright: 2000 by Apple Computer, Inc., all rights reserved.
-
- To Do:
-*/
-
-#ifndef _H_KEYCHAINCORE_DEFAULTKEYCHAIN__
-#define _H_KEYCHAINCORE_DEFAULTKEYCHAIN__
+//
+// DefaultKeychain.h - Default Keychain singleton
+//
+#ifndef _SECURITY_DEFAULTKEYCHAIN_H_
+#define _SECURITY_DEFAULTKEYCHAIN_H_
#include <Security/DLDBListCFPref.h>
#include <Security/Keychains.h>
DLDbIdentifier defaultID;
};
-}; // end namespace KeychainCore
+} // end namespace KeychainCore
} // end namespace Security
-#endif /* _H_KEYCHAINCORE_DEFAULTKEYCHAIN__ */
+#endif // !_SECURITY_DEFAULTKEYCHAIN_H_
#pragma mark ÑÑÑÑ Constructor/Destructor ÑÑÑÑ
Globals::Globals() :
-mUI(true), mACLFactory(CssmAllocator::standard())
+mUI(true)
{
}
const AccessCredentials * Globals::credentials()
{
- return (mUI ? mACLFactory.keychainPromptCredentials() : mACLFactory.nullCredentials());
+ return (mUI ? mACLFactory.promptCred() : mACLFactory.nullCred());
}
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
* specific language governing rights and limitations under the License.
*/
-
-/*
- File: Globals.h
-
- Contains: Private "globals" and interfaces for KeychainCore
-
- Copyright: 2000 by Apple Computer, Inc., all rights reserved.
-
- To Do:
-
- Notes: Many functions moved from CKeychainMgr.h
-*/
-
-#ifndef _H_GLOBALS_KEYCHAINCORE
-#define _H_GLOBALS_KEYCHAINCORE
+//
+// DefaultKeychain.h - Private "globals" and interfaces for KeychainCore
+//
+#ifndef _SECURITY_GLOBALS_H_
+#define _SECURITY_GLOBALS_H_
#ifdef check
#undef check
#endif
#include <Security/StorageManager.h>
#include <Security/DefaultKeychain.h>
-#include <Security/keychainacl.h>
+#include <Security/aclclient.h>
namespace Security
// Other "globals"
bool mUI;
- CssmClient::KeychainAclFactory mACLFactory;
+ CssmClient::AclFactory mACLFactory;
};
extern ModuleNexus<Globals> globals;
} // end namespace Security
-#endif /* _H_GLOBALS_KEYCHAINCORE */
+#endif // !_SECURITY_GLOBALS_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// Identity.cpp - Working with Identities
+//
+#include <Security/Identity.h>
+
+using namespace KeychainCore;
+
+Identity::Identity(const RefPointer<KeyItem> &privateKey,
+ const RefPointer<Certificate> &certificate) :
+ mPrivateKey(privateKey),
+ mCertificate(certificate)
+{
+}
+
+Identity::~Identity()
+{
+}
+
+RefPointer<KeyItem>
+Identity::privateKey() const
+{
+ return mPrivateKey;
+}
+
+RefPointer<Certificate>
+Identity::certificate() const
+{
+ return mCertificate;
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// Identity.h - Working with Identities
+//
+#ifndef _SECURITY_IDENTITY_H_
+#define _SECURITY_IDENTITY_H_
+
+#include <Security/SecRuntime.h>
+#include <Security/Certificate.h>
+#include <Security/KeyItem.h>
+
+namespace Security
+{
+
+namespace KeychainCore
+{
+
+class Identity : public SecCFObject
+{
+ NOCOPY(Identity)
+public:
+ Identity(const RefPointer<KeyItem> &privateKey,
+ const RefPointer<Certificate> &certificate);
+ virtual ~Identity();
+
+ RefPointer<KeyItem> privateKey() const;
+ RefPointer<Certificate> certificate() const;
+
+private:
+ RefPointer<KeyItem> mPrivateKey;
+ RefPointer<Certificate> mCertificate;
+};
+
+} // end namespace KeychainCore
+
+} // end namespace Security
+
+#endif // !_SECURITY_IDENTITY_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: IdentityCursor.cpp
+
+ Contains: Working with IdentityCursor
+
+ Copyright: 2002 by Apple Computer, Inc., all rights reserved.
+
+ To Do:
+*/
+
+#include <Security/IdentityCursor.h>
+#include <Security/Identity.h>
+#include <Security/Item.h>
+#include <Security/Certificate.h>
+#include <Security/KeyItem.h>
+#include <Security/Schema.h>
+
+// From AppleCSPDL
+#include <Security/KeySchema.h>
+
+using namespace KeychainCore;
+
+IdentityCursor::IdentityCursor(const StorageManager::KeychainList &searchList, CSSM_KEYUSE keyUsage) :
+ mSearchList(searchList),
+ mKeyCursor(mSearchList, CSSM_DL_DB_RECORD_PRIVATE_KEY, NULL)
+{
+ // If keyUsage is CSSM_KEYUSE_ANY then we need a key that can do everything
+ if (keyUsage & CSSM_KEYUSE_ANY)
+ keyUsage = CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT
+ | CSSM_KEYUSE_DERIVE | CSSM_KEYUSE_SIGN
+ | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_SIGN_RECOVER
+ | CSSM_KEYUSE_VERIFY_RECOVER | CSSM_KEYUSE_WRAP
+ | CSSM_KEYUSE_UNWRAP;
+
+ if (keyUsage & CSSM_KEYUSE_ENCRYPT)
+ mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Encrypt, true);
+ if (keyUsage & CSSM_KEYUSE_DECRYPT)
+ mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Decrypt, true);
+ if (keyUsage & CSSM_KEYUSE_DERIVE)
+ mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Derive, true);
+ if (keyUsage & CSSM_KEYUSE_SIGN)
+ mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Sign, true);
+ if (keyUsage & CSSM_KEYUSE_VERIFY)
+ mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Verify, true);
+ if (keyUsage & CSSM_KEYUSE_SIGN_RECOVER)
+ mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::SignRecover, true);
+ if (keyUsage & CSSM_KEYUSE_VERIFY_RECOVER)
+ mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::VerifyRecover, true);
+ if (keyUsage & CSSM_KEYUSE_WRAP)
+ mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Wrap, true);
+ if (keyUsage & CSSM_KEYUSE_UNWRAP)
+ mKeyCursor->add(CSSM_DB_EQUAL, KeySchema::Unwrap, true);
+}
+
+IdentityCursor::~IdentityCursor()
+{
+}
+
+bool
+IdentityCursor::next(RefPointer<Identity> &identity)
+{
+ for (;;)
+ {
+ if (!mCertificateCursor)
+ {
+ Item key;
+ if (!mKeyCursor->next(key))
+ return false;
+
+ mCurrentKey = static_cast<KeyItem *>(key.get());
+
+ CssmClient::DbUniqueRecord uniqueId = mCurrentKey->dbUniqueRecord();
+ CssmClient::DbAttributes dbAttributes(uniqueId->database(), 1);
+ dbAttributes.add(KeySchema::Label);
+ uniqueId->get(&dbAttributes, NULL);
+ const CssmData &keyHash = dbAttributes[0];
+
+ mCertificateCursor = KCCursor(mSearchList, CSSM_DL_DB_RECORD_X509_CERTIFICATE, NULL);
+ mCertificateCursor->add(CSSM_DB_EQUAL, Schema::kX509CertificatePublicKeyHash, keyHash);
+ }
+
+ Item cert;
+ if (mCertificateCursor->next(cert))
+ {
+ RefPointer<Certificate> certificate(static_cast<Certificate *>(cert.get()));
+ identity = new Identity(mCurrentKey, certificate);
+ return true;
+ }
+ else
+ mCertificateCursor = KCCursor();
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// IdentityCursor.h - Working with IdentityCursors
+//
+#ifndef _SECURITY_IDENTITYCURSOR_H_
+#define _SECURITY_IDENTITYCURSOR_H_
+
+#include <Security/SecRuntime.h>
+#include <Security/SecCertificate.h>
+#include <Security/securestorage.h>
+#include <Security/KCCursor.h>
+#include <CoreFoundation/CFArray.h>
+
+namespace Security
+{
+
+namespace KeychainCore
+{
+
+class Identity;
+class KeyItem;
+
+class IdentityCursor : public SecCFObject
+{
+ NOCOPY(IdentityCursor)
+public:
+ IdentityCursor(const StorageManager::KeychainList &searchList, CSSM_KEYUSE keyUsage);
+ virtual ~IdentityCursor();
+ bool next(RefPointer<Identity> &identity);
+
+private:
+ StorageManager::KeychainList mSearchList;
+ KCCursor mKeyCursor;
+ KCCursor mCertificateCursor;
+ RefPointer<KeyItem> mCurrentKey;
+};
+
+} // end namespace KeychainCore
+
+} // end namespace Security
+
+#endif // !_SECURITY_IDENTITYCURSOR_H_
#include "Item.h"
+#include "Certificate.h"
+#include "KeyItem.h"
+
#include "Globals.h"
#include "Schema.h"
#include "KCEventNotifier.h"
#include "cssmdatetime.h"
#include <Security/keychainacl.h>
-#include <Security/SecKeychainAPIPriv.h>
#include <Security/aclsupport.h>
#include <Security/osxsigning.h>
+#include <Security/trackingallocator.h>
+#include <Security/SecKeychainAPIPriv.h>
using namespace KeychainCore;
using namespace CSSMDateTimeUtils;
mData.reset(new CssmDataContainer(data, length));
mDbAttributes->recordType(Schema::recordTypeFor(itemClass));
- mDbAttributes->add(Schema::attributeInfo(kSecCreatorItemAttr), itemCreator);
- SInt64 date;
- GetCurrentMacLongDateTime(date);
- setAttribute(Schema::attributeInfo(kSecCreationDateItemAttr), date);
- setAttribute(Schema::attributeInfo(kSecModDateItemAttr), date);
+ if (itemCreator)
+ mDbAttributes->add(Schema::attributeInfo(kSecCreatorItemAttr), itemCreator);
}
ItemImpl::ItemImpl(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data)
mDbAttributes->add(Schema::attributeInfo(attrList->attr[i].tag), CssmData(attrList->attr[i].data, attrList->attr[i].length));
}
}
-
- SInt64 date;
- GetCurrentMacLongDateTime(date);
- setAttribute(Schema::attributeInfo(kSecCreationDateItemAttr), date);
- setAttribute(Schema::attributeInfo(kSecModDateItemAttr), date);
}
// DbItemImpl constructor
}
}
+
+
PrimaryKey
-ItemImpl::add(const Keychain &keychain)
+ItemImpl::add(Keychain &keychain)
{
// If we already have a Keychain we can't be added.
if (mKeychain)
if (!mDbAttributes.get())
MacOSError::throwMe(errSecDuplicateItem);
+ CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType();
+
+ // update the creation and update dates on the new item
+ KeychainSchema schema = keychain->keychainSchema();
+ SInt64 date;
+ GetCurrentMacLongDateTime(date);
+ if (schema->hasAttribute(recordType, kSecCreationDateItemAttr))
+ {
+ setAttribute(schema->attributeInfoFor(recordType, kSecCreationDateItemAttr), date);
+ }
+
+ if (schema->hasAttribute(recordType, kSecModDateItemAttr))
+ {
+ setAttribute(schema->attributeInfoFor(recordType, kSecModDateItemAttr), date);
+ }
+
// If the label (PrintName) attribute isn't specified, set a default label.
if (!mDbAttributes->find(Schema::attributeInfo(kSecLabelItemAttr)))
{
CssmDbAttributeData *label = NULL;
- switch (mDbAttributes->recordType())
+ switch (recordType)
{
case CSSM_DL_DB_RECORD_GENERIC_PASSWORD:
label = mDbAttributes->find(Schema::attributeInfo(kSecServiceItemAttr));
// if AppleShare server name wasn't specified, try the server address
if (!label) label = mDbAttributes->find(Schema::attributeInfo(kSecAddressItemAttr));
break;
-
+
default:
break;
}
// if all else fails, use the account name.
- if (!label) label = mDbAttributes->find(Schema::attributeInfo(kSecAccountItemAttr));
+ if (!label)
+ label = mDbAttributes->find(Schema::attributeInfo(kSecAccountItemAttr));
if (label && label->size())
- mDbAttributes->add(Schema::attributeInfo(kSecLabelItemAttr), label->at<CssmData>(0));
+ setAttribute (Schema::attributeInfo(kSecLabelItemAttr), label->at<CssmData>(0));
}
// get the attributes that are part of the primary key
const CssmAutoDbRecordAttributeInfo &primaryKeyInfos =
- keychain->primaryKeyInfosFor(recordType());
+ keychain->primaryKeyInfosFor(recordType);
// make sure each primary key element has a value in the item, otherwise
// the database will complain. we make a set of the provided attribute infos
typedef set<CssmDbAttributeInfo> InfoSet;
InfoSet infoSet;
+ // make a set of all the attributes in the key
for (uint32 i = 0; i < attributes->size(); i++)
infoSet.insert(attributes->at(i).Info);
- for (uint32 i = 0; i < primaryKeyInfos.size(); i++) {
+ for (uint32 i = 0; i < primaryKeyInfos.size(); i++) { // check to make sure all required attributes are in the key
InfoSet::const_iterator it = infoSet.find(primaryKeyInfos.at(i));
- if (it == infoSet.end()) {
+ if (it == infoSet.end()) { // not in the key? add the default
// we need to add a default value to the item attributes
- attributes->add(primaryKeyInfos.at(i),
- defaultAttributeValue(primaryKeyInfos.at(i)));
+ attributes->add(primaryKeyInfos.at(i), defaultAttributeValue(primaryKeyInfos.at(i)));
}
}
-
+
Db db(keychain->database());
- if (db->dl()->subserviceMask() & CSSM_SERVICE_CSP)
+ if (useSecureStorage(db))
{
// Add the item to the secure storage db
SSDb ssDb(safe_cast<SSDbImpl *>(&(*db)));
TrackingAllocator allocator(CssmAllocator::standard());
- // @@@ Share this instance
- KeychainAclFactory aclFactory(allocator);
-
- AclEntryPrototype anyEncrypt(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_ANY));
- AuthorizationGroup &anyEncryptAuthGroup = anyEncrypt.authorization();
- CSSM_ACL_AUTHORIZATION_TAG encryptTag = CSSM_ACL_AUTHORIZATION_ENCRYPT;
- anyEncryptAuthGroup.NumberOfAuthTags = 1;
- anyEncryptAuthGroup.AuthTags = &encryptTag;
-
- const AccessCredentials *nullCred = aclFactory.nullCredentials();
-
- const ResourceControlContext credAndAclEntry
- (anyEncrypt, const_cast<AccessCredentials *>(nullCred));
-
- // Create a new SSGroup with owner = ANY, encrypt = ANY
- SSGroup ssGroup(ssDb, &credAndAclEntry);
-
- // Now we edit the acl to look like we want it to.
-
- // Find the PrintName (which we want SecurityAgent to display when evaluating the ACL
- CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecLabelItemAttr));
- CssmData noName;
- CssmData &printName = data ? CssmData::overlay(data->Value[0]) : noName;
-
- // @@@ This code should use KeychainACL instead, but that class will need some changes.
- // Defering integration with KeychainACL to Puma.
-
- // Figure out if we should special case this to have an anyAllow in this ACL or not.
- // Currently only generic password items with sevicename "iTools" passwords are always anyAllow.
- bool anyAllow = false;
- if (mDbAttributes->recordType() == CSSM_DL_DB_RECORD_GENERIC_PASSWORD)
- {
- CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecServiceItemAttr));
- if (data && data->Value[0].Length == 6 && !memcmp("iTools", data->Value[0].Data, 6))
- anyAllow = true;
- }
-
- CssmList &list = *new(allocator) CssmList();
-
- // List is a threshold acl with 2 elements or 3 if anyAllow is true.
- list.append(new(allocator) ListElement(CSSM_ACL_SUBJECT_TYPE_THRESHOLD));
- list.append(new(allocator) ListElement(1));
- list.append(new(allocator) ListElement(2 + anyAllow));
-
- // If anyAllow is true start the threshold list with a any allow sublist.
- if(anyAllow)
- {
- CssmList &anySublist = *new(allocator) CssmList();
- anySublist.append(new(allocator) ListElement(CSSM_ACL_SUBJECT_TYPE_ANY));
- list.append(new(allocator) ListElement(anySublist));
+
+ // hhs replaced with the new aclFactory class
+ AclFactory aclFactory;
+ const AccessCredentials *nullCred = aclFactory.nullCred();
+
+ RefPointer<Access> access = mAccess;
+ if (!access) {
+ // create default access controls for the new item
+ CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecLabelItemAttr));
+ string printName = data ? CssmData::overlay(data->Value[0]).toString() : "keychain item";
+ access = new Access(printName);
+
+ // special case for "iTools" password - allow anyone to decrypt the item
+ if (recordType == CSSM_DL_DB_RECORD_GENERIC_PASSWORD)
+ {
+ CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecServiceItemAttr));
+ if (data && data->Value[0].Length == 6 && !memcmp("iTools", data->Value[0].Data, 6))
+ {
+ typedef vector<RefPointer<ACL> > AclSet;
+ AclSet acls;
+ access->findAclsForRight(CSSM_ACL_AUTHORIZATION_DECRYPT, acls);
+ for (AclSet::const_iterator it = acls.begin(); it != acls.end(); it++)
+ (*it)->form(ACL::allowAllForm);
+ }
+ }
}
-
- // Now add a sublist to trust the current application.
- auto_ptr<CodeSigning::OSXCode> code(CodeSigning::OSXCode::main());
- const char *path = code->canonicalPath().c_str();
- CssmData comment(const_cast<char *>(path), strlen(path) + 1);
- TrustedApplication app(path, comment);
- CssmList &appSublist = *new(allocator) CssmList();
- appSublist.append(new(allocator) ListElement(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE));
- appSublist.append(new(allocator) ListElement(CSSM_ACL_CODE_SIGNATURE_OSX));
- appSublist.append(new(allocator) ListElement(app->signature()));
- appSublist.append(new(allocator) ListElement(app->comment()));
- list.append(new(allocator) ListElement(appSublist));
-
- // Finally add the keychain prompt sublist to the list so we default to asking
- // the user for permission if all else fails.
- CssmList &promptSublist = *new(allocator) CssmList();
- promptSublist.append(new(allocator) ListElement(CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT));
- promptSublist.append(new(allocator) ListElement(printName));
- list.append(new(allocator) ListElement(promptSublist));
-
- // The acl prototype we want to add contains the list we just made.
- AclEntryPrototype promptDecrypt(list);
-
- // Now make sure it only authorizes decrypt.
- AuthorizationGroup &promptDecryptAuthGroup = promptDecrypt.authorization();
- CSSM_ACL_AUTHORIZATION_TAG decryptTag = CSSM_ACL_AUTHORIZATION_DECRYPT;
- promptDecryptAuthGroup.NumberOfAuthTags = 1;
- promptDecryptAuthGroup.AuthTags = &decryptTag;
-
- // Add an acl entry for decrypt we just made
- AclEdit edit(promptDecrypt);
- ssGroup->changeAcl(nullCred, edit);
-
+
+ // Create a new SSGroup with temporary access controls
+ Access::Maker maker;
+ ResourceControlContext prototype;
+ maker.initialOwner(prototype, nullCred);
+ SSGroup ssGroup(ssDb, &prototype);
+
try
{
// Insert the record using the newly created group.
- mUniqueId = ssDb->insert(recordType(), mDbAttributes.get(),
- mData.get(), ssGroup, nullCred);
+ mUniqueId = ssDb->insert(recordType, mDbAttributes.get(),
+ mData.get(), ssGroup, maker.cred());
}
catch(...)
{
throw;
}
- // Change the owner so change acl = KeychainPrompt
- AclEntryPrototype promptOwner(TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT,
- new(allocator) ListElement(allocator, printName)));
- AclOwnerPrototype owner(promptOwner);
- ssGroup->changeOwner(nullCred, owner);
+ // now finalize the access controls on the group
+ access->setAccess(*ssGroup, maker);
+ mAccess = NULL; // use them and lose them
}
else
{
// add the item to the (regular) db
- mUniqueId = db->insert(recordType(), mDbAttributes.get(), mData.get());
+ mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
}
- mPrimaryKey = keychain->makePrimaryKey(recordType(), mUniqueId);
+ mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId);
mKeychain = keychain;
// Forget our data and attributes.
}
Item
-ItemImpl::copyTo(const Keychain &keychain)
+ItemImpl::copyTo(const Keychain &keychain, Access *newAccess = NULL)
{
Item item(*this);
+ if (newAccess)
+ item->setAccess(newAccess);
keychain->add(item);
return item;
}
if (!isModified())
return;
- // Set the modification date on the item.
- SInt64 date;
- GetCurrentMacLongDateTime(date);
- setAttribute(Schema::attributeInfo(kSecModDateItemAttr), date);
+ CSSM_DB_RECORDTYPE aRecordType = recordType();
+ KeychainSchema schema = mKeychain->keychainSchema();
+
+ // Update the modification date on the item if there is a mod date attribute.
+ if (schema->hasAttribute(aRecordType, kSecModDateItemAttr))
+ {
+ SInt64 date;
+ GetCurrentMacLongDateTime(date);
+ setAttribute(schema->attributeInfoFor(aRecordType, kSecModDateItemAttr), date);
+ }
// Make sure that we have mUniqueId
dbUniqueRecord();
Db db(mUniqueId->database());
- if (db->dl()->subserviceMask() & CSSM_SERVICE_CSP)
+ if (useSecureStorage(db))
{
// Add the item to the secure storage db
SSDbUniqueRecord ssUniqueId(safe_cast<SSDbUniqueRecordImpl *>
// Only call this is user interaction is enabled.
- ssUniqueId->modify(recordType(),
+ ssUniqueId->modify(aRecordType,
mDbAttributes.get(),
mData.get(),
CSSM_DB_MODIFY_ATTRIBUTE_REPLACE,
}
else
{
- mUniqueId->modify(recordType(),
+ mUniqueId->modify(aRecordType,
mDbAttributes.get(),
mData.get(),
CSSM_DB_MODIFY_ATTRIBUTE_REPLACE);
}
PrimaryKey oldPK = mPrimaryKey;
- mPrimaryKey = mKeychain->makePrimaryKey(recordType(), mUniqueId);
+ mPrimaryKey = mKeychain->makePrimaryKey(aRecordType, mUniqueId);
// Forget our data and attributes.
mData.reset(NULL);
mData.reset(new CssmDataContainer(data, length));
}
+void
+ItemImpl::setAccess(Access *newAccess)
+{
+ mAccess = newAccess;
+}
+
CssmClient::DbUniqueRecord
ItemImpl::dbUniqueRecord()
{
if (!mUniqueId)
{
- assert(mKeychain && mPrimaryKey);
- DbCursor cursor(mPrimaryKey->createCursor(mKeychain));
- if (!cursor->next(NULL, NULL, mUniqueId))
- {
- killRef();
- MacOSError::throwMe(errSecInvalidItemRef);
- }
+ DbCursor cursor(mPrimaryKey->createCursor(mKeychain));
+ if (!cursor->next(NULL, NULL, mUniqueId))
+ MacOSError::throwMe(errSecInvalidItemRef);
}
return mUniqueId;
}
else if (length == sizeof(SInt64))
{
- MacLongDateTimeToTimeString(*reinterpret_cast<const SInt64 *>(buf),
- 16, &timeString);
+ MacLongDateTimeToTimeString(*reinterpret_cast<const SInt64 *>(buf), 16, &timeString);
buf = &timeString;
length = 16;
}
ItemImpl::getContent(SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData)
{
- // If the data hasn't been set we can't return it.
- if (!mKeychain && outData)
- {
- CssmData *data = mData.get();
- if (!data)
- MacOSError::throwMe(errSecDataNotAvailable);
- }
- // TODO: need to check and make sure attrs are valid and handle error condition
+ // If the data hasn't been set we can't return it.
+ if (!mKeychain && outData)
+ {
+ CssmData *data = mData.get();
+ if (!data)
+ MacOSError::throwMe(errSecDataNotAvailable);
+ }
+ // TODO: need to check and make sure attrs are valid and handle error condition
- if(itemClass)
- *itemClass = Schema::itemClassFor(recordType());
-
- dbUniqueRecord();
+ if(itemClass)
+ *itemClass = Schema::itemClassFor(recordType());
+
+ bool getDataFromDatabase = mKeychain && mPrimaryKey;
+
+ if (getDataFromDatabase) // are we attached to a database?
+
+ {
+ dbUniqueRecord();
+ }
+ // get the number of attributes requested by the caller
UInt32 attrCount = attrList ? attrList->count : 0;
- DbAttributes dbAttributes(mUniqueId->database(), attrCount);
- for (UInt32 ix = 0; ix < attrCount; ++ix)
- dbAttributes.add(Schema::attributeInfo(attrList->attr[ix].tag));
-
- CssmDataContainer itemData;
- getContent(&dbAttributes, outData ? &itemData : NULL);
-
- if (outData) KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this);
-
- for (UInt32 ix = 0; ix < attrCount; ++ix)
+
+ if (getDataFromDatabase)
{
- if (dbAttributes.at(ix).NumberOfValues > 0)
+ // make a DBAttributes structure and populate it
+ DbAttributes dbAttributes(mUniqueId->database(), attrCount);
+ for (UInt32 ix = 0; ix < attrCount; ++ix)
{
- attrList->attr[ix].data = dbAttributes.at(ix).Value[0].Data;
- attrList->attr[ix].length = dbAttributes.at(ix).Value[0].Length;
-
- // We don't want the data released, it is up the client
- dbAttributes.at(ix).Value[0].Data = NULL;
- dbAttributes.at(ix).Value[0].Length = 0;
+ dbAttributes.add(Schema::attributeInfo(attrList->attr[ix].tag));
}
- else
+
+ // request the data from the database (since we are a reference "item" and the data is really stored there)
+ CssmDataContainer itemData;
+ if (getDataFromDatabase)
{
- attrList->attr[ix].data = NULL;
- attrList->attr[ix].length = 0;
+ getContent(&dbAttributes, outData ? &itemData : NULL);
+ }
+
+ // retrieve the data from result
+ for (UInt32 ix = 0; ix < attrCount; ++ix)
+ {
+ if (dbAttributes.at(ix).NumberOfValues > 0)
+ {
+ attrList->attr[ix].data = dbAttributes.at(ix).Value[0].Data;
+ attrList->attr[ix].length = dbAttributes.at(ix).Value[0].Length;
+
+ // We don't want the data released, it is up the client
+ dbAttributes.at(ix).Value[0].Data = NULL;
+ dbAttributes.at(ix).Value[0].Length = 0;
+ }
+ else
+ {
+ attrList->attr[ix].data = NULL;
+ attrList->attr[ix].length = 0;
+ }
}
- }
- if (outData)
- {
- *outData=itemData.data();
- itemData.Data=NULL;
-
- *length=itemData.length();
- itemData.Length=0;
+ // clean up
+ if (outData)
+ {
+ *outData=itemData.data();
+ itemData.Data=NULL;
+
+ *length=itemData.length();
+ itemData.Length=0;
+ }
+ }
+ else if (attrList != NULL)
+ {
+ getLocalContent (*attrList);
+ *outData = NULL;
+ *length = 0;
}
-
+
+ // inform anyone interested that we are doing this
+ if (outData)
+ {
+ KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this);
+ }
}
void
ItemImpl::freeContent(SecKeychainAttributeList *attrList, void *data)
{
- CssmAllocator &allocator = CssmAllocator::standard(); // @@@ This might not match the one used originally
- if (data)
- allocator.free(data);
+ CssmAllocator &allocator = CssmAllocator::standard(); // @@@ This might not match the one used originally
+ if (data)
+ allocator.free(data);
UInt32 attrCount = attrList ? attrList->count : 0;
for (UInt32 ix = 0; ix < attrCount; ++ix)
mDbAttributes->recordType(mPrimaryKey->recordType());
}
+ CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType();
UInt32 attrCount = attrList ? attrList->count : 0;
for (UInt32 ix = 0; ix < attrCount; ix++)
{
- CssmDbAttributeInfo info=mKeychain->attributeInfoForTag(attrList->attr[ix].tag);
+ CssmDbAttributeInfo info=mKeychain->attributeInfoFor(recordType, attrList->attr[ix].tag);
if (attrList->attr[ix].length || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_STRING || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_BLOB
|| info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_STRING || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_BIG_NUM
if (&*mUniqueId)
{
Db db(mKeychain->database());
- if (db->dl()->subserviceMask() & CSSM_SERVICE_CSP)
+ if (useSecureStorage(db))
{
group = safer_cast<SSDbUniqueRecordImpl &>(*mUniqueId).group();
}
return group;
}
+void ItemImpl::getLocalContent(SecKeychainAttributeList &attributeList)
+{
+ CssmAllocator &allocator = CssmAllocator::standard(); // @@@ This might not match the one used originally
+
+ // pull attributes out of a "floating" item, i.e. one that isn't attached to a database
+ unsigned int i;
+ for (i = 0; i < attributeList.count; ++i)
+ {
+ // get the size of the attribute
+ UInt32 actualLength;
+ SecKeychainAttribute attribute;
+ attribute.tag = attributeList.attr[i].tag;
+ attribute.length = 0;
+ attribute.data = NULL;
+ getAttribute (attribute, &actualLength);
+
+ // if we didn't get the actual length, mark zeros.
+ if (actualLength == 0)
+ {
+ attributeList.attr[i].length = 0;
+ attributeList.attr[i].data = NULL;
+ }
+ else
+ {
+ // make room in the item data
+ attributeList.attr[i].length = actualLength;
+ attributeList.attr[i].data = allocator.malloc(actualLength);
+ getAttribute(attributeList.attr[i], &actualLength);
+ }
+ }
+}
+
void
ItemImpl::getContent(DbAttributes *dbAttributes, CssmDataContainer *itemData)
{
// Make sure mUniqueId is set.
- dbUniqueRecord();
- if (itemData)
- {
- Db db(mUniqueId->database());
- if (db->dl()->subserviceMask() & CSSM_SERVICE_CSP)
- {
- SSDbUniqueRecord ssUniqueId(safe_cast<SSDbUniqueRecordImpl *>(&(*mUniqueId)));
- const AccessCredentials *autoPrompt = globals().credentials();
- ssUniqueId->get(dbAttributes, itemData, autoPrompt);
- return;
- }
+ dbUniqueRecord();
+ if (itemData)
+ {
+ Db db(mUniqueId->database());
+ if (useSecureStorage(db))
+ {
+ SSDbUniqueRecord ssUniqueId(safe_cast<SSDbUniqueRecordImpl *>(&(*mUniqueId)));
+ const AccessCredentials *autoPrompt = globals().credentials();
+ ssUniqueId->get(dbAttributes, itemData, autoPrompt);
+ return;
+ }
}
mUniqueId->get(dbAttributes, itemData);
}
+
+bool
+ItemImpl::useSecureStorage(const Db &db)
+{
+ switch (recordType())
+ {
+ case CSSM_DL_DB_RECORD_GENERIC_PASSWORD:
+ case CSSM_DL_DB_RECORD_INTERNET_PASSWORD:
+ case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD:
+ if (db->dl()->subserviceMask() & CSSM_SERVICE_CSP)
+ return true;
+ break;
+ default:
+ break;
+ }
+ return false;
+}
+
+
+//
+// Item -- This class is here to magically create the right subclass of ItemImpl
+// when constructing new items.
+//
+Item::Item()
+{
+}
+
+Item::Item(ItemImpl *impl) : RefPointer<ItemImpl>(impl)
+{
+}
+
+Item::Item(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data)
+{
+ if (itemClass == CSSM_DL_DB_RECORD_X509_CERTIFICATE
+ || itemClass == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ || itemClass == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ || itemClass == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
+ MacOSError::throwMe(errSecNoSuchClass); /* @@@ errSecInvalidClass */
+
+ *this = new ItemImpl(itemClass, itemCreator, length, data);
+}
+
+Item::Item(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data)
+{
+ if (itemClass == CSSM_DL_DB_RECORD_X509_CERTIFICATE
+ || itemClass == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ || itemClass == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ || itemClass == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
+ MacOSError::throwMe(errSecNoSuchClass); /* @@@ errSecInvalidClass */
+
+ *this = new ItemImpl(itemClass, attrList, length, data);
+}
+
+Item::Item(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId)
+ : RefPointer<ItemImpl>(
+ primaryKey->recordType() == CSSM_DL_DB_RECORD_X509_CERTIFICATE
+ ? new Certificate(keychain, primaryKey, uniqueId)
+ : (primaryKey->recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ || primaryKey->recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ || primaryKey->recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
+ ? new KeyItem(keychain, primaryKey, uniqueId)
+ : new ItemImpl(keychain, primaryKey, uniqueId))
+{
+}
+
+Item::Item(const Keychain &keychain, const PrimaryKey &primaryKey)
+ : RefPointer<ItemImpl>(
+ primaryKey->recordType() == CSSM_DL_DB_RECORD_X509_CERTIFICATE
+ ? new Certificate(keychain, primaryKey)
+ : (primaryKey->recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ || primaryKey->recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ || primaryKey->recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
+ ? new KeyItem(keychain, primaryKey)
+ : new ItemImpl(keychain, primaryKey))
+{
+}
+
+Item::Item(ItemImpl &item)
+ : RefPointer<ItemImpl>(
+ item.recordType() == CSSM_DL_DB_RECORD_X509_CERTIFICATE
+ ? new Certificate(safer_cast<Certificate &>(item))
+ : (item.recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ || item.recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ || item.recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
+ ? new KeyItem(safer_cast<KeyItem &>(item))
+ : new ItemImpl(item))
+{
+}
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
//
// Item.h
//
-#ifndef _H_DBITEM
-#define _H_DBITEM
+#ifndef _SECURITY_ITEM_H_
+#define _SECURITY_ITEM_H_
#include <Security/Keychains.h>
#include <Security/PrimaryKey.h>
#include <Security/securestorage.h>
+#include <Security/Access.h>
namespace Security
{
namespace KeychainCore
{
-class Item;
class Keychain;
-class ItemImpl : public ReferencedObject
+class ItemImpl : public SecCFObject
{
+public:
friend class Item;
-
+ friend class KeychainImpl;
protected:
// new item constructors
ItemImpl(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data);
protected:
// Methods called by KeychainImpl;
- friend class KeychainImpl;
// Add the receiver to keychain
- PrimaryKey add(const Keychain &keychain);
+ virtual PrimaryKey add(Keychain &keychain);
// Get the default value for an attribute
static const CSSM_DATA &defaultAttributeValue(const CSSM_DB_ATTRIBUTE_INFO &info);
public:
- ~ItemImpl();
+ virtual ~ItemImpl();
bool isPersistant() const;
bool isModified() const;
- void update();
+ virtual void update();
// put a copy of the item into a given keychain
- Item copyTo(const Keychain &keychain);
+ virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);
CSSM_DB_RECORDTYPE recordType() const;
CssmClient::DbUniqueRecord dbUniqueRecord();
const CssmClient::DbAttributes *modifiedAttributes() const;
const CssmData *modifiedData() const;
- void didModify(); // Forget any attributes and data we just wrote to the db
+ virtual void didModify(); // Forget any attributes and data we just wrote to the db
Keychain keychain() const;
PrimaryKey primaryKey() const;
void setAttribute(SecKeychainAttribute& attr);
void setAttribute(const CssmDbAttributeInfo &info, const CssmPolyData &data);
void setData(UInt32 length,const void *data);
-
-
-
- SSGroup group();
+ void setAccess(Access *newAccess);
+ SSGroup group();
protected:
void getContent(DbAttributes *dbAttributes, CssmDataContainer *itemData);
+ void getLocalContent(SecKeychainAttributeList &attributeList);
+
+ bool useSecureStorage(const CssmClient::Db &db);
// new item members
auto_ptr<CssmDataContainer> mData;
auto_ptr<CssmClient::DbAttributes> mDbAttributes;
+ RefPointer<Access> mAccess;
// db item members
CssmClient::DbUniqueRecord mUniqueId;
Keychain mKeychain;
PrimaryKey mPrimaryKey;
-
};
+
class Item : public RefPointer<ItemImpl>
{
public:
- Item() {}
- Item(ItemImpl *impl) : RefPointer<ItemImpl>(impl) {}
-
- Item(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data)
- : RefPointer<ItemImpl>(new ItemImpl(itemClass, itemCreator, length, data)) {}
-
- Item(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data)
- : RefPointer<ItemImpl>(new ItemImpl(itemClass, attrList, length, data)) {}
-
- Item(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId)
- : RefPointer<ItemImpl>(new ItemImpl(keychain, primaryKey, uniqueId)) {}
-
- Item(const Keychain &keychain, const PrimaryKey &primaryKey)
- : RefPointer<ItemImpl>(new ItemImpl(keychain, primaryKey)) {}
-
- Item(ItemImpl &item)
- : RefPointer<ItemImpl>(new ItemImpl(item)) {}
-
- bool operator <(const Item &other) const { return **this < *other; }
- bool operator !=(const Item &other) const { return **this < *other || *other < **this; }
- bool operator ==(const Item &other) const { return !(*this != other); }
-
- typedef ItemImpl Impl;
+ Item();
+ Item(ItemImpl *impl);
+ Item(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data);
+ Item(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data);
+ Item(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
+ Item(const Keychain &keychain, const PrimaryKey &primaryKey);
+ Item(ItemImpl &item);
};
-typedef Ref<Item, ItemImpl, SecKeychainItemRef, errSecInvalidItemRef> ItemRef;
-
-
-}; // end namespace KeychainCore
+} // end namespace KeychainCore
} // end namespace Security
-#endif // _H_DBITEM
\ No newline at end of file
+#endif // !_SECURITY_ITEM_H_
\ No newline at end of file
#include "Globals.h"
#include "StorageManager.h"
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
+#include <Security/SecKeychainAPIPriv.h>
using namespace KeychainCore;
using namespace CssmClient;
//
// KCCursorImpl
//
-KCCursorImpl::KCCursorImpl(const DbCursor &dbCursor, SecItemClass itemClass, const SecKeychainAttributeList *attrList)
-: mDbCursor(dbCursor)
+KCCursorImpl::KCCursorImpl(const StorageManager::KeychainList &searchList, SecItemClass itemClass, const SecKeychainAttributeList *attrList) :
+ mSearchList(searchList),
+ mCurrent(mSearchList.begin())
{
+ recordType(Schema::recordTypeFor(itemClass));
+
if (!attrList) // No additional selectionPredicates: we are done
return;
-
- mDbCursor->recordType(Schema::recordTypeFor(itemClass));
-
- mDbCursor->conjunctive(CSSM_DB_AND);
+ conjunctive(CSSM_DB_AND);
const SecKeychainAttribute *end=&attrList->attr[attrList->count];
// Add all the attrs in attrs list to the cursor.
for (const SecKeychainAttribute *attr=attrList->attr; attr != end; ++attr)
length = 16;
}
}
- mDbCursor->add(CSSM_DB_EQUAL,info, CssmData(buf,length));
+ add(CSSM_DB_EQUAL,info, CssmData(buf,length));
}
}
-KCCursorImpl::KCCursorImpl(const DbCursor &dbCursor, const SecKeychainAttributeList *attrList)
-: mDbCursor(dbCursor)
+KCCursorImpl::KCCursorImpl(const StorageManager::KeychainList &searchList, const SecKeychainAttributeList *attrList) :
+ mSearchList(searchList),
+ mCurrent(mSearchList.begin())
{
if (!attrList) // No additional selectionPredicates: we are done
return;
- mDbCursor->conjunctive(CSSM_DB_AND);
+ conjunctive(CSSM_DB_AND);
bool foundClassAttribute=false;
const SecKeychainAttribute *end=&attrList->attr[attrList->count];
// Add all the attrs in attrs list to the cursor.
length = 16;
}
}
- mDbCursor->add(CSSM_DB_EQUAL,info, CssmData(buf,length));
+ add(CSSM_DB_EQUAL,info, CssmData(buf,length));
continue;
}
if (foundClassAttribute || attr->length != sizeof(SecItemClass))
MacOSError::throwMe(paramErr); // We have 2 different 'clas' attributes
- mDbCursor->recordType(Schema
- ::recordTypeFor(*reinterpret_cast<SecItemClass *>(attr->data)));
+ recordType(Schema::recordTypeFor(*reinterpret_cast<SecItemClass *>(attr->data)));
foundClassAttribute=true;
}
}
{
DbAttributes dbAttributes;
DbUniqueRecord uniqueId;
- if (!mDbCursor)
- MacOSError::throwMe(errSecInvalidSearchRef);
for (;;)
{
- if (!mDbCursor->next(&dbAttributes, NULL, uniqueId))
+ if (!mDbCursor)
+ {
+ if (mCurrent == mSearchList.end())
+ {
+ // No more keychains to search so we are done.
+ return false;
+ }
+
+ mDbCursor = DbCursor((*mCurrent)->database(), *this);
+ }
+
+ bool gotRecord;
+ try
+ {
+ gotRecord = mDbCursor->next(&dbAttributes, NULL, uniqueId);
+ }
+ catch(const CssmCommonError &err)
+ {
+ OSStatus status = err.osStatus();
+ if (status != CSSMERR_DL_DATASTORE_DOESNOT_EXIST
+ && status != CSSMERR_DL_INVALID_RECORDTYPE)
+ throw;
+
+ gotRecord = false;
+ }
+
+ // If we did not get a record from the current keychain or the current
+ // keychain did not exist skip to the next keychain in the list.
+ if (!gotRecord)
{
- // Forget my resources.
+ ++mCurrent;
mDbCursor = DbCursor();
- return false;
+ continue;
}
- // Skip records that we don't have a matching itemClass for,
- // since we can't do anything with them.
- if (Schema::itemClassFor(dbAttributes.recordType()))
- break;
+ // If doing a search for all records skip the db blob added by the
+ // CSP/DL and skip symmetric key items.
+ // @@@ This is wrong since we should only skip symmetric keys that are
+ // group keys and not user generated symmetric keys.
+ if (mDbCursor->recordType() == CSSM_DL_DB_RECORD_ANY &&
+ (dbAttributes.recordType() == 0x80008000
+ || dbAttributes.recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY))
+ continue;
+
+ break;
}
- Keychain keychain = globals().storageManager.keychain(uniqueId->database()->dlDbIdentifier());
// Go though Keychain since item might already exist.
- item = keychain->item(dbAttributes.recordType(), uniqueId);
+ item = (*mCurrent)->item(dbAttributes.recordType(), uniqueId);
return true;
}
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
* specific language governing rights and limitations under the License.
*/
-
-/*
- File: KCCursor.h
-
- Contains: The keychain class
-
- Copyright: 2000 by Apple Computer, Inc., all rights reserved.
-
- To Do:
-*/
-
-#ifndef _H_KCCURSOR_
-#define _H_KCCURSOR_
+//
+// KCCursor.h
+//
+#ifndef _SECURITY_KCCURSOR_H_
+#define _SECURITY_KCCURSOR_H_
#include <Security/StorageManager.h>
namespace KeychainCore
{
-class KCCursor;
-
-class KCCursorImpl : public ReferencedObject
+class KCCursorImpl : public SecCFObject, public CssmAutoQuery
{
NOCOPY(KCCursorImpl)
+public:
friend class KCCursor;
protected:
- KCCursorImpl(const CssmClient::DbCursor &dbCursor, SecItemClass itemClass, const SecKeychainAttributeList *attrList);
- KCCursorImpl(const CssmClient::DbCursor &dbCursor, const SecKeychainAttributeList *attrList);
+ KCCursorImpl(const StorageManager::KeychainList &searchList, SecItemClass itemClass, const SecKeychainAttributeList *attrList);
+ KCCursorImpl(const StorageManager::KeychainList &searchList, const SecKeychainAttributeList *attrList);
public:
virtual ~KCCursorImpl();
bool next(Item &item);
private:
+ StorageManager::KeychainList mSearchList;
+ StorageManager::KeychainList::iterator mCurrent;
CssmClient::DbCursor mDbCursor;
};
KCCursor(KCCursorImpl *impl) : RefPointer<KCCursorImpl>(impl) {}
- KCCursor(const CssmClient::DbCursor &dbCursor, const SecKeychainAttributeList *attrList)
- : RefPointer<KCCursorImpl>(new KCCursorImpl(dbCursor, attrList)) {}
+ KCCursor(const StorageManager::KeychainList &searchList, const SecKeychainAttributeList *attrList)
+ : RefPointer<KCCursorImpl>(new KCCursorImpl(searchList, attrList)) {}
- KCCursor(const CssmClient::DbCursor &dbCursor, SecItemClass itemClass, const SecKeychainAttributeList *attrList)
- : RefPointer<KCCursorImpl>(new KCCursorImpl(dbCursor, itemClass, attrList)) {}
+ KCCursor(const StorageManager::KeychainList &searchList, SecItemClass itemClass, const SecKeychainAttributeList *attrList)
+ : RefPointer<KCCursorImpl>(new KCCursorImpl(searchList, itemClass, attrList)) {}
typedef KCCursorImpl Impl;
};
-typedef Ref<KCCursor, KCCursorImpl, SecKeychainSearchRef, errSecInvalidSearchRef> KCCursorRef;
-
} // end namespace KeychainCore
} // end namespace Security
-#endif /* _H_KCCURSOR_ */
-
+#endif // !_SECURITY_KCCURSOR_H_
#include "KCEventNotifier.h"
#include "KCExceptions.h"
#include "Keychains.h"
+#include <Security/cfutilities.h>
using namespace KeychainCore;
KCThrowIfMemFail_(CFNumberRef(theEventData));
CFDictionarySetValue(mutableDict, kSecEventTypeKey, theEventData);
+ pid_t thePid = getpid();
+ CFRef<CFNumberRef> thePidData(CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &thePid));
+ KCThrowIfMemFail_(CFNumberRef(thePidData));
+ CFDictionarySetValue(mutableDict, kSecEventPidKey, thePidData);
+
if (dlDbIdentifier)
{
CFRef<CFDictionaryRef> dict(DLDbListCFPref::dlDbIdentifierToCFDictionaryRef(dlDbIdentifier));
CFDictionarySetValue(mutableDict, kSecEventItemKey, data);
}
+
// 'name' has to be globally unique (could be KCLockEvent, etc.)
// 'object' is just information or a context that can be used.
// 'userInfo' has info on event (i.e. which DL/DB(kc - see John's Dict), the event,
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
/*
- File: KCEventNotifier.h
-
- Contains: OS X CF Notifier for Keychain Events
-
- Written by: Craig Mortensen
-
- Copyright: 2000 by Apple Computer, Inc., All rights reserved.
-
- Change History (most recent first):
-
- To Do:
-*/
-
-#ifndef _KCEVENTNOTIFIER_H_
-#define _KCEVENTNOTIFIER_H_
+ * KCEventNotifier.h -- OS X CF Notifier for Keychain Events
+ */
+#ifndef _SECURITY_KCEVENTNOTIFIER_H_
+#define _SECURITY_KCEVENTNOTIFIER_H_
#include <CoreFoundation/CFNotificationCenter.h>
#include <CoreFoundation/CFString.h>
#define kSecEventNotificationName CFSTR("com.apple.securitycore.kcevent")
#define kSecEventTypeKey CFSTR("type")
+#define kSecEventPidKey CFSTR("pid")
#define kSecEventKeychainKey CFSTR("keychain")
#define kSecEventItemKey CFSTR("item")
} // end namespace Security
-#endif /* _KCEVENTNOTIFIER_H_ */
+#endif /* _SECURITY_KCEVENTNOTIFIER_H_ */
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
/*
- File: KCEventObserver.h
-
- Contains: OS X CF Observer for Keychain Events
-
- Written by: Craig Mortensen
-
- Copyright: 2000 by Apple Computer, Inc., All rights reserved.
-
- Change History (most recent first):
-
- To Do:
-*/
+ * KCEventObserver.h -- OS X CF Observer for Keychain Events
+ */
+#ifndef _SECURITY_KCEVENTOBSERVER_H_
+#define _SECURITY_KCEVENTOBSERVER_H_
#include <CoreFoundation/CFNotificationCenter.h>
#include <CoreFoundation/CFString.h>
-#include <Security/SecKeychainAPI.h>
namespace Security
{
};
} // end namespace Security
+
+#endif // !_SECURITY_KCEVENTOBSERVER_H_
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
/*
- KCExceptions.h
-*/
-
-#ifndef _H_KCEXCEPTIONS
-#define _H_KCEXCEPTIONS
+ * KCExceptions.h
+ */
+#ifndef _SECURITY_KCEXCEPTIONS_H_
+#define _SECURITY_KCEXCEPTIONS_H_
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
} // end namespace Security
-#endif /* _H_KCEXCEPTIONS */
\ No newline at end of file
+#endif /* !_SECURITY_KCEXCEPTIONS_H_ */
return userCanceledErr;
case CSSM_ERRCODE_OPERATION_AUTH_DENIED:
return errSecAuthFailed;
- default:
+ case CSSM_ERRCODE_NO_USER_INTERACTION:
+ return errSecInteractionNotAllowed;
+ case CSSM_ERRCODE_OS_ACCESS_DENIED:
+ return wrPermErr;
+ default:
return cssmError;
}
}
switch (cssmError)
{
// DL SPECIFIC ERROR CODES
+ case CSSMERR_DL_OS_ACCESS_DENIED:
+ return wrPermErr;
case CSSMERR_DL_RECORD_NOT_FOUND:
return errSecItemNotFound;
case CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA:
// if an error occured and the item is valid, release the item
//
if ( *fResult != noErr && *fItem != NULL )
- ::SecKeychainItemRelease(*fItem ); // %%% rjp was KCItemRelease(fitem);
+ CFRelease(*fItem );
}
} // end namespace Security
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
* specific language governing rights and limitations under the License.
*/
+#ifndef _SECURITY_KCUTILITIES_H_
+#define _SECURITY_KCUTILITIES_H_
-#ifdef _KC_UTILS
-# pragma export on
-#endif
-
-#include <Security/SecKeychainAPI.h>
+#include <Security/SecKeychainItem.h>
#include <Security/utilities.h>
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
#include <memory>
} // end namespace Security
-#ifdef _KC_UTILS
-#pragma export off
-#endif
+#endif // !_SECURITY_KCUTILITIES_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// KeyItem.cpp
+//
+#include <Security/KeyItem.h>
+#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
+
+using namespace KeychainCore;
+
+KeyItem::KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId) :
+ ItemImpl(keychain, primaryKey, uniqueId),
+ mKey(NULL)
+{
+}
+
+KeyItem::KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey) :
+ ItemImpl(keychain, primaryKey),
+ mKey(NULL)
+{
+}
+
+KeyItem::KeyItem(KeyItem &keyItem) :
+ ItemImpl(keyItem),
+ mKey(NULL)
+{
+}
+
+KeyItem::~KeyItem()
+{
+ if (mKey)
+ {
+ CssmClient::SSDbUniqueRecord uniqueId(ssDbUniqueRecord());
+ uniqueId->database()->csp()->freeKey(*mKey);
+ uniqueId->allocator().free(mKey);
+ }
+}
+
+void
+KeyItem::update()
+{
+ MacOSError::throwMe(unimpErr);
+}
+
+Item
+KeyItem::copyTo(const Keychain &keychain)
+{
+ MacOSError::throwMe(unimpErr);
+}
+
+void
+KeyItem::didModify()
+{
+}
+
+PrimaryKey
+KeyItem::add(Keychain &keychain)
+{
+ MacOSError::throwMe(unimpErr);
+}
+
+CssmClient::SSDbUniqueRecord
+KeyItem::ssDbUniqueRecord()
+{
+ DbUniqueRecordImpl *impl = &*dbUniqueRecord();
+ return CssmClient::SSDbUniqueRecord(safe_cast<Security::CssmClient::SSDbUniqueRecordImpl *>(impl));
+}
+
+const CssmKey &
+KeyItem::cssmKey()
+{
+ if (!mKey)
+ {
+ CssmClient::SSDbUniqueRecord uniqueId(ssDbUniqueRecord());
+ CssmDataContainer dataBlob(uniqueId->allocator());
+ uniqueId->get(NULL, &dataBlob);
+ mKey = reinterpret_cast<CssmKey *>(dataBlob.Data);
+ dataBlob.Data = NULL;
+ dataBlob.Length = 0;
+ }
+
+ return *mKey;
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// KeyItem.h
+//
+#ifndef _SECURITY_KEYITEM_H_
+#define _SECURITY_KEYITEM_H_
+
+#include <Security/Item.h>
+
+namespace Security
+{
+
+namespace KeychainCore
+{
+
+class KeyItem : public ItemImpl
+{
+ NOCOPY(KeyItem)
+public:
+ // db item contstructor
+ KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
+
+ // PrimaryKey item contstructor
+ KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey);
+
+ KeyItem(KeyItem &keyItem);
+
+ virtual ~KeyItem();
+
+ virtual void update();
+ virtual Item copyTo(const Keychain &keychain);
+ virtual void didModify();
+
+ CssmClient::SSDbUniqueRecord ssDbUniqueRecord();
+ const CssmKey &cssmKey();
+
+protected:
+ virtual PrimaryKey add(Keychain &keychain);
+private:
+ CssmKey *mKey;
+};
+
+} // end namespace KeychainCore
+
+} // end namespace Security
+
+#endif // !_SECURITY_KEYITEM_H_
#include <Security/cssmacl.h>
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
#include <Security/cssmdb.h>
-
+#include <Security/trackingallocator.h>
+#include <Security/SecCFTypes.h>
using namespace KeychainCore;
using namespace CssmClient;
RelationInfoMap &rim = mDatabaseInfoMap[relationID];
while (attributes->next(&attributeRecord, NULL, uniqueId))
{
- if(CSSM_DB_ATTRIBUTE_FORMAT(attributeRecord.at(2))==CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER)
+ // @@@ this if statement was blocking tags of different naming conventions
+ //if(CSSM_DB_ATTRIBUTE_FORMAT(attributeRecord.at(2))==CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER)
rim[attributeRecord.at(1)] = attributeRecord.at(0);
}
for_each_map_delete(mPrimaryKeyInfoMap.begin(), mPrimaryKeyInfoMap.end());
}
-CSSM_DB_ATTRIBUTE_FORMAT
-KeychainSchemaImpl::attributeFormatFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const
+const KeychainSchemaImpl::RelationInfoMap &
+KeychainSchemaImpl::relationInfoMapFor(CSSM_DB_RECORDTYPE recordType) const
{
-
DatabaseInfoMap::const_iterator dit = mDatabaseInfoMap.find(recordType);
if (dit == mDatabaseInfoMap.end())
MacOSError::throwMe(errSecNoSuchClass);
- RelationInfoMap::const_iterator rit = dit->second.find(attributeId);
- if (dit == dit->second.end())
+ return dit->second;
+}
+
+bool
+KeychainSchemaImpl::hasAttribute(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const
+{
+ const RelationInfoMap &rmap = relationInfoMapFor(recordType);
+ RelationInfoMap::const_iterator rit = rmap.find(attributeId);
+ return rit != rmap.end();
+}
+
+CSSM_DB_ATTRIBUTE_FORMAT
+KeychainSchemaImpl::attributeFormatFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const
+{
+ const RelationInfoMap &rmap = relationInfoMapFor(recordType);
+ RelationInfoMap::const_iterator rit = rmap.find(attributeId);
+ if (rit == rmap.end())
MacOSError::throwMe(errSecNoSuchAttr);
return rit->second;
}
CssmDbAttributeInfo
-KeychainSchemaImpl::attributeInfoForTag(UInt32 tag)
+KeychainSchemaImpl::attributeInfoFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const
{
CSSM_DB_ATTRIBUTE_INFO info;
+ info.AttributeFormat = attributeFormatFor(recordType, attributeId);
+ info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER;
+ info.Label.AttributeID = attributeId;
- for(DatabaseInfoMap::const_iterator dit = mDatabaseInfoMap.begin(); dit != mDatabaseInfoMap.end(); ++dit)
- {
- for(RelationInfoMap::const_iterator rit = dit->second.begin(); rit != dit->second.end(); ++rit)
- {
- if(rit->first==tag)
- {
- info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER;
- info.Label.AttributeID = rit->first;
- info.AttributeFormat = rit->second;
- return info;
- }
- }
- }
return info;
}
void
-KeychainSchemaImpl::getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, SecKeychainAttributeInfo **Info)
+KeychainSchemaImpl::getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, SecKeychainAttributeInfo **Info) const
{
- DatabaseInfoMap::const_iterator dit = mDatabaseInfoMap.find(recordType);
- if (dit == mDatabaseInfoMap.end())
- MacOSError::throwMe(errSecNoSuchClass);
+ const RelationInfoMap &rmap = relationInfoMapFor(recordType);
SecKeychainAttributeInfo *theList=reinterpret_cast<SecKeychainAttributeInfo *>(malloc(sizeof(SecKeychainAttributeInfo)));
- UInt32 capacity=32;
+ UInt32 capacity=rmap.size();
UInt32 *tagBuf=reinterpret_cast<UInt32 *>(malloc(capacity*sizeof(UInt32)));
UInt32 *formatBuf=reinterpret_cast<UInt32 *>(malloc(capacity*sizeof(UInt32)));
UInt32 i=0;
- for(RelationInfoMap::const_iterator rit = dit->second.begin(); rit != dit->second.end(); ++rit)
+
+ for (RelationInfoMap::const_iterator rit = rmap.begin(); rit != rmap.end(); ++rit)
{
- if(i>=capacity)
+ if (i>=capacity)
{
- capacity*=2;
+ capacity *= 2;
+ if (capacity <= i) capacity = i + 1;
tagBuf=reinterpret_cast<UInt32 *>(realloc(tagBuf, (capacity*sizeof(UInt32))));
formatBuf=reinterpret_cast<UInt32 *>(realloc(tagBuf, (capacity*sizeof(UInt32))));
}
const CssmAutoDbRecordAttributeInfo &
-KeychainSchemaImpl::primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType)
+KeychainSchemaImpl::primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType) const
{
- PrimaryKeyInfoMap::iterator it;
+ PrimaryKeyInfoMap::const_iterator it;
it = mPrimaryKeyInfoMap.find(recordType);
- // if the primary key attributes have already been determined,
- // return the cached results
-
if (it == mPrimaryKeyInfoMap.end())
MacOSError::throwMe(errSecNoSuchClass); // @@@ Not really but whatever.
{
}
+bool
+KeychainImpl::operator ==(const KeychainImpl &keychain) const
+{
+ return dLDbIdentifier() == keychain.dLDbIdentifier();
+}
+
KCCursor
KeychainImpl::createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList)
{
- return KCCursor(DbCursor(mDb), itemClass, attrList);
+ StorageManager::KeychainList keychains;
+ keychains.push_back(Keychain(this));
+ return KCCursor(keychains, itemClass, attrList);
}
KCCursor
KeychainImpl::createCursor(const SecKeychainAttributeList *attrList)
{
- return KCCursor(DbCursor(mDb), attrList);
+ StorageManager::KeychainList keychains;
+ keychains.push_back(Keychain(this));
+ return KCCursor(keychains, attrList);
}
void
}
CssmAllocator &alloc = CssmAllocator::standard();
+
// @@@ Share this instance
- KeychainAclFactory aclFactory(alloc);
- // @@@ This leaks the returned credentials
const CssmData password(const_cast<void *>(inPassword), passwordLength);
- const AccessCredentials *cred = aclFactory.passwordChangeCredentials(password);
-
+ AclFactory::PasswordChangeCredentials pCreds (password, alloc);
+ const AccessCredentials* aa = pCreds;
+
// @@@ Create a nice wrapper for building the default AclEntryPrototype.
TypedList subject(alloc, CSSM_ACL_SUBJECT_TYPE_ANY);
AclEntryPrototype protoType(subject);
authGroup.NumberOfAuthTags = 1;
authGroup.AuthTags = &tag;
- const ResourceControlContext rcc(protoType, const_cast<AccessCredentials *>(cred));
+ const ResourceControlContext rcc(protoType, const_cast<AccessCredentials *>(aa));
create(&rcc);
}
{
CssmAllocator &alloc = CssmAllocator::standard();
// @@@ Share this instance
+#ifdef OBSOLETE
KeychainAclFactory aclFactory(alloc);
const AccessCredentials *cred = aclFactory.keychainPromptUnlockCredentials();
-
+#endif
+ AclFactory aclFactor;
+ const AccessCredentials *cred = aclFactor.unlockCred ();
+
// @@@ Create a nice wrapper for building the default AclEntryPrototype.
TypedList subject(alloc, CSSM_ACL_SUBJECT_TYPE_ANY);
AclEntryPrototype protoType(subject);
{
// @@@ We should figure out the read/write status though a DL passthrough or some other way.
// @@@ Also should locked be unlocked read only or just read-only?
- return (mDb->isLocked() ? 0 : kSecUnlockStateStatus | kSecWrPermStatus) | kSecRdPermStatus;
+ return (mDb->isLocked() ? 0 : kSecUnlockStateStatus | kSecWritePermStatus) | kSecReadPermStatus;
}
bool
void
KeychainImpl::add(Item &inItem)
{
- PrimaryKey primaryKey = inItem->add(this);
+ Keychain keychain(this);
+ PrimaryKey primaryKey = inItem->add(keychain);
{
StLock<Mutex> _(mDbItemMapLock);
- // Use &* to get the item's Impl.
- mDbItemMap[primaryKey] = &*inItem;
+ mDbItemMap[primaryKey] = inItem.get();
}
KCEventNotifier::PostKeychainEvent(kSecAddEvent, this, inItem);
KCEventNotifier::PostKeychainEvent(kSecDeleteEvent, dLDbIdentifier(), primaryKey);
}
+
+CssmClient::CSP
+KeychainImpl::csp()
+{
+ if (!mDb->dl()->subserviceMask() & CSSM_SERVICE_CSP)
+ MacOSError::throwMe(errSecInvalidKeychain);
+
+ SSDb ssDb(safe_cast<SSDbImpl *>(&(*mDb)));
+ return ssDb->csp();
+}
+
PrimaryKey
KeychainImpl::makePrimaryKey(CSSM_DB_RECORDTYPE recordType, DbUniqueRecord &uniqueId)
{
}
CssmDbAttributeInfo
-KeychainImpl::attributeInfoForTag(UInt32 tag)
+KeychainImpl::attributeInfoFor(CSSM_DB_RECORDTYPE recordType, UInt32 tag)
{
- return keychainSchema()->attributeInfoForTag(tag);
+ return keychainSchema()->attributeInfoFor(recordType, tag);
}
Keychain::optional(SecKeychainRef handle)
{
if (handle)
- return KeychainRef::required(handle);
+ return gTypes().keychain.required(handle);
else
return globals().defaultKeychain;
}
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
* specific language governing rights and limitations under the License.
*/
+//
+// Keychains.h - The Keychain class
+//
+#ifndef _SECURITY_KEYCHAINS_H_
+#define _SECURITY_KEYCHAINS_H_
-/*
- File: Keychains.h
-
- Contains: The keychain class
-
- Copyright: 2000 by Apple Computer, Inc., all rights reserved.
-
- To Do:
-*/
-
-#ifndef _H_KEYCHAINS_
-#define _H_KEYCHAINS_
-
+#include <Security/cspclient.h>
#include <Security/dlclient.h>
#include <Security/refcount.h>
#include <Security/utilities.h>
#include <Security/DLDBListCFPref.h>
-#include <Security/Refs.h>
-#include <Security/SecKeychainAPI.h>
-#include <Security/SecKeychainAPIPriv.h>
+#include <Security/SecRuntime.h>
+#include <Security/SecKeychain.h>
+#include <Security/SecKeychainItem.h>
#include <memory>
namespace Security
class KCCursor;
class Item;
-class ItemImpl;
-class Keychain;
class PrimaryKey;
class StorageManager;
-class KeychainSchemaImpl : public ReferencedObject
+class KeychainSchemaImpl : public RefCount
{
+ NOCOPY(KeychainSchemaImpl)
public:
+ friend class KeychainSchema;
+protected:
KeychainSchemaImpl(const CssmClient::Db &db);
+public:
~KeychainSchemaImpl();
CSSM_DB_ATTRIBUTE_FORMAT attributeFormatFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const;
- const CssmAutoDbRecordAttributeInfo &primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType);
+ const CssmAutoDbRecordAttributeInfo &primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType) const;
bool operator <(const KeychainSchemaImpl &other) const;
bool operator ==(const KeychainSchemaImpl &other) const;
- void getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, SecKeychainAttributeInfo **Info);
- CssmDbAttributeInfo attributeInfoForTag(UInt32 tag);
+ void getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, SecKeychainAttributeInfo **Info) const;
+ CssmDbAttributeInfo attributeInfoFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const;
+ bool hasAttribute(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const;
private:
typedef map<CSSM_DB_RECORDTYPE, CssmAutoDbRecordAttributeInfo *> PrimaryKeyInfoMap;
typedef map<uint32, CSSM_DB_ATTRIBUTE_FORMAT> RelationInfoMap;
typedef map<CSSM_DB_RECORDTYPE, RelationInfoMap> DatabaseInfoMap;
DatabaseInfoMap mDatabaseInfoMap;
-
-
+private:
+ const RelationInfoMap &relationInfoMapFor(CSSM_DB_RECORDTYPE recordType) const;
};
};
-class KeychainImpl : public ReferencedObject
+class KeychainImpl : public SecCFObject
{
NOCOPY(KeychainImpl)
+public:
friend class Keychain;
+ friend class ItemImpl;
protected:
KeychainImpl(const CssmClient::Db &db);
protected:
// Methods called by ItemImpl;
- friend class ItemImpl;
-
void didUpdate(ItemImpl *inItemImpl, PrimaryKey &oldPK,
PrimaryKey &newPK);
public:
virtual ~KeychainImpl();
+ bool operator ==(const KeychainImpl &) const;
+
// Item calls
void add(Item &item); // item must not be persistant. Item will change.
void deleteItem(Item &item); // item must be persistant.
CssmClient::Db database() { return mDb; }
DLDbIdentifier dLDbIdentifier() const { return mDb->dlDbIdentifier(); }
+ CssmClient::CSP csp();
+
PrimaryKey makePrimaryKey(CSSM_DB_RECORDTYPE recordType, CssmClient::DbUniqueRecord &uniqueId);
void gatherPrimaryKeyAttributes(CssmClient::DbAttributes& primaryKeyAttrs);
Item item(const PrimaryKey& primaryKey);
Item item(CSSM_DB_RECORDTYPE recordType, CssmClient::DbUniqueRecord &uniqueId);
- CssmDbAttributeInfo attributeInfoForTag(UInt32 tag);
+ CssmDbAttributeInfo attributeInfoFor(CSSM_DB_RECORDTYPE recordType, UInt32 tag);
void getAttributeInfoForItemID(CSSM_DB_RECORDTYPE itemID, SecKeychainAttributeInfo **Info);
-static void freeAttributeInfo(SecKeychainAttributeInfo *Info);
+ static void freeAttributeInfo(SecKeychainAttributeInfo *Info);
+ KeychainSchema keychainSchema();
private:
- KeychainSchema keychainSchema();
void addItem(const PrimaryKey &primaryKey, ItemImpl *dbItemImpl);
void removeItem(const PrimaryKey &primaryKey, const ItemImpl *inItemImpl);
};
-typedef Ref<Keychain, KeychainImpl, SecKeychainRef, errSecInvalidKeychain> KeychainRef;
-
} // end namespace KeychainCore
} // end namespace Security
-#endif /* _H_KEYCHAINS_ */
-
+#endif // !_SECURITY_KEYCHAINS_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// Policy.cpp - Working with Policies
+//
+#include <Security/Policies.h>
+
+using namespace KeychainCore;
+
+Policy::Policy(TP supportingTp, const CssmOid &policyOid)
+ : mTp(supportingTp),
+ mOid(CssmAllocator::standard(), policyOid),
+ mValue(CssmAllocator::standard())
+{
+ // value is as yet unimplemented
+}
+
+Policy::~Policy()
+{
+}
+
+bool Policy::operator < (const Policy& other) const
+{
+ //@@@ inefficient
+ return oid() < other.oid() ||
+ oid() == other.oid() && value() < other.value();
+}
+
+bool Policy::operator == (const Policy& other) const
+{
+ return oid() == other.oid() && value() == other.value();
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// Policies.h
+//
+#ifndef _SECURITY_POLICY_H_
+#define _SECURITY_POLICY_H_
+
+#include <Security/SecRuntime.h>
+#include <Security/cssmdata.h>
+#include <Security/tpclient.h>
+
+namespace Security
+{
+
+namespace KeychainCore
+{
+
+using namespace CssmClient;
+
+//
+// A Policy[Impl] represents a particular
+// CSSM "policy" managed by a particular TP.
+//
+class Policy : public SecCFObject
+{
+ NOCOPY(Policy)
+public:
+ Policy(TP supportingTp, const CssmOid &policyOid);
+
+public:
+ virtual ~Policy();
+
+ TP &tp() { return mTp; }
+ const TP &tp() const { return mTp; }
+ const CssmOid &oid() const { return mOid; }
+ const CssmData &value() const { return mValue; }
+
+ bool operator < (const Policy& other) const;
+ bool operator == (const Policy& other) const;
+
+private:
+ TP mTp; // TP module for this Policy
+ CssmAutoData mOid; // OID for this policy
+ CssmAutoData mValue; // value for this policy
+};
+
+} // end namespace KeychainCore
+
+} // end namespace Security
+
+#endif // !_SECURITY_POLICY_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// PolicyCursor.cpp
+//
+#include <Security/PolicyCursor.h>
+#include <Security/oidsalg.h>
+#include <Security/tpclient.h>
+
+using namespace KeychainCore;
+using namespace CssmClient;
+
+
+//
+// This preliminary implementation bypasses MDS and uses
+// a fixed set of policies known to exist in the one known TP.
+//
+struct TheOneTP : public TP {
+ TheOneTP() : TP(gGuidAppleX509TP) { }
+};
+
+static ModuleNexus<TheOneTP> theOneTP;
+static const CssmOid *theOidList[] = {
+ static_cast<const CssmOid *>(&CSSMOID_APPLE_ISIGN),
+ static_cast<const CssmOid *>(&CSSMOID_APPLE_X509_BASIC),
+ static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_SSL),
+ NULL // sentinel
+};
+
+
+//
+// Canonical Construction
+//
+PolicyCursor::PolicyCursor(const CSSM_OID* oid, const CSSM_DATA* value)
+ : mOid(CssmAllocator::standard()), mOidGiven(false)
+{
+ if (oid) {
+ mOid = CssmOid::required(oid);
+ mOidGiven = true;
+ }
+ mSearchPos = 0;
+}
+
+
+//
+// Destroy
+//
+PolicyCursor::~PolicyCursor()
+{
+}
+
+
+//
+// Crank the iterator
+//
+bool PolicyCursor::next(RefPointer<Policy> &policy)
+{
+ while (theOidList[mSearchPos]) {
+ if (mOidGiven && mOid != *theOidList[mSearchPos]) {
+ mSearchPos++;
+ continue; // no oid match
+ }
+ // ignoring mValue - not used by current TP
+ policy = new Policy(theOneTP(), *theOidList[mSearchPos]);
+ mSearchPos++; // advance cursor
+ return true; // return next match
+ }
+ return false; // end of table, no more matches
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// PolicyCursor.h
+//
+#ifndef _SECURITY_POLICYCURSOR_H_
+#define _SECURITY_POLICYCURSOR_H_
+
+#include <Security/SecRuntime.h>
+#include <Security/Policies.h>
+#include <Security/cssmdata.h>
+#include <Security/mds.h>
+#include <Security/mds_schema.h>
+
+namespace Security
+{
+
+namespace KeychainCore
+{
+
+class Policy;
+
+class PolicyCursor : public SecCFObject
+{
+ NOCOPY(PolicyCursor)
+public:
+ PolicyCursor(const CSSM_OID* oid, const CSSM_DATA* value);
+ virtual ~PolicyCursor();
+ bool next(RefPointer<Policy> &policy);
+
+private:
+ //CFArrayRef mKeychainSearchList;
+ //SecKeyUsage mKeyUsage;
+ //SecPolicyRef mPolicy;
+ CssmAutoData mOid;
+ bool mOidGiven;
+ // value ignored (for now?)
+
+#if 1 // quick version -- using built-in policy list
+
+ int mSearchPos; // next untried table entry
+
+#else // MDS version -- later
+ bool mFirstLookup;
+
+ //
+ // Initialization
+ //
+ MDS_HANDLE mMdsHand;
+ CSSM_DB_HANDLE mDbHand;
+ //
+ // Used for searching (lookups)
+ //
+ MDS_DB_HANDLE mObjDlDb;
+ MDS_DB_HANDLE mCdsaDlDb;
+ MDS_FUNCS* mMdsFuncs;
+#endif
+};
+
+} // end namespace KeychainCore
+
+} // end namespace Security
+
+#endif // !_SECURITY_POLICYCURSOR_H_
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
//
// PrimaryKey.h
//
-#ifndef _H_PRIMARYKEY
-#define _H_PRIMARYKEY
+#ifndef _SECURITY_PRIMARYKEY_H_
+#define _SECURITY_PRIMARYKEY_H_
#include <Security/dlclient.h>
#include <Security/Keychains.h>
bool operator <(const PrimaryKey &other) const { return **this < *other; }
};
-}; // end namespace KeychainCore
+} // end namespace KeychainCore
} // end namespace Security
-#endif // _H_PRIMARYKEY
+#endif // !_SECURITY_PRIMARYKEY_H_
* specific language governing rights and limitations under the License.
*/
-
+#if 0
//
// Refs.h
//
} // end namespace Security
-#endif // _H_REFS
\ No newline at end of file
+#endif // _H_REFS
+#endif
--- /dev/null
+// This file is automatically generated, temporary, and ugly.
+// Don't even THINK of editing this.
+static const unsigned char cert_0 [] = {
+0x30,0x82,0x03,0x77,0x30,0x82,0x02,0x5f,0xa0,0x03,0x02,0x01,0x02,0x02,0x04,0x02,
+0x00,0x00,0xb9,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,
+0x05,0x00,0x30,0x5a,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,
+0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74,
+0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a,
+0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03,
+0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43,
+0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,
+0x17,0x0d,0x30,0x30,0x30,0x35,0x31,0x32,0x31,0x38,0x34,0x36,0x30,0x30,0x5a,0x17,
+0x0d,0x32,0x35,0x30,0x35,0x31,0x32,0x32,0x33,0x35,0x39,0x30,0x30,0x5a,0x30,0x5a,
+0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,0x45,0x31,0x12,0x30,
+0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,
+0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a,0x43,0x79,0x62,0x65,
+0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x13,
+0x19,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43,0x79,0x62,0x65,0x72,
+0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x30,0x82,0x01,0x22,0x30,0x0d,
+0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,
+0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xa3,0x04,0xbb,0x22,0xab,
+0x98,0x3d,0x57,0xe8,0x26,0x72,0x9a,0xb5,0x79,0xd4,0x29,0xe2,0xe1,0xe8,0x95,0x80,
+0xb1,0xb0,0xe3,0x5b,0x8e,0x2b,0x29,0x9a,0x64,0xdf,0xa1,0x5d,0xed,0xb0,0x09,0x05,
+0x6d,0xdb,0x28,0x2e,0xce,0x62,0xa2,0x62,0xfe,0xb4,0x88,0xda,0x12,0xeb,0x38,0xeb,
+0x21,0x9d,0xc0,0x41,0x2b,0x01,0x52,0x7b,0x88,0x77,0xd3,0x1c,0x8f,0xc7,0xba,0xb9,
+0x88,0xb5,0x6a,0x09,0xe7,0x73,0xe8,0x11,0x40,0xa7,0xd1,0xcc,0xca,0x62,0x8d,0x2d,
+0xe5,0x8f,0x0b,0xa6,0x50,0xd2,0xa8,0x50,0xc3,0x28,0xea,0xf5,0xab,0x25,0x87,0x8a,
+0x9a,0x96,0x1c,0xa9,0x67,0xb8,0x3f,0x0c,0xd5,0xf7,0xf9,0x52,0x13,0x2f,0xc2,0x1b,
+0xd5,0x70,0x70,0xf0,0x8f,0xc0,0x12,0xca,0x06,0xcb,0x9a,0xe1,0xd9,0xca,0x33,0x7a,
+0x77,0xd6,0xf8,0xec,0xb9,0xf1,0x68,0x44,0x42,0x48,0x13,0xd2,0xc0,0xc2,0xa4,0xae,
+0x5e,0x60,0xfe,0xb6,0xa6,0x05,0xfc,0xb4,0xdd,0x07,0x59,0x02,0xd4,0x59,0x18,0x98,
+0x63,0xf5,0xa5,0x63,0xe0,0x90,0x0c,0x7d,0x5d,0xb2,0x06,0x7a,0xf3,0x85,0xea,0xeb,
+0xd4,0x03,0xae,0x5e,0x84,0x3e,0x5f,0xff,0x15,0xed,0x69,0xbc,0xf9,0x39,0x36,0x72,
+0x75,0xcf,0x77,0x52,0x4d,0xf3,0xc9,0x90,0x2c,0xb9,0x3d,0xe5,0xc9,0x23,0x53,0x3f,
+0x1f,0x24,0x98,0x21,0x5c,0x07,0x99,0x29,0xbd,0xc6,0x3a,0xec,0xe7,0x6e,0x86,0x3a,
+0x6b,0x97,0x74,0x63,0x33,0xbd,0x68,0x18,0x31,0xf0,0x78,0x8d,0x76,0xbf,0xfc,0x9e,
+0x8e,0x5d,0x2a,0x86,0xa7,0x4d,0x90,0xdc,0x27,0x1a,0x39,0x02,0x03,0x01,0x00,0x01,
+0xa3,0x45,0x30,0x43,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0xe5,
+0x9d,0x59,0x30,0x82,0x47,0x58,0xcc,0xac,0xfa,0x08,0x54,0x36,0x86,0x7b,0x3a,0xb5,
+0x04,0x4d,0xf0,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,
+0x06,0x01,0x01,0xff,0x02,0x01,0x03,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
+0xff,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
+0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x85,0x0c,0x5d,0x8e,0xe4,
+0x6f,0x51,0x68,0x42,0x05,0xa0,0xdd,0xbb,0x4f,0x27,0x25,0x84,0x03,0xbd,0xf7,0x64,
+0xfd,0x2d,0xd7,0x30,0xe3,0xa4,0x10,0x17,0xeb,0xda,0x29,0x29,0xb6,0x79,0x3f,0x76,
+0xf6,0x19,0x13,0x23,0xb8,0x10,0x0a,0xf9,0x58,0xa4,0xd4,0x61,0x70,0xbd,0x04,0x61,
+0x6a,0x12,0x8a,0x17,0xd5,0x0a,0xbd,0xc5,0xbc,0x30,0x7c,0xd6,0xe9,0x0c,0x25,0x8d,
+0x86,0x40,0x4f,0xec,0xcc,0xa3,0x7e,0x38,0xc6,0x37,0x11,0x4f,0xed,0xdd,0x68,0x31,
+0x8e,0x4c,0xd2,0xb3,0x01,0x74,0xee,0xbe,0x75,0x5e,0x07,0x48,0x1a,0x7f,0x70,0xff,
+0x16,0x5c,0x84,0xc0,0x79,0x85,0xb8,0x05,0xfd,0x7f,0xbe,0x65,0x11,0xa3,0x0f,0xc0,
+0x02,0xb4,0xf8,0x52,0x37,0x39,0x04,0xd5,0xa9,0x31,0x7a,0x18,0xbf,0xa0,0x2a,0xf4,
+0x12,0x99,0xf7,0xa3,0x45,0x82,0xe3,0x3c,0x5e,0xf5,0x9d,0x9e,0xb5,0xc8,0x9e,0x7c,
+0x2e,0xc8,0xa4,0x9e,0x4e,0x08,0x14,0x4b,0x6d,0xfd,0x70,0x6d,0x6b,0x1a,0x63,0xbd,
+0x64,0xe6,0x1f,0xb7,0xce,0xf0,0xf2,0x9f,0x2e,0xbb,0x1b,0xb7,0xf2,0x50,0x88,0x73,
+0x92,0xc2,0xe2,0xe3,0x16,0x8d,0x9a,0x32,0x02,0xab,0x8e,0x18,0xdd,0xe9,0x10,0x11,
+0xee,0x7e,0x35,0xab,0x90,0xaf,0x3e,0x30,0x94,0x7a,0xd0,0x33,0x3d,0xa7,0x65,0x0f,
+0xf5,0xfc,0x8e,0x9e,0x62,0xcf,0x47,0x44,0x2c,0x01,0x5d,0xbb,0x1d,0xb5,0x32,0xd2,
+0x47,0xd2,0x38,0x2e,0xd0,0xfe,0x81,0xdc,0x32,0x6a,0x1e,0xb5,0xee,0x3c,0xd5,0xfc,
+0xe7,0x81,0x1d,0x19,0xc3,0x24,0x42,0xea,0x63,0x39,0xa9,};
+static const unsigned char cert_1 [] = {
+0x30,0x82,0x03,0xa6,0x30,0x82,0x02,0x8e,0xa0,0x03,0x02,0x01,0x02,0x02,0x04,0x02,
+0x00,0x00,0xbf,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,
+0x05,0x00,0x30,0x67,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,
+0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74,
+0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a,
+0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x2f,0x30,0x2d,0x06,0x03,
+0x55,0x04,0x03,0x13,0x26,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43,
+0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x43,0x6f,0x64,0x65,0x20,0x53,
+0x69,0x67,0x6e,0x69,0x6e,0x67,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,0x0d,0x30,
+0x30,0x30,0x35,0x31,0x37,0x31,0x34,0x30,0x31,0x30,0x30,0x5a,0x17,0x0d,0x32,0x35,
+0x30,0x35,0x31,0x37,0x32,0x33,0x35,0x39,0x30,0x30,0x5a,0x30,0x67,0x31,0x0b,0x30,
+0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,0x45,0x31,0x12,0x30,0x10,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,
+0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a,0x43,0x79,0x62,0x65,0x72,0x54,0x72,
+0x75,0x73,0x74,0x31,0x2f,0x30,0x2d,0x06,0x03,0x55,0x04,0x03,0x13,0x26,0x42,0x61,
+0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,
+0x73,0x74,0x20,0x43,0x6f,0x64,0x65,0x20,0x53,0x69,0x67,0x6e,0x69,0x6e,0x67,0x20,
+0x52,0x6f,0x6f,0x74,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
+0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,
+0x02,0x82,0x01,0x01,0x00,0xc8,0x71,0x9a,0x18,0x12,0x8e,0x7a,0xdb,0xf9,0x9a,0xfc,
+0x41,0xaf,0xd8,0xf2,0xf4,0x09,0x8e,0xad,0x3f,0xfe,0x67,0x37,0x3c,0xda,0xc9,0x26,
+0x50,0xb1,0xb1,0x3e,0xcb,0xe8,0x4e,0x73,0x00,0xf2,0xb2,0xdc,0xf3,0xc5,0x46,0xfb,
+0x09,0xef,0x18,0x96,0xce,0xa7,0xe0,0x9c,0x84,0x5d,0x20,0x0e,0x7a,0xa0,0xaa,0x36,
+0x8b,0xfa,0x28,0xb6,0x78,0x2e,0xb3,0xec,0xe8,0x47,0xf3,0x04,0xf0,0x90,0x23,0xb4,
+0xea,0xaf,0xe5,0x53,0xb8,0x05,0xf7,0x47,0x5d,0x2b,0x86,0xf1,0xa7,0xa4,0xc6,0x3b,
+0x35,0xb6,0xd2,0x0d,0x52,0x41,0xd7,0xf4,0x92,0x75,0xe1,0xa2,0x0a,0x50,0x56,0x87,
+0xbe,0x97,0x0b,0x7b,0x33,0x85,0x10,0xb9,0x28,0x18,0xee,0x33,0xea,0x48,0x11,0xd7,
+0x5b,0x91,0x47,0x76,0x22,0xd4,0xee,0xcf,0x5d,0xe7,0xa8,0x4e,0x1c,0x9d,0x96,0x91,
+0xdd,0x9c,0xbd,0x74,0x09,0xa8,0x72,0x61,0xaa,0xb0,0x21,0x3a,0xf1,0x3d,0x2c,0x03,
+0x56,0x09,0xd2,0xc1,0xdc,0xc3,0xb5,0xc7,0x54,0x37,0xab,0xe6,0x26,0xa2,0xb2,0x46,
+0x71,0x73,0xca,0x11,0x88,0xee,0xbc,0xe7,0x64,0xf7,0xd0,0x11,0x1a,0x73,0x40,0x5a,
+0xc8,0x49,0x2c,0x0f,0xb7,0xef,0x90,0x7f,0x68,0x80,0x04,0x38,0x0b,0x1b,0x0f,0x3b,
+0xd4,0xf5,0xa0,0xb3,0xc2,0x8e,0xe1,0x34,0xb4,0x80,0x99,0x6d,0x9e,0x76,0xd4,0x92,
+0x29,0x40,0xb1,0x95,0xd2,0x37,0xa4,0x67,0x12,0x7f,0xe0,0x62,0xbb,0xae,0x35,0xc5,
+0x99,0x36,0x82,0x44,0xb8,0xe6,0x78,0x18,0x33,0x61,0x71,0x93,0x5b,0x2d,0x8d,0x9f,
+0x78,0x95,0x82,0xeb,0x6d,0x02,0x03,0x01,0x00,0x01,0xa3,0x5a,0x30,0x58,0x30,0x13,
+0x06,0x03,0x55,0x1d,0x25,0x04,0x0c,0x30,0x0a,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,
+0x07,0x03,0x03,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0xc8,0x41,
+0x34,0x5c,0x15,0x15,0x04,0xe5,0x40,0xf2,0xd1,0xab,0x9a,0x6f,0x24,0x92,0x7a,0x87,
+0x42,0x5a,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,
+0x01,0x01,0xff,0x02,0x01,0x03,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,
+0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
+0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x52,0x74,0xaa,0x95,0x4b,0x22,
+0x8c,0xc7,0x3d,0x96,0xa4,0xfe,0x5d,0xfa,0x2f,0xb5,0xbc,0xeb,0xf0,0x0b,0xe9,0x56,
+0x38,0x1d,0xd1,0x6d,0x0d,0xa1,0xbc,0x68,0x8b,0xf0,0xc5,0x80,0xa5,0x24,0x34,0xfd,
+0xf2,0x96,0x18,0x11,0x86,0xa1,0x36,0xf5,0x37,0xe7,0x54,0x40,0xd5,0x64,0x1f,0xc3,
+0x5f,0x70,0x42,0x6b,0x2d,0x39,0xc7,0x9e,0x52,0x05,0xce,0xe7,0x6a,0x72,0xd2,0x8d,
+0x72,0x3f,0x47,0x50,0x83,0xab,0xc7,0x8d,0x25,0xc9,0xb0,0xe3,0xa7,0x53,0x16,0x95,
+0xa6,0x6a,0x53,0xea,0x18,0x9d,0x8f,0x78,0xa9,0x77,0x77,0x1a,0xf9,0xb4,0x97,0x47,
+0x59,0x88,0x27,0x28,0xb5,0xca,0xe1,0x2e,0xd7,0x3e,0x0e,0xa2,0x0d,0xb8,0x22,0x44,
+0x03,0xe3,0xd1,0x63,0xb0,0x41,0x3a,0xa1,0xf5,0xa4,0x2d,0xf7,0x76,0x1e,0x04,0x54,
+0x99,0x78,0x32,0x40,0xd7,0x2b,0x7c,0x4d,0xba,0xa6,0x9c,0xb0,0x79,0x6e,0x07,0xbe,
+0x8c,0xec,0xee,0xd7,0x38,0x69,0x5b,0xc1,0x0c,0x56,0x68,0x9f,0xfe,0xeb,0xd1,0xe1,
+0xc8,0x88,0xf9,0xf2,0xcd,0x7f,0xbe,0x85,0xb4,0x44,0x67,0x00,0x50,0x3e,0xf4,0x26,
+0x03,0x64,0xea,0x77,0x7d,0xe8,0x5e,0x3e,0x1c,0x37,0x47,0xc8,0xd6,0xea,0xa4,0xf3,
+0x36,0x3c,0x97,0xc2,0x39,0x72,0x05,0x94,0x19,0x25,0xc3,0xd7,0x37,0x41,0x0f,0xc1,
+0x1f,0x87,0x8a,0xfd,0xaa,0xbe,0xe9,0xb1,0x64,0x57,0xe4,0xdb,0x92,0xa1,0xcf,0xe1,
+0x49,0xe8,0x3b,0x1f,0x91,0x13,0x5a,0xc3,0x8f,0xd9,0x25,0x58,0x49,0x80,0x47,0x0f,
+0xc6,0x03,0xae,0xac,0xe3,0xbf,0xb7,0xc0,0xaa,0x2a,};
+static const unsigned char cert_2 [] = {
+0x30,0x82,0x02,0x7d,0x30,0x82,0x01,0xe6,0xa0,0x03,0x02,0x01,0x02,0x02,0x04,0x02,
+0x00,0x00,0xb8,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,
+0x05,0x00,0x30,0x61,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,
+0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,0x61,0x6c,0x74,
+0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0b,0x13,0x0a,
+0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x29,0x30,0x27,0x06,0x03,
+0x55,0x04,0x03,0x13,0x20,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x20,0x43,
+0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x4d,0x6f,0x62,0x69,0x6c,0x65,
+0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,0x0d,0x30,0x30,0x30,0x35,0x31,0x32,0x31,
+0x38,0x32,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x30,0x30,0x35,0x31,0x32,0x32,0x33,
+0x35,0x39,0x30,0x30,0x5a,0x30,0x61,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
+0x13,0x02,0x49,0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0a,0x13,0x09,0x42,
+0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
+0x0b,0x13,0x0a,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x29,0x30,
+0x27,0x06,0x03,0x55,0x04,0x03,0x13,0x20,0x42,0x61,0x6c,0x74,0x69,0x6d,0x6f,0x72,
+0x65,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x4d,0x6f,0x62,
+0x69,0x6c,0x65,0x20,0x52,0x6f,0x6f,0x74,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,
+0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,
+0x89,0x02,0x81,0x81,0x00,0xa3,0x6d,0xb1,0x38,0x56,0xac,0xfc,0xb5,0x56,0x21,0xde,
+0xc0,0x90,0x5d,0x26,0x47,0x82,0xc6,0x7d,0x8f,0x1f,0xa0,0x85,0x8f,0x2f,0xbb,0xd4,
+0xe1,0x1c,0x1d,0xf2,0x24,0x1f,0x28,0xb0,0x2f,0xb9,0xa4,0xa5,0x6f,0xa2,0x22,0x20,
+0x64,0xfe,0x84,0x47,0x3c,0x7e,0x2b,0x6c,0x69,0x6a,0xb8,0xd4,0xc0,0x96,0x8e,0x8c,
+0x52,0x0d,0xcd,0x6f,0x41,0xd4,0xbf,0x04,0xae,0xa7,0x81,0x2f,0x2d,0x98,0x48,0xd2,
+0xc1,0x94,0xa3,0xb5,0x19,0x5d,0x5d,0x51,0x64,0xf4,0x8e,0x41,0xb0,0x9b,0xc0,0x2d,
+0x22,0xa0,0x5e,0xc6,0xd8,0x5a,0x12,0x63,0xbc,0x11,0x4a,0x5e,0x26,0x12,0x1d,0xe2,
+0x26,0x05,0xe6,0x0f,0x5f,0x22,0x1f,0x7a,0x5f,0x76,0x94,0xae,0xcf,0x5a,0x28,0x0e,
+0xab,0x45,0xda,0x22,0x31,0x02,0x03,0x01,0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x1d,
+0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0xc9,0xe2,0x8f,0xc0,0x02,0x26,0x5a,
+0xb6,0xc0,0x07,0xe3,0x7f,0x94,0x07,0x18,0xdb,0x2e,0xa5,0x9a,0x70,0x30,0x0f,0x06,
+0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0e,
+0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x0d,
+0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,
+0x00,0x53,0x08,0x0b,0x26,0x09,0x78,0x42,0x73,0xd4,0xec,0x7a,0x77,0x47,0x0d,0xe3,
+0x0b,0x33,0x71,0xef,0xae,0x33,0x14,0x4d,0xfb,0xfa,0xfd,0x1a,0xb7,0x51,0xf5,0xe4,
+0x99,0x1c,0x06,0x71,0xd7,0x29,0x19,0xd7,0xe6,0x15,0x20,0x51,0x51,0x46,0x6d,0x4f,
+0xde,0x18,0x49,0x98,0xd0,0xf8,0x78,0xbb,0x71,0xe8,0x8d,0x01,0x06,0xd5,0xd7,0x64,
+0x8f,0x94,0xdf,0x47,0xfe,0xa0,0x85,0x69,0x36,0xa9,0x2f,0x42,0x7a,0x68,0x4a,0x12,
+0xd6,0x8b,0x0b,0x70,0x44,0x0a,0xa4,0x04,0xef,0x26,0x88,0xc1,0x35,0x71,0x38,0x5d,
+0x1b,0x5b,0x48,0x42,0xf0,0xe7,0x94,0x1c,0x70,0x95,0x34,0xa8,0xab,0xf5,0xab,0xe2,
+0x78,0xad,0xf5,0xf0,0x52,0xfd,0x9b,0xea,0x42,0x0c,0xe8,0xd8,0x54,0xbe,0x53,0x66,
+0xf5,};
+static const unsigned char cert_3 [] = {
+0x30,0x82,0x03,0x02,0x30,0x82,0x02,0x6b,0x02,0x10,0x4c,0xc7,0xea,0xaa,0x98,0x3e,
+0x71,0xd3,0x93,0x10,0xf8,0x3d,0x3a,0x89,0x91,0x92,0x30,0x0d,0x06,0x09,0x2a,0x86,
+0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0xc1,0x31,0x0b,0x30,0x09,
+0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,
+0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,
+0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,0x33,0x43,0x6c,0x61,
+0x73,0x73,0x20,0x31,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,
+0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,
+0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,0x2d,0x20,0x47,0x32,
+0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,0x63,0x29,0x20,0x31,
+0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,
+0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,0x68,0x6f,0x72,0x69,
+0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,0x31,0x1f,0x30,0x1d,
+0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,
+0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x30,0x1e,0x17,
+0x0d,0x39,0x38,0x30,0x35,0x31,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
+0x32,0x38,0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xc1,
+0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,
+0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
+0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,
+0x33,0x43,0x6c,0x61,0x73,0x73,0x20,0x31,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,
+0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
+0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,
+0x2d,0x20,0x47,0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,
+0x63,0x29,0x20,0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
+0x2c,0x20,0x49,0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,
+0x68,0x6f,0x72,0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,
+0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,
+0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,
+0x6b,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
+0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xaa,0xd0,
+0xba,0xbe,0x16,0x2d,0xb8,0x83,0xd4,0xca,0xd2,0x0f,0xbc,0x76,0x31,0xca,0x94,0xd8,
+0x1d,0x93,0x8c,0x56,0x02,0xbc,0xd9,0x6f,0x1a,0x6f,0x52,0x36,0x6e,0x75,0x56,0x0a,
+0x55,0xd3,0xdf,0x43,0x87,0x21,0x11,0x65,0x8a,0x7e,0x8f,0xbd,0x21,0xde,0x6b,0x32,
+0x3f,0x1b,0x84,0x34,0x95,0x05,0x9d,0x41,0x35,0xeb,0x92,0xeb,0x96,0xdd,0xaa,0x59,
+0x3f,0x01,0x53,0x6d,0x99,0x4f,0xed,0xe5,0xe2,0x2a,0x5a,0x90,0xc1,0xb9,0xc4,0xa6,
+0x15,0xcf,0xc8,0x45,0xeb,0xa6,0x5d,0x8e,0x9c,0x3e,0xf0,0x64,0x24,0x76,0xa5,0xcd,
+0xab,0x1a,0x6f,0xb6,0xd8,0x7b,0x51,0x61,0x6e,0xa6,0x7f,0x87,0xc8,0xe2,0xb7,0xe5,
+0x34,0xdc,0x41,0x88,0xea,0x09,0x40,0xbe,0x73,0x92,0x3d,0x6b,0xe7,0x75,0x02,0x03,
+0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,
+0x05,0x00,0x03,0x81,0x81,0x00,0xa9,0x4f,0xc3,0x0d,0xc7,0x67,0xbe,0x2c,0xcb,0xd9,
+0xa8,0xcd,0x2d,0x75,0xe7,0x7e,0x15,0x9e,0x3b,0x72,0xeb,0x7e,0xeb,0x5c,0x2d,0x09,
+0x87,0xd6,0x6b,0x6d,0x60,0x7c,0xe5,0xae,0xc5,0x90,0x23,0x0c,0x5c,0x4a,0xd0,0xaf,
+0xb1,0x5d,0xf3,0xc7,0xb6,0x0a,0xdb,0xe0,0x15,0x93,0x0d,0xdd,0x03,0xbc,0xc7,0x76,
+0x8a,0xb5,0xdd,0x4f,0xc3,0x9b,0x13,0x75,0xb8,0x01,0xc0,0xe6,0xc9,0x5b,0x6b,0xa5,
+0xb8,0x89,0xdc,0xac,0xa4,0xdd,0x72,0xed,0x4e,0xa1,0xf7,0x4f,0xbc,0x06,0xd3,0xea,
+0xc8,0x64,0x74,0x7b,0xc2,0x95,0x41,0x9c,0x65,0x73,0x58,0xf1,0x90,0x9a,0x3c,0x6a,
+0xb1,0x98,0xc9,0xc4,0x87,0xbc,0xcf,0x45,0x6d,0x45,0xe2,0x6e,0x22,0x3f,0xfe,0xbc,
+0x0f,0x31,0x5c,0xe8,0xf2,0xd9,};
+static const unsigned char cert_4 [] = {
+0x30,0x82,0x03,0x03,0x30,0x82,0x02,0x6c,0x02,0x11,0x00,0xb9,0x2f,0x60,0xcc,0x88,
+0x9f,0xa1,0x7a,0x46,0x09,0xb8,0x5b,0x70,0x6c,0x8a,0xaf,0x30,0x0d,0x06,0x09,0x2a,
+0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0xc1,0x31,0x0b,0x30,
+0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,
+0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,0x33,0x43,0x6c,
+0x61,0x73,0x73,0x20,0x32,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,
+0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,
+0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,0x2d,0x20,0x47,
+0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,0x63,0x29,0x20,
+0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,
+0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,0x68,0x6f,0x72,
+0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,0x31,0x1f,0x30,
+0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
+0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x30,0x1e,
+0x17,0x0d,0x39,0x38,0x30,0x35,0x31,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,
+0x0d,0x32,0x38,0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,
+0xc1,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
+0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
+0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,
+0x13,0x33,0x43,0x6c,0x61,0x73,0x73,0x20,0x32,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,
+0x20,0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,
+0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,
+0x20,0x2d,0x20,0x47,0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,
+0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
+0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,
+0x74,0x68,0x6f,0x72,0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,
+0x79,0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,
+0x53,0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,
+0x72,0x6b,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
+0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xa7,
+0x88,0x01,0x21,0x74,0x2c,0xe7,0x1a,0x03,0xf0,0x98,0xe1,0x97,0x3c,0x0f,0x21,0x08,
+0xf1,0x9c,0xdb,0x97,0xe9,0x9a,0xfc,0xc2,0x04,0x06,0x13,0xbe,0x5f,0x52,0xc8,0xcc,
+0x1e,0x2c,0x12,0x56,0x2c,0xb8,0x01,0x69,0x2c,0xcc,0x99,0x1f,0xad,0xb0,0x96,0xae,
+0x79,0x04,0xf2,0x13,0x39,0xc1,0x7b,0x98,0xba,0x08,0x2c,0xe8,0xc2,0x84,0x13,0x2c,
+0xaa,0x69,0xe9,0x09,0xf4,0xc7,0xa9,0x02,0xa4,0x42,0xc2,0x23,0x4f,0x4a,0xd8,0xf0,
+0x0e,0xa2,0xfb,0x31,0x6c,0xc9,0xe6,0x6f,0x99,0x27,0x07,0xf5,0xe6,0xf4,0x4c,0x78,
+0x9e,0x6d,0xeb,0x46,0x86,0xfa,0xb9,0x86,0xc9,0x54,0xf2,0xb2,0xc4,0xaf,0xd4,0x46,
+0x1c,0x5a,0xc9,0x15,0x30,0xff,0x0d,0x6c,0xf5,0x2d,0x0e,0x6d,0xce,0x7f,0x77,0x02,
+0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
+0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x72,0x2e,0xf9,0x7f,0xd1,0xf1,0x71,0xfb,0xc4,
+0x9e,0xf6,0xc5,0x5e,0x51,0x8a,0x40,0x98,0xb8,0x68,0xf8,0x9b,0x1c,0x83,0xd8,0xe2,
+0x9d,0xbd,0xff,0xed,0xa1,0xe6,0x66,0xea,0x2f,0x09,0xf4,0xca,0xd7,0xea,0xa5,0x2b,
+0x95,0xf6,0x24,0x60,0x86,0x4d,0x44,0x2e,0x83,0xa5,0xc4,0x2d,0xa0,0xd3,0xae,0x78,
+0x69,0x6f,0x72,0xda,0x6c,0xae,0x08,0xf0,0x63,0x92,0x37,0xe6,0xbb,0xc4,0x30,0x17,
+0xad,0x77,0xcc,0x49,0x35,0xaa,0xcf,0xd8,0x8f,0xd1,0xbe,0xb7,0x18,0x96,0x47,0x73,
+0x6a,0x54,0x22,0x34,0x64,0x2d,0xb6,0x16,0x9b,0x59,0x5b,0xb4,0x51,0x59,0x3a,0xb3,
+0x0b,0x14,0xf4,0x12,0xdf,0x67,0xa0,0xf4,0xad,0x32,0x64,0x5e,0xb1,0x46,0x72,0x27,
+0x8c,0x12,0x7b,0xc5,0x44,0xb4,0xae,};
+static const unsigned char cert_5 [] = {
+0x30,0x82,0x03,0x02,0x30,0x82,0x02,0x6b,0x02,0x10,0x7d,0xd9,0xfe,0x07,0xcf,0xa8,
+0x1e,0xb7,0x10,0x79,0x67,0xfb,0xa7,0x89,0x34,0xc6,0x30,0x0d,0x06,0x09,0x2a,0x86,
+0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0xc1,0x31,0x0b,0x30,0x09,
+0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,
+0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,
+0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,0x33,0x43,0x6c,0x61,
+0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,
+0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,
+0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,0x2d,0x20,0x47,0x32,
+0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,0x63,0x29,0x20,0x31,
+0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,
+0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,0x68,0x6f,0x72,0x69,
+0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,0x31,0x1f,0x30,0x1d,
+0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,
+0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x30,0x1e,0x17,
+0x0d,0x39,0x38,0x30,0x35,0x31,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
+0x32,0x38,0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xc1,
+0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,
+0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
+0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,
+0x33,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,
+0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
+0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,
+0x2d,0x20,0x47,0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,
+0x63,0x29,0x20,0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
+0x2c,0x20,0x49,0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,
+0x68,0x6f,0x72,0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,
+0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,
+0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,
+0x6b,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
+0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xcc,0x5e,
+0xd1,0x11,0x5d,0x5c,0x69,0xd0,0xab,0xd3,0xb9,0x6a,0x4c,0x99,0x1f,0x59,0x98,0x30,
+0x8e,0x16,0x85,0x20,0x46,0x6d,0x47,0x3f,0xd4,0x85,0x20,0x84,0xe1,0x6d,0xb3,0xf8,
+0xa4,0xed,0x0c,0xf1,0x17,0x0f,0x3b,0xf9,0xa7,0xf9,0x25,0xd7,0xc1,0xcf,0x84,0x63,
+0xf2,0x7c,0x63,0xcf,0xa2,0x47,0xf2,0xc6,0x5b,0x33,0x8e,0x64,0x40,0x04,0x68,0xc1,
+0x80,0xb9,0x64,0x1c,0x45,0x77,0xc7,0xd8,0x6e,0xf5,0x95,0x29,0x3c,0x50,0xe8,0x34,
+0xd7,0x78,0x1f,0xa8,0xba,0x6d,0x43,0x91,0x95,0x8f,0x45,0x57,0x5e,0x7e,0xc5,0xfb,
+0xca,0xa4,0x04,0xeb,0xea,0x97,0x37,0x54,0x30,0x6f,0xbb,0x01,0x47,0x32,0x33,0xcd,
+0xdc,0x57,0x9b,0x64,0x69,0x61,0xf8,0x9b,0x1d,0x1c,0x89,0x4f,0x5c,0x67,0x02,0x03,
+0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,
+0x05,0x00,0x03,0x81,0x81,0x00,0x51,0x4d,0xcd,0xbe,0x5c,0xcb,0x98,0x19,0x9c,0x15,
+0xb2,0x01,0x39,0x78,0x2e,0x4d,0x0f,0x67,0x70,0x70,0x99,0xc6,0x10,0x5a,0x94,0xa4,
+0x53,0x4d,0x54,0x6d,0x2b,0xaf,0x0d,0x5d,0x40,0x8b,0x64,0xd3,0xd7,0xee,0xde,0x56,
+0x61,0x92,0x5f,0xa6,0xc4,0x1d,0x10,0x61,0x36,0xd3,0x2c,0x27,0x3c,0xe8,0x29,0x09,
+0xb9,0x11,0x64,0x74,0xcc,0xb5,0x73,0x9f,0x1c,0x48,0xa9,0xbc,0x61,0x01,0xee,0xe2,
+0x17,0xa6,0x0c,0xe3,0x40,0x08,0x3b,0x0e,0xe7,0xeb,0x44,0x73,0x2a,0x9a,0xf1,0x69,
+0x92,0xef,0x71,0x14,0xc3,0x39,0xac,0x71,0xa7,0x91,0x09,0x6f,0xe4,0x71,0x06,0xb3,
+0xba,0x59,0x57,0x26,0x79,0x00,0xf6,0xf8,0x0d,0xa2,0x33,0x30,0x28,0xd4,0xaa,0x58,
+0xa0,0x9d,0x9d,0x69,0x91,0xfd,};
+static const unsigned char cert_6 [] = {
+0x30,0x82,0x03,0x02,0x30,0x82,0x02,0x6b,0x02,0x10,0x32,0x88,0x8e,0x9a,0xd2,0xf5,
+0xeb,0x13,0x47,0xf8,0x7f,0xc4,0x20,0x37,0x25,0xf8,0x30,0x0d,0x06,0x09,0x2a,0x86,
+0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0xc1,0x31,0x0b,0x30,0x09,
+0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,
+0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,
+0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,0x33,0x43,0x6c,0x61,
+0x73,0x73,0x20,0x34,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,
+0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,
+0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,0x2d,0x20,0x47,0x32,
+0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,0x63,0x29,0x20,0x31,
+0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,
+0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,0x68,0x6f,0x72,0x69,
+0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,0x31,0x1f,0x30,0x1d,
+0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,
+0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x30,0x1e,0x17,
+0x0d,0x39,0x38,0x30,0x35,0x31,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
+0x32,0x38,0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xc1,
+0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,
+0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
+0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x3c,0x30,0x3a,0x06,0x03,0x55,0x04,0x0b,0x13,
+0x33,0x43,0x6c,0x61,0x73,0x73,0x20,0x34,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,
+0x50,0x72,0x69,0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
+0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x20,
+0x2d,0x20,0x47,0x32,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0b,0x13,0x31,0x28,
+0x63,0x29,0x20,0x31,0x39,0x39,0x38,0x20,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,
+0x2c,0x20,0x49,0x6e,0x63,0x2e,0x20,0x2d,0x20,0x46,0x6f,0x72,0x20,0x61,0x75,0x74,
+0x68,0x6f,0x72,0x69,0x7a,0x65,0x64,0x20,0x75,0x73,0x65,0x20,0x6f,0x6e,0x6c,0x79,
+0x31,0x1f,0x30,0x1d,0x06,0x03,0x55,0x04,0x0b,0x13,0x16,0x56,0x65,0x72,0x69,0x53,
+0x69,0x67,0x6e,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,
+0x6b,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
+0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xba,0xf0,
+0xe4,0xcf,0xf9,0xc4,0xae,0x85,0x54,0xb9,0x07,0x57,0xf9,0x8f,0xc5,0x7f,0x68,0x11,
+0xf8,0xc4,0x17,0xb0,0x44,0xdc,0xe3,0x30,0x73,0xd5,0x2a,0x62,0x2a,0xb8,0xd0,0xcc,
+0x1c,0xed,0x28,0x5b,0x7e,0xbd,0x6a,0xdc,0xb3,0x91,0x24,0xca,0x41,0x62,0x3c,0xfc,
+0x02,0x01,0xbf,0x1c,0x16,0x31,0x94,0x05,0x97,0x76,0x6e,0xa2,0xad,0xbd,0x61,0x17,
+0x6c,0x4e,0x30,0x86,0xf0,0x51,0x37,0x2a,0x50,0xc7,0xa8,0x62,0x81,0xdc,0x5b,0x4a,
+0xaa,0xc1,0xa0,0xb4,0x6e,0xeb,0x2f,0xe5,0x57,0xc5,0xb1,0x2b,0x40,0x70,0xdb,0x5a,
+0x4d,0xa1,0x8e,0x1f,0xbd,0x03,0x1f,0xd8,0x03,0xd4,0x8f,0x4c,0x99,0x71,0xbc,0xe2,
+0x82,0xcc,0x58,0xe8,0x98,0x3a,0x86,0xd3,0x86,0x38,0xf3,0x00,0x29,0x1f,0x02,0x03,
+0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,
+0x05,0x00,0x03,0x81,0x81,0x00,0x85,0x8c,0x12,0xc1,0xa7,0xb9,0x50,0x15,0x7a,0xcb,
+0x3e,0xac,0xb8,0x43,0x8a,0xdc,0xaa,0xdd,0x14,0xba,0x89,0x81,0x7e,0x01,0x3c,0x23,
+0x71,0x21,0x88,0x2f,0x82,0xdc,0x63,0xfa,0x02,0x45,0xac,0x45,0x59,0xd7,0x2a,0x58,
+0x44,0x5b,0xb7,0x9f,0x81,0x3b,0x92,0x68,0x3d,0xe2,0x37,0x24,0xf5,0x7b,0x6c,0x8f,
+0x76,0x35,0x96,0x09,0xa8,0x59,0x9d,0xb9,0xce,0x23,0xab,0x74,0xd6,0x83,0xfd,0x32,
+0x73,0x27,0xd8,0x69,0x3e,0x43,0x74,0xf6,0xae,0xc5,0x89,0x9a,0xe7,0x53,0x7c,0xe9,
+0x7b,0xf6,0x4b,0xf3,0xc1,0x65,0x83,0xde,0x8d,0x8a,0x9c,0x3c,0x88,0x8d,0x39,0x59,
+0xfc,0xaa,0x3f,0x22,0x8d,0xa1,0xc1,0x66,0x50,0x81,0x72,0x4c,0xed,0x22,0x64,0x4f,
+0x4f,0xca,0x80,0x91,0xb6,0x29,};
+static const unsigned char cert_7 [] = {
+0x30,0x82,0x02,0x5a,0x30,0x82,0x01,0xc3,0x02,0x02,0x01,0xa5,0x30,0x0d,0x06,0x09,
+0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x75,0x31,0x0b,0x30,
+0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,
+0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,0x1e,0x47,
+0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6f,
+0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x23,0x30,
+0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1a,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,
+0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x47,0x6c,0x6f,0x62,0x61,0x6c,0x20,0x52,0x6f,
+0x6f,0x74,0x30,0x1e,0x17,0x0d,0x39,0x38,0x30,0x38,0x31,0x33,0x30,0x30,0x32,0x39,
+0x30,0x30,0x5a,0x17,0x0d,0x31,0x38,0x30,0x38,0x31,0x33,0x32,0x33,0x35,0x39,0x30,
+0x30,0x5a,0x30,0x75,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
+0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,
+0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,
+0x03,0x55,0x04,0x0b,0x13,0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,
+0x72,0x75,0x73,0x74,0x20,0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,
+0x49,0x6e,0x63,0x2e,0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1a,0x47,
+0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x47,0x6c,
+0x6f,0x62,0x61,0x6c,0x20,0x52,0x6f,0x6f,0x74,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
+0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,
+0x81,0x89,0x02,0x81,0x81,0x00,0x95,0x0f,0xa0,0xb6,0xf0,0x50,0x9c,0xe8,0x7a,0xc7,
+0x88,0xcd,0xdd,0x17,0x0e,0x2e,0xb0,0x94,0xd0,0x1b,0x3d,0x0e,0xf6,0x94,0xc0,0x8a,
+0x94,0xc7,0x06,0xc8,0x90,0x97,0xc8,0xb8,0x64,0x1a,0x7a,0x7e,0x6c,0x3c,0x53,0xe1,
+0x37,0x28,0x73,0x60,0x7f,0xb2,0x97,0x53,0x07,0x9f,0x53,0xf9,0x6d,0x58,0x94,0xd2,
+0xaf,0x8d,0x6d,0x88,0x67,0x80,0xe6,0xed,0xb2,0x95,0xcf,0x72,0x31,0xca,0xa5,0x1c,
+0x72,0xba,0x5c,0x02,0xe7,0x64,0x42,0xe7,0xf9,0xa9,0x2c,0xd6,0x3a,0x0d,0xac,0x8d,
+0x42,0xaa,0x24,0x01,0x39,0xe6,0x9c,0x3f,0x01,0x85,0x57,0x0d,0x58,0x87,0x45,0xf8,
+0xd3,0x85,0xaa,0x93,0x69,0x26,0x85,0x70,0x48,0x80,0x3f,0x12,0x15,0xc7,0x79,0xb4,
+0x1f,0x05,0x2f,0x3b,0x62,0x99,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,
+0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x6d,0xeb,
+0x1b,0x09,0xe9,0x5e,0xd9,0x51,0xdb,0x67,0x22,0x61,0xa4,0x2a,0x3c,0x48,0x77,0xe3,
+0xa0,0x7c,0xa6,0xde,0x73,0xa2,0x14,0x03,0x85,0x3d,0xfb,0xab,0x0e,0x30,0xc5,0x83,
+0x16,0x33,0x81,0x13,0x08,0x9e,0x7b,0x34,0x4e,0xdf,0x40,0xc8,0x74,0xd7,0xb9,0x7d,
+0xdc,0xf4,0x76,0x55,0x7d,0x9b,0x63,0x54,0x18,0xe9,0xf0,0xea,0xf3,0x5c,0xb1,0xd9,
+0x8b,0x42,0x1e,0xb9,0xc0,0x95,0x4e,0xba,0xfa,0xd5,0xe2,0x7c,0xf5,0x68,0x61,0xbf,
+0x8e,0xec,0x05,0x97,0x5f,0x5b,0xb0,0xd7,0xa3,0x85,0x34,0xc4,0x24,0xa7,0x0d,0x0f,
+0x95,0x93,0xef,0xcb,0x94,0xd8,0x9e,0x1f,0x9d,0x5c,0x85,0x6d,0xc7,0xaa,0xae,0x4f,
+0x1f,0x22,0xb5,0xcd,0x95,0xad,0xba,0xa7,0xcc,0xf9,0xab,0x0b,0x7a,0x7f,};
+static const unsigned char cert_8 [] = {
+0x30,0x82,0x01,0xfa,0x30,0x82,0x01,0x63,0x02,0x02,0x01,0xa3,0x30,0x0d,0x06,0x09,
+0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x45,0x31,0x0b,0x30,
+0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,
+0x74,0x69,0x6f,0x6e,0x31,0x1c,0x30,0x1a,0x06,0x03,0x55,0x04,0x03,0x13,0x13,0x47,
+0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,
+0x6f,0x74,0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x32,0x32,0x33,0x32,0x33,0x30,0x31,
+0x30,0x30,0x5a,0x17,0x0d,0x30,0x36,0x30,0x32,0x32,0x33,0x32,0x33,0x35,0x39,0x30,
+0x30,0x5a,0x30,0x45,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
+0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,
+0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x1c,0x30,0x1a,0x06,
+0x03,0x55,0x04,0x03,0x13,0x13,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,
+0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
+0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,
+0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0xe6,0x4f,0xba,0xdb,0x98,0x7c,0x71,0x7c,0xaf,
+0x44,0xb7,0xd3,0x0f,0x46,0xd9,0x64,0xe5,0x93,0xc1,0x42,0x8e,0xc7,0xba,0x49,0x8d,
+0x35,0x2d,0x7a,0xe7,0x8b,0xbd,0xe5,0x05,0x31,0x59,0xc6,0xb1,0x2f,0x0a,0x0c,0xfb,
+0x9f,0xa7,0x3f,0xa2,0x09,0x66,0x84,0x56,0x1e,0x37,0x29,0x1b,0x87,0xe9,0x7e,0x0c,
+0xca,0x9a,0x9f,0xa5,0x7f,0xf5,0x15,0x94,0xa3,0xd5,0xa2,0x46,0x82,0xd8,0x68,0x4c,
+0xd1,0x37,0x15,0x06,0x68,0xaf,0xbd,0xf8,0xb0,0xb3,0xf0,0x29,0xf5,0x95,0x5a,0x09,
+0x16,0x61,0x77,0x0a,0x22,0x25,0xd4,0x4f,0x45,0xaa,0xc7,0xbd,0xe5,0x96,0xdf,0xf9,
+0xd4,0xa8,0x8e,0x42,0xcc,0x24,0xc0,0x1e,0x91,0x27,0x4a,0xb5,0x6d,0x06,0x80,0x63,
+0x39,0xc4,0xa2,0x5e,0x38,0x03,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,
+0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x12,0xb3,
+0x75,0xc6,0x5f,0x1d,0xe1,0x61,0x55,0x80,0x00,0xd4,0x81,0x4b,0x7b,0x31,0x0f,0x23,
+0x63,0xe7,0x3d,0xf3,0x03,0xf9,0xf4,0x36,0xa8,0xbb,0xd9,0xe3,0xa5,0x97,0x4d,0xea,
+0x2b,0x29,0xe0,0xd6,0x6a,0x73,0x81,0xe6,0xc0,0x89,0xa3,0xd3,0xf1,0xe0,0xa5,0xa5,
+0x22,0x37,0x9a,0x63,0xc2,0x48,0x20,0xb4,0xdb,0x72,0xe3,0xc8,0xf6,0xd9,0x7c,0xbe,
+0xb1,0xaf,0x53,0xda,0x14,0xb4,0x21,0xb8,0xd6,0xd5,0x96,0xe3,0xfe,0x4e,0x0c,0x59,
+0x62,0xb6,0x9a,0x4a,0xf9,0x42,0xdd,0x8c,0x6f,0x81,0xa9,0x71,0xff,0xf4,0x0a,0x72,
+0x6d,0x6d,0x44,0x0e,0x9d,0xf3,0x74,0x74,0xa8,0xd5,0x34,0x49,0xe9,0x5e,0x9e,0xe9,
+0xb4,0x7a,0xe1,0xe5,0x5a,0x1f,0x84,0x30,0x9c,0xd3,0x9f,0xa5,0x25,0xd8,};
+static const unsigned char cert_9 [] = {
+0x30,0x82,0x02,0x50,0x30,0x82,0x01,0xb9,0x02,0x02,0x01,0x9b,0x30,0x0d,0x06,0x09,
+0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x70,0x31,0x0b,0x30,
+0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,
+0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,0x1e,0x47,
+0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6f,
+0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1e,0x30,
+0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,
+0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x32,0x30,0x1e,0x17,
+0x0d,0x39,0x38,0x30,0x38,0x31,0x31,0x31,0x31,0x33,0x35,0x30,0x37,0x5a,0x17,0x0d,
+0x30,0x38,0x30,0x38,0x31,0x31,0x31,0x31,0x32,0x32,0x31,0x36,0x5a,0x30,0x70,0x31,
+0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,
+0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,
+0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,
+0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,
+0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,
+0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79,
+0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x32,0x30,
+0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
+0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd9,0x2c,0x4c,0x4e,
+0x2f,0x69,0x1a,0x23,0xe3,0x56,0xba,0xf3,0xce,0x84,0xc0,0x09,0xc0,0x79,0xf1,0x44,
+0x5f,0x33,0x1f,0x15,0x91,0x7f,0x8a,0x88,0x28,0xb8,0x24,0x45,0xcc,0x8f,0x18,0xcd,
+0x1f,0x74,0xd1,0xb5,0x8f,0x71,0x4c,0xd6,0x31,0xf6,0x73,0x96,0x84,0x94,0x40,0xc5,
+0xa9,0x83,0x60,0x24,0x7d,0xaf,0x6f,0x34,0xb7,0x4b,0x4c,0xc2,0x09,0x80,0x3b,0x45,
+0x04,0x9e,0xc4,0x3c,0xc4,0x27,0x75,0x7b,0x00,0x0c,0xa1,0x64,0x47,0xb5,0x14,0x5d,
+0x82,0x4b,0x51,0x3a,0x58,0xbb,0x44,0x4c,0x3d,0xd3,0xe5,0x06,0x38,0xe8,0x61,0x5c,
+0x98,0x78,0xbb,0x80,0xb3,0x9c,0xda,0x72,0x82,0x62,0xa0,0xdf,0x9c,0x5f,0xeb,0xf9,
+0x4f,0x77,0xc2,0xcc,0x60,0x18,0x00,0x6b,0x34,0x82,0x25,0xb3,0x02,0x03,0x01,0x00,
+0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,
+0x03,0x81,0x81,0x00,0xa3,0x64,0x91,0x6f,0x10,0xed,0xe7,0x6e,0xa2,0x42,0x40,0x94,
+0x78,0xce,0xf8,0x14,0x08,0xd1,0xfa,0x43,0x85,0xeb,0x46,0xcd,0x92,0x14,0xd0,0xef,
+0x2e,0x2d,0x36,0x39,0x18,0xd9,0xba,0xc9,0x27,0x88,0x29,0xe9,0x48,0x17,0x6f,0xf8,
+0xc1,0xaa,0xc8,0x61,0x6d,0x2d,0xfd,0x40,0x2d,0x75,0x43,0x30,0x97,0x39,0xf8,0x14,
+0x64,0xbd,0x6f,0xef,0x63,0xa8,0x2b,0x42,0xdf,0xb2,0x5a,0x0d,0x25,0xec,0x7b,0x37,
+0xd8,0xce,0x91,0x29,0x82,0x16,0xf9,0xe8,0x62,0xa2,0xe1,0x76,0xc4,0x02,0x7d,0xdd,
+0x25,0x8b,0x98,0xe1,0xf6,0x0d,0x60,0x8c,0xf6,0x59,0x90,0x40,0x51,0x44,0xd1,0xc2,
+0xfb,0x19,0x24,0x1e,0x17,0x39,0x6b,0x74,0x21,0x15,0x33,0xd6,0x55,0xd7,0x82,0x1e,
+0x70,0x2c,0x27,0xa8,};
+static const unsigned char cert_10 [] = {
+0x30,0x82,0x02,0x50,0x30,0x82,0x01,0xb9,0x02,0x02,0x01,0x97,0x30,0x0d,0x06,0x09,
+0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x70,0x31,0x0b,0x30,
+0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,
+0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,0x1e,0x47,
+0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6f,
+0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1e,0x30,
+0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,
+0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x33,0x30,0x1e,0x17,
+0x0d,0x39,0x38,0x30,0x38,0x31,0x30,0x31,0x39,0x35,0x39,0x30,0x38,0x5a,0x17,0x0d,
+0x30,0x38,0x30,0x38,0x31,0x30,0x31,0x39,0x33,0x36,0x33,0x39,0x5a,0x30,0x70,0x31,
+0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,
+0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,
+0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,
+0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,
+0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,
+0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79,
+0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x33,0x30,
+0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
+0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xe1,0xf3,0xb1,0x2b,
+0x0b,0xce,0xdc,0x14,0xd9,0x34,0x97,0x62,0x50,0x12,0x56,0x63,0x84,0x4c,0x53,0xfa,
+0xc0,0x85,0xcf,0xfa,0xc1,0xdd,0x0f,0xde,0x79,0x13,0x7f,0x53,0xfb,0xaa,0x0e,0x60,
+0xdd,0xe2,0x62,0xbf,0xc6,0xee,0x4e,0x99,0x34,0xaa,0x68,0x43,0x35,0x99,0xf8,0xa3,
+0xfd,0xf3,0x63,0xbd,0x01,0x54,0x6a,0x9e,0xb2,0x3a,0x96,0x2c,0x7b,0x78,0x28,0xc6,
+0x5a,0xb5,0x8d,0x1a,0x15,0x18,0xfd,0xe3,0x8c,0x2e,0xa2,0x50,0x09,0x5b,0x71,0xd6,
+0x0d,0xb5,0x18,0x1f,0x19,0x8e,0x04,0x29,0x93,0x93,0x78,0xab,0x5f,0x14,0xe7,0x73,
+0x42,0xf2,0x03,0x0c,0x57,0xa2,0x1b,0x50,0x3b,0x0b,0xbb,0x59,0xe0,0xa0,0x3a,0x03,
+0xee,0x27,0x1b,0x5a,0x4c,0xb9,0xb0,0x08,0xca,0xb9,0x1a,0x89,0x02,0x03,0x01,0x00,
+0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
+0x03,0x81,0x81,0x00,0x85,0xeb,0xad,0x94,0x20,0x06,0xe9,0xb2,0xa2,0x6b,0x3b,0xf2,
+0x66,0xeb,0xe3,0x4b,0xb8,0x12,0x26,0x05,0xe5,0xf4,0x91,0xa8,0xdc,0x87,0xdc,0x98,
+0xf4,0x94,0xc1,0xf4,0x61,0xbd,0xd5,0x9c,0x6c,0x51,0x73,0x95,0x5e,0xd0,0xbd,0xd7,
+0xe6,0x45,0xdc,0x3c,0xcf,0x46,0x84,0xd5,0xe7,0xb9,0xec,0xe4,0x67,0x63,0x6e,0x00,
+0x28,0x77,0x71,0x5d,0x4a,0x05,0xe9,0xb9,0x7c,0x86,0xcc,0xc2,0x44,0xbb,0xde,0x29,
+0x48,0xda,0xea,0xdd,0xbd,0x17,0x9f,0x1d,0x51,0x01,0xa8,0xe8,0x14,0x5e,0xb1,0x57,
+0xf7,0xff,0xda,0x8f,0xce,0x95,0xfe,0x2d,0xed,0x32,0x12,0x77,0xff,0x7c,0x6a,0x61,
+0x95,0xae,0x31,0x72,0x06,0x08,0xf0,0xf9,0xf3,0x0d,0x8e,0xe2,0xef,0xa8,0x53,0x5d,
+0x91,0x03,0x83,0xde,};
+static const unsigned char cert_11 [] = {
+0x30,0x82,0x03,0x55,0x30,0x82,0x02,0x3d,0x02,0x02,0x01,0xa8,0x30,0x0d,0x06,0x09,
+0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x70,0x31,0x0b,0x30,
+0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,
+0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,0x1e,0x47,
+0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6f,
+0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x1e,0x30,
+0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,
+0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x34,0x30,0x1e,0x17,
+0x0d,0x39,0x38,0x30,0x38,0x31,0x33,0x31,0x33,0x35,0x31,0x30,0x30,0x5a,0x17,0x0d,
+0x31,0x33,0x30,0x38,0x31,0x33,0x32,0x33,0x35,0x39,0x30,0x30,0x5a,0x30,0x70,0x31,
+0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,
+0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,0x72,0x70,0x6f,
+0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0b,0x13,
+0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,
+0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,
+0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,0x20,0x43,0x79,
+0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,0x20,0x34,0x30,
+0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,
+0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,
+0xba,0x9d,0x22,0x6e,0x7f,0xda,0x66,0x3c,0x39,0x42,0xb1,0xa3,0x2a,0x6f,0xd3,0xf7,
+0xbc,0xae,0xac,0x31,0x5a,0xd7,0x11,0x90,0x47,0xb9,0x9d,0x19,0x2e,0xf9,0xf3,0x1b,
+0x22,0xa0,0xc3,0xe1,0xa7,0xba,0xc4,0xfc,0x5e,0x0a,0x94,0x4b,0x98,0x5a,0x4b,0x26,
+0xe4,0x1f,0xf4,0xdc,0xf3,0xfe,0x8e,0x88,0xdc,0x6c,0x2d,0x7c,0x77,0x87,0x26,0x50,
+0xc0,0x5e,0x4e,0xa8,0x28,0xa1,0xea,0x17,0x69,0x4f,0x4d,0xc6,0x01,0x0e,0xda,0x9a,
+0x0d,0x06,0x56,0x26,0x15,0xb6,0xa4,0x5d,0x7a,0x35,0xaf,0x8d,0xed,0x78,0x52,0x86,
+0xf9,0x38,0xab,0xb3,0x01,0xd3,0xda,0x05,0x96,0xb1,0xb6,0x50,0xab,0xc0,0xa1,0xae,
+0x17,0x53,0xfa,0x43,0x39,0x20,0x71,0x65,0x23,0xdb,0x6d,0xc4,0xb6,0xed,0x98,0x45,
+0x83,0xd7,0xd2,0xf6,0xe2,0xa9,0x6b,0xfb,0xf9,0x75,0xcc,0xef,0xc5,0xab,0x71,0x96,
+0x35,0xe8,0xdf,0x8e,0x91,0x9b,0xa8,0x10,0x75,0x1f,0xb7,0xce,0x13,0x8e,0x6b,0xb3,
+0x96,0x77,0x97,0x1a,0x91,0x2f,0xc7,0x2c,0x69,0x99,0xf0,0x0f,0x2a,0x68,0x00,0x98,
+0x76,0x44,0x1b,0x8c,0x28,0xd2,0xeb,0x8e,0xf4,0x83,0xb4,0x7f,0xa4,0x25,0x5e,0x6c,
+0x3b,0xd9,0xc6,0x68,0xd5,0x61,0xb8,0xd4,0x5e,0x31,0x07,0xb5,0x5b,0x90,0x35,0x52,
+0x57,0x7b,0x17,0x20,0xed,0x2d,0xb8,0x1e,0x8e,0x88,0x39,0x3e,0x52,0xcb,0xdf,0xf0,
+0x5c,0xb1,0x65,0xbb,0xa5,0x12,0xb4,0x90,0x63,0xbf,0x71,0x9d,0x32,0xc1,0xda,0xbf,
+0x50,0x4a,0x95,0xbe,0x06,0x3a,0xc4,0x2b,0xeb,0xcd,0x98,0x76,0x44,0x4d,0x0b,0xe5,
+0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
+0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x43,0xaf,0x1c,0x87,0xc9,0x49,0xba,
+0x65,0x89,0x34,0x49,0x3c,0xea,0x07,0x3b,0x47,0xa2,0x79,0xd4,0xa0,0x3b,0x90,0x6c,
+0xde,0x7f,0xa8,0x54,0xc3,0xe8,0x4c,0x40,0x32,0xbc,0xc8,0xec,0x1c,0xe5,0xd9,0xac,
+0x40,0xba,0xfc,0x8c,0x3f,0xc2,0x73,0x9c,0xf4,0x64,0xea,0xdf,0xa9,0xed,0x4e,0x5b,
+0xc8,0x01,0x60,0xee,0x39,0x6d,0x43,0x27,0xf3,0x7f,0xaa,0x08,0xd2,0xfe,0x4e,0x6f,
+0x14,0x32,0x4d,0x7d,0xe4,0x34,0x80,0xa5,0x35,0xc4,0xd6,0x46,0x50,0xb4,0x3b,0xa0,
+0x2d,0x65,0x1f,0x4f,0x65,0x7e,0x34,0x28,0x2d,0xc0,0xa7,0x76,0x7d,0x31,0xc9,0x0d,
+0x33,0x16,0xf6,0x20,0x19,0x20,0x11,0x50,0xbb,0x03,0xcc,0x70,0x6d,0x96,0xb7,0xef,
+0x4c,0xa7,0xda,0x36,0x15,0xcf,0xbb,0x4d,0xd4,0x96,0xdc,0x88,0x4d,0x6c,0x98,0xed,
+0xb9,0x73,0xfe,0x28,0x57,0xa0,0xed,0x64,0xf8,0x0a,0x81,0x29,0x73,0xf6,0xf6,0x97,
+0x32,0x87,0x39,0xb4,0x81,0xef,0xd9,0x4d,0x1a,0x07,0x34,0xf7,0xba,0x42,0x35,0xde,
+0x57,0xdc,0x5c,0xd6,0xf7,0xc5,0xeb,0x0a,0x27,0x0c,0x81,0xa6,0xc2,0xd0,0x68,0x4e,
+0xfd,0x92,0x5b,0x48,0x83,0xf6,0x16,0x8a,0x8f,0x36,0x5b,0xed,0x31,0x6c,0x3f,0x41,
+0x7a,0x71,0xf7,0x92,0x3f,0x31,0xa4,0x0a,0x40,0x4c,0xf3,0x86,0xe2,0x61,0xc1,0x3c,
+0x49,0x81,0x2d,0xa5,0xb8,0xef,0xba,0x97,0x0f,0xbc,0x2b,0x1d,0x9b,0x89,0xf2,0xd2,
+0x8e,0x1e,0x4d,0x86,0xf2,0xc2,0xab,0xf6,0x2d,0x99,0xc0,0x1b,0x2a,0x0d,0xa1,0xb6,
+0x4f,0xf9,0x2c,0x58,0x4d,0x3d,0x7d,0x37,0x0a,};
+static const unsigned char cert_12 [] = {
+0x30,0x82,0x03,0xb6,0x30,0x82,0x02,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x02,0x01,
+0xb6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
+0x30,0x70,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,
+0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,0x43,0x6f,
+0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,0x03,0x55,
+0x04,0x0b,0x13,0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,
+0x73,0x74,0x20,0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,0x49,0x6e,
+0x63,0x2e,0x31,0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,0x54,0x45,
+0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,0x6f,0x74,
+0x20,0x35,0x30,0x1e,0x17,0x0d,0x39,0x38,0x30,0x38,0x31,0x34,0x31,0x34,0x35,0x30,
+0x30,0x30,0x5a,0x17,0x0d,0x31,0x33,0x30,0x38,0x31,0x34,0x32,0x33,0x35,0x39,0x30,
+0x30,0x5a,0x30,0x70,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
+0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0a,0x13,0x0f,0x47,0x54,0x45,0x20,
+0x43,0x6f,0x72,0x70,0x6f,0x72,0x61,0x74,0x69,0x6f,0x6e,0x31,0x27,0x30,0x25,0x06,
+0x03,0x55,0x04,0x0b,0x13,0x1e,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,
+0x72,0x75,0x73,0x74,0x20,0x53,0x6f,0x6c,0x75,0x74,0x69,0x6f,0x6e,0x73,0x2c,0x20,
+0x49,0x6e,0x63,0x2e,0x31,0x1e,0x30,0x1c,0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x47,
+0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6f,
+0x6f,0x74,0x20,0x35,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
+0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,
+0x02,0x82,0x01,0x01,0x00,0xbc,0x12,0x6e,0x3f,0x8a,0x7c,0x7a,0x97,0x01,0xec,0x1e,
+0xbb,0x39,0x5a,0x02,0xf4,0x78,0x44,0xa2,0x48,0x1b,0x8e,0x7b,0x49,0x52,0x7a,0xb8,
+0x7b,0x47,0xb3,0xaf,0x94,0x9b,0x6f,0xbb,0x96,0xfa,0x2b,0x6a,0x65,0x5c,0xb8,0x1c,
+0x94,0x73,0xbe,0xbf,0x89,0x0a,0x22,0x80,0xee,0x57,0xfc,0x8c,0x05,0xbb,0x70,0x9f,
+0x97,0x39,0x04,0xda,0xa3,0x87,0x5c,0xa8,0xe5,0xca,0xaf,0xc0,0x33,0x9a,0xd5,0x37,
+0x5c,0x4b,0xac,0xe4,0x80,0xd0,0xa6,0x23,0x60,0xfb,0xfd,0x72,0x2e,0x94,0x9d,0xc7,
+0xce,0xc2,0x04,0x32,0xef,0x78,0x60,0x5d,0xed,0xad,0x87,0x0f,0x45,0x65,0x1e,0x3c,
+0x9a,0x0a,0x9a,0xbe,0x5d,0x1d,0x99,0xec,0xe7,0xf2,0xd1,0xc6,0x7a,0x17,0xd9,0xad,
+0x9b,0x54,0x96,0x7f,0xc4,0x7c,0x60,0xbf,0x85,0xaa,0x15,0x35,0x1d,0x40,0xda,0x11,
+0xbc,0xec,0x54,0x21,0x28,0x2d,0x23,0xa1,0xa8,0xf0,0xcf,0x2d,0xcd,0xdd,0xfc,0x7e,
+0x0f,0x5e,0xe1,0x65,0x07,0x56,0xcb,0x07,0xb4,0xd2,0x56,0xe8,0x5e,0x31,0xcc,0x18,
+0x63,0xc4,0x86,0xd2,0x2d,0x85,0xcf,0x93,0x92,0xab,0x6d,0xfe,0x68,0x39,0xfb,0xde,
+0x73,0xbd,0x86,0xf8,0xe4,0x46,0x7a,0xea,0x9f,0x0c,0xcb,0xf4,0x19,0xfe,0x63,0xbc,
+0xd1,0x2c,0x7b,0x88,0x33,0x36,0xf6,0xe4,0xe1,0x9c,0x0c,0x53,0x81,0x60,0x1c,0xda,
+0x2e,0xab,0x96,0xa9,0x16,0x88,0x13,0x50,0x99,0xb2,0xbd,0x55,0xdf,0x15,0x30,0x7e,
+0xe8,0xe5,0x98,0xfb,0x70,0x7e,0x6c,0xb5,0x07,0xfc,0xfc,0x46,0xb7,0xd0,0xed,0x37,
+0x96,0x7e,0x32,0xfe,0x21,0x02,0x03,0x01,0x00,0x01,0xa3,0x5a,0x30,0x58,0x30,0x12,
+0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,
+0x01,0x05,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,
+0x01,0x06,0x30,0x17,0x06,0x03,0x55,0x1d,0x20,0x04,0x10,0x30,0x0e,0x30,0x0c,0x06,
+0x0a,0x2a,0x86,0x48,0x86,0xf8,0x63,0x01,0x02,0x01,0x03,0x30,0x19,0x06,0x03,0x55,
+0x1d,0x0e,0x04,0x12,0x04,0x10,0x76,0x0a,0x49,0x21,0x38,0x4c,0x9f,0xde,0xf8,0xc4,
+0x49,0xc7,0x71,0x71,0x91,0x9d,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
+0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x41,0x3a,0xd4,0x18,0x5b,0xda,
+0xb8,0xde,0x21,0x1c,0xe1,0x8e,0x09,0xe5,0xf1,0x68,0x34,0xff,0xde,0x96,0xf4,0x07,
+0xf5,0xa7,0x3c,0xf3,0xac,0x4a,0xb1,0x9b,0xfa,0x92,0xfa,0x9b,0xed,0xe6,0x32,0x21,
+0xaa,0x4a,0x76,0xc5,0xdc,0x4f,0x38,0xe5,0xdf,0xd5,0x86,0xe4,0xd5,0xc8,0x76,0x7d,
+0x98,0xd7,0xb1,0xcd,0x8f,0x4d,0xb5,0x91,0x23,0x6c,0x8b,0x8a,0xeb,0xea,0x7c,0xef,
+0x14,0x94,0xc4,0xc6,0xf0,0x1f,0x4a,0x2d,0x32,0x71,0x63,0x2b,0x63,0x91,0x26,0x02,
+0x09,0xb6,0x80,0x1d,0xed,0xe2,0xcc,0xb8,0x7f,0xdb,0x87,0x63,0xc8,0xe1,0xd0,0x6c,
+0x26,0xb1,0x35,0x1d,0x40,0x66,0x10,0x1b,0xcd,0x95,0x54,0x18,0x33,0x61,0xec,0x13,
+0x4f,0xda,0x13,0xf7,0x99,0xaf,0x3e,0xd0,0xcf,0x8e,0xa6,0x72,0xa2,0xb3,0xc3,0x05,
+0x9a,0xc9,0x27,0x7d,0x92,0xcc,0x7e,0x52,0x8d,0xb3,0xab,0x70,0x6d,0x9e,0x89,0x9f,
+0x4d,0xeb,0x1a,0x75,0xc2,0x98,0xaa,0xd5,0x02,0x16,0xd7,0x0c,0x8a,0xbf,0x25,0xe4,
+0xeb,0x2d,0xbc,0x98,0xe9,0x58,0x38,0x19,0x7c,0xb9,0x37,0xfe,0xdb,0xe2,0x99,0x08,
+0x73,0x06,0xc7,0x97,0x83,0x6a,0x7d,0x10,0x01,0x2f,0x32,0xb9,0x17,0x05,0x4a,0x65,
+0xe6,0x2f,0xce,0xbe,0x5e,0x53,0xa6,0x82,0xe9,0x9a,0x53,0x0a,0x84,0x74,0x2d,0x83,
+0xca,0xc8,0x94,0x16,0x76,0x5f,0x94,0x61,0x28,0xf0,0x85,0xa7,0x39,0xbb,0xd7,0x8b,
+0xd9,0xa8,0xb2,0x13,0x1d,0x54,0x09,0x34,0x24,0x7d,0x20,0x81,0x7d,0x66,0x7e,0xa2,
+0x90,0x74,0x5c,0x10,0xc6,0xbd,0xec,0xab,0x1b,0xc2,};
+static const unsigned char cert_13 [] = {
+0x30,0x82,0x02,0x3d,0x30,0x82,0x01,0xa6,0x02,0x11,0x00,0xcd,0xba,0x7f,0x56,0xf0,
+0xdf,0xe4,0xbc,0x54,0xfe,0x22,0xac,0xb3,0x72,0xaa,0x55,0x30,0x0d,0x06,0x09,0x2a,
+0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,
+0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,
+0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,
+0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,
+0x73,0x73,0x20,0x31,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,
+0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,
+0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x39,
+0x36,0x30,0x31,0x32,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x38,
+0x30,0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x5f,0x31,0x0b,0x30,
+0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,
+0x6e,0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,
+0x61,0x73,0x73,0x20,0x31,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,
+0x6d,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,
+0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x81,0x9f,0x30,
+0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,
+0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xe5,0x19,0xbf,0x6d,0xa3,0x56,0x61,
+0x2d,0x99,0x48,0x71,0xf6,0x67,0xde,0xb9,0x8d,0xeb,0xb7,0x9e,0x86,0x80,0x0a,0x91,
+0x0e,0xfa,0x38,0x25,0xaf,0x46,0x88,0x82,0xe5,0x73,0xa8,0xa0,0x9b,0x24,0x5d,0x0d,
+0x1f,0xcc,0x65,0x6e,0x0c,0xb0,0xd0,0x56,0x84,0x18,0x87,0x9a,0x06,0x9b,0x10,0xa1,
+0x73,0xdf,0xb4,0x58,0x39,0x6b,0x6e,0xc1,0xf6,0x15,0xd5,0xa8,0xa8,0x3f,0xaa,0x12,
+0x06,0x8d,0x31,0xac,0x7f,0xb0,0x34,0xd7,0x8f,0x34,0x67,0x88,0x09,0xcd,0x14,0x11,
+0xe2,0x4e,0x45,0x56,0x69,0x1f,0x78,0x02,0x80,0xda,0xdc,0x47,0x91,0x29,0xbb,0x36,
+0xc9,0x63,0x5c,0xc5,0xe0,0xd7,0x2d,0x87,0x7b,0xa1,0xb7,0x32,0xb0,0x7b,0x30,0xba,
+0x2a,0x2f,0x31,0xaa,0xee,0xa3,0x67,0xda,0xdb,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,
+0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x03,0x81,0x81,
+0x00,0x4c,0x3f,0xb8,0x8b,0xc6,0x68,0xdf,0xee,0x43,0x33,0x0e,0x5d,0xe9,0xa6,0xcb,
+0x07,0x84,0x4d,0x7a,0x33,0xff,0x92,0x1b,0xf4,0x36,0xad,0xd8,0x95,0x22,0x36,0x68,
+0x11,0x6c,0x7c,0x42,0xcc,0xf3,0x9c,0x2e,0xc4,0x07,0x3f,0x14,0xb0,0x0f,0x4f,0xff,
+0x90,0x92,0x76,0xf9,0xe2,0xbc,0x4a,0xe9,0x8f,0xcd,0xa0,0x80,0x0a,0xf7,0xc5,0x29,
+0xf1,0x82,0x22,0x5d,0xb8,0xb1,0xdd,0x81,0x23,0xa3,0x7b,0x25,0x15,0x46,0x30,0x79,
+0x16,0xf8,0xea,0x05,0x4b,0x94,0x7f,0x1d,0xc2,0x1c,0xc8,0xe3,0xb7,0xf4,0x10,0x40,
+0x3c,0x13,0xc3,0x5f,0x1f,0x53,0xe8,0x48,0xe4,0x86,0xb4,0x7b,0xa1,0x35,0xb0,0x7b,
+0x25,0xba,0xb8,0xd3,0x8e,0xab,0x3f,0x38,0x9d,0x00,0x34,0x00,0x98,0xf3,0xd1,0x71,
+0x94,};
+static const unsigned char cert_14 [] = {
+0x30,0x82,0x02,0x3c,0x30,0x82,0x01,0xa5,0x02,0x10,0x2d,0x1b,0xfc,0x4a,0x17,0x8d,
+0xa3,0x91,0xeb,0xe7,0xff,0xf5,0x8b,0x45,0xbe,0x0b,0x30,0x0d,0x06,0x09,0x2a,0x86,
+0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06,
+0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,
+0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,
+0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73,
+0x73,0x20,0x32,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61,
+0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,
+0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x39,0x36,
+0x30,0x31,0x32,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x38,0x30,
+0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x5f,0x31,0x0b,0x30,0x09,
+0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,
+0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,
+0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,
+0x73,0x73,0x20,0x32,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,
+0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,
+0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x81,0x9f,0x30,0x0d,
+0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,
+0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb6,0x5a,0x8b,0xa3,0x0d,0x6a,0x23,0x83,
+0x80,0x6b,0xcf,0x39,0x87,0xf4,0x21,0x13,0x33,0x06,0x4c,0x25,0xa2,0xed,0x55,0x12,
+0x97,0xc5,0xa7,0x80,0xb9,0xfa,0x83,0xc1,0x20,0xa0,0xfa,0x2f,0x15,0x0d,0x7c,0xa1,
+0x60,0x6b,0x7e,0x79,0x2c,0xfa,0x06,0x0f,0x3a,0xae,0xf6,0x1b,0x6f,0xb1,0xd2,0xff,
+0x2f,0x28,0x52,0x5f,0x83,0x7d,0x4b,0xc4,0x7a,0xb7,0xf8,0x66,0x1f,0x80,0x54,0xfc,
+0xb7,0xc2,0x8e,0x59,0x4a,0x14,0x57,0x46,0xd1,0x9a,0x93,0xbe,0x41,0x91,0x03,0xbb,
+0x15,0x80,0x93,0x5c,0xeb,0xe7,0xcc,0x08,0x6c,0x3f,0x3e,0xb3,0x4a,0xfc,0xff,0x4b,
+0x6c,0x23,0xd5,0x50,0x82,0x26,0x44,0x19,0x8e,0x23,0xc3,0x71,0xea,0x19,0x24,0x47,
+0x04,0x9e,0x75,0xbf,0xc8,0xa6,0x00,0x1f,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,
+0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x03,0x81,0x81,0x00,
+0x8a,0x1b,0x2b,0xfa,0x39,0xc1,0x74,0xd7,0x5e,0xd8,0x19,0x64,0xa2,0x58,0x4a,0x2d,
+0x37,0xe0,0x33,0x47,0x0f,0xac,0xed,0xf7,0xaa,0xdb,0x1e,0xe4,0x8b,0x06,0x5c,0x60,
+0x27,0xca,0x45,0x52,0xce,0x16,0xef,0x3f,0x06,0x64,0xe7,0x94,0x68,0x7c,0x60,0x33,
+0x15,0x11,0x69,0xaf,0x9d,0x62,0x8d,0xa3,0x03,0x54,0x6b,0xa6,0xbe,0xe5,0xee,0x05,
+0x18,0x60,0x04,0xbf,0x42,0x80,0xfd,0xd0,0xa8,0xa8,0x1e,0x01,0x3b,0xf7,0xa3,0x5c,
+0xaf,0xa3,0xdc,0xe6,0x26,0x80,0x23,0x3c,0xb8,0x44,0x74,0xf7,0x0a,0xae,0x49,0x8b,
+0x61,0x78,0xcc,0x24,0xbf,0x88,0x8a,0xa7,0x0e,0xea,0x73,0x19,0x41,0xfd,0x4d,0x03,
+0xf0,0x88,0xd1,0xe5,0x78,0x8d,0xa5,0x2a,0x4f,0xf6,0x97,0x0d,0x17,0x77,0xca,0xd8,
+};
+static const unsigned char cert_15 [] = {
+0x30,0x82,0x02,0x3c,0x30,0x82,0x01,0xa5,0x02,0x10,0x70,0xba,0xe4,0x1d,0x10,0xd9,
+0x29,0x34,0xb6,0x38,0xca,0x7b,0x03,0xcc,0xba,0xbf,0x30,0x0d,0x06,0x09,0x2a,0x86,
+0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06,
+0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,0x04,
+0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,
+0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,0x73,
+0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,0x61,
+0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,
+0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x39,0x36,
+0x30,0x31,0x32,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x38,0x30,
+0x38,0x30,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x5f,0x31,0x0b,0x30,0x09,
+0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,0x03,0x55,
+0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,
+0x63,0x2e,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0b,0x13,0x2e,0x43,0x6c,0x61,
+0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6c,0x69,0x63,0x20,0x50,0x72,0x69,0x6d,
+0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,
+0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x81,0x9f,0x30,0x0d,
+0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,
+0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xc9,0x5c,0x59,0x9e,0xf2,0x1b,0x8a,0x01,
+0x14,0xb4,0x10,0xdf,0x04,0x40,0xdb,0xe3,0x57,0xaf,0x6a,0x45,0x40,0x8f,0x84,0x0c,
+0x0b,0xd1,0x33,0xd9,0xd9,0x11,0xcf,0xee,0x02,0x58,0x1f,0x25,0xf7,0x2a,0xa8,0x44,
+0x05,0xaa,0xec,0x03,0x1f,0x78,0x7f,0x9e,0x93,0xb9,0x9a,0x00,0xaa,0x23,0x7d,0xd6,
+0xac,0x85,0xa2,0x63,0x45,0xc7,0x72,0x27,0xcc,0xf4,0x4c,0xc6,0x75,0x71,0xd2,0x39,
+0xef,0x4f,0x42,0xf0,0x75,0xdf,0x0a,0x90,0xc6,0x8e,0x20,0x6f,0x98,0x0f,0xf8,0xac,
+0x23,0x5f,0x70,0x29,0x36,0xa4,0xc9,0x86,0xe7,0xb1,0x9a,0x20,0xcb,0x53,0xa5,0x85,
+0xe7,0x3d,0xbe,0x7d,0x9a,0xfe,0x24,0x45,0x33,0xdc,0x76,0x15,0xed,0x0f,0xa2,0x71,
+0x64,0x4c,0x65,0x2e,0x81,0x68,0x45,0xa7,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,
+0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x03,0x81,0x81,0x00,
+0xbb,0x4c,0x12,0x2b,0xcf,0x2c,0x26,0x00,0x4f,0x14,0x13,0xdd,0xa6,0xfb,0xfc,0x0a,
+0x11,0x84,0x8c,0xf3,0x28,0x1c,0x67,0x92,0x2f,0x7c,0xb6,0xc5,0xfa,0xdf,0xf0,0xe8,
+0x95,0xbc,0x1d,0x8f,0x6c,0x2c,0xa8,0x51,0xcc,0x73,0xd8,0xa4,0xc0,0x53,0xf0,0x4e,
+0xd6,0x26,0xc0,0x76,0x01,0x57,0x81,0x92,0x5e,0x21,0xf1,0xd1,0xb1,0xff,0xe7,0xd0,
+0x21,0x58,0xcd,0x69,0x17,0xe3,0x44,0x1c,0x9c,0x19,0x44,0x39,0x89,0x5c,0xdc,0x9c,
+0x00,0x0f,0x56,0x8d,0x02,0x99,0xed,0xa2,0x90,0x45,0x4c,0xe4,0xbb,0x10,0xa4,0x3d,
+0xf0,0x32,0x03,0x0e,0xf1,0xce,0xf8,0xe8,0xc9,0x51,0x8c,0xe6,0x62,0x9f,0xe6,0x9f,
+0xc0,0x7d,0xb7,0x72,0x9c,0xc9,0x36,0x3a,0x6b,0x9f,0x4e,0xa8,0xff,0x64,0x0d,0x64,
+};
+static const unsigned char cert_16 [] = {
+0x30,0x82,0x02,0x34,0x30,0x82,0x01,0xa1,0x02,0x10,0x02,0xad,0x66,0x7e,0x4e,0x45,
+0xfe,0x5e,0x57,0x6f,0x3c,0x98,0x19,0x5e,0xdd,0xc0,0x30,0x0d,0x06,0x09,0x2a,0x86,
+0x48,0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x30,0x5f,0x31,0x0b,0x30,0x09,0x06,
+0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x20,0x30,0x1e,0x06,0x03,0x55,0x04,
+0x0a,0x13,0x17,0x52,0x53,0x41,0x20,0x44,0x61,0x74,0x61,0x20,0x53,0x65,0x63,0x75,
+0x72,0x69,0x74,0x79,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2e,0x30,0x2c,0x06,0x03,
+0x55,0x04,0x0b,0x13,0x25,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76,
+0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,
+0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x1e,0x17,0x0d,0x39,0x34,
+0x31,0x31,0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x31,0x30,0x30,
+0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x5f,0x31,0x0b,0x30,0x09,
+0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x20,0x30,0x1e,0x06,0x03,0x55,
+0x04,0x0a,0x13,0x17,0x52,0x53,0x41,0x20,0x44,0x61,0x74,0x61,0x20,0x53,0x65,0x63,
+0x75,0x72,0x69,0x74,0x79,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x2e,0x30,0x2c,0x06,
+0x03,0x55,0x04,0x0b,0x13,0x25,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,
+0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,
+0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x30,0x81,0x9b,0x30,0x0d,
+0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x89,
+0x00,0x30,0x81,0x85,0x02,0x7e,0x00,0x92,0xce,0x7a,0xc1,0xae,0x83,0x3e,0x5a,0xaa,
+0x89,0x83,0x57,0xac,0x25,0x01,0x76,0x0c,0xad,0xae,0x8e,0x2c,0x37,0xce,0xeb,0x35,
+0x78,0x64,0x54,0x03,0xe5,0x84,0x40,0x51,0xc9,0xbf,0x8f,0x08,0xe2,0x8a,0x82,0x08,
+0xd2,0x16,0x86,0x37,0x55,0xe9,0xb1,0x21,0x02,0xad,0x76,0x68,0x81,0x9a,0x05,0xa2,
+0x4b,0xc9,0x4b,0x25,0x66,0x22,0x56,0x6c,0x88,0x07,0x8f,0xf7,0x81,0x59,0x6d,0x84,
+0x07,0x65,0x70,0x13,0x71,0x76,0x3e,0x9b,0x77,0x4c,0xe3,0x50,0x89,0x56,0x98,0x48,
+0xb9,0x1d,0xa7,0x29,0x1a,0x13,0x2e,0x4a,0x11,0x59,0x9c,0x1e,0x15,0xd5,0x49,0x54,
+0x2c,0x73,0x3a,0x69,0x82,0xb1,0x97,0x39,0x9c,0x6d,0x70,0x67,0x48,0xe5,0xdd,0x2d,
+0xd6,0xc8,0x1e,0x7b,0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
+0x86,0xf7,0x0d,0x01,0x01,0x02,0x05,0x00,0x03,0x7e,0x00,0x65,0xdd,0x7e,0xe1,0xb2,
+0xec,0xb0,0xe2,0x3a,0xe0,0xec,0x71,0x46,0x9a,0x19,0x11,0xb8,0xd3,0xc7,0xa0,0xb4,
+0x03,0x40,0x26,0x02,0x3e,0x09,0x9c,0xe1,0x12,0xb3,0xd1,0x5a,0xf6,0x37,0xa5,0xb7,
+0x61,0x03,0xb6,0x5b,0x16,0x69,0x3b,0xc6,0x44,0x08,0x0c,0x88,0x53,0x0c,0x6b,0x97,
+0x49,0xc7,0x3e,0x35,0xdc,0x6c,0xb9,0xbb,0xaa,0xdf,0x5c,0xbb,0x3a,0x2f,0x93,0x60,
+0xb6,0xa9,0x4b,0x4d,0xf2,0x20,0xf7,0xcd,0x5f,0x7f,0x64,0x7b,0x8e,0xdc,0x00,0x5c,
+0xd7,0xfa,0x77,0xca,0x39,0x16,0x59,0x6f,0x0e,0xea,0xd3,0xb5,0x83,0x7f,0x4d,0x4d,
+0x42,0x56,0x76,0xb4,0xc9,0x5f,0x04,0xf8,0x38,0xf8,0xeb,0xd2,0x5f,0x75,0x5f,0xcd,
+0x7b,0xfc,0xe5,0x8e,0x80,0x7c,0xfc,0x50,};
+static const unsigned char cert_17 [] = {
+0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,
+0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,
+0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,
+0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,
+0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,
+0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,
+0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,
+0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,
+0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,
+0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x30,
+0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
+0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,
+0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e,
+0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x33,0x35,0x34,0x34,0x38,0x5a,0x17,
+0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x33,0x35,0x34,0x34,0x38,0x5a,0x30,0x81,
+0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10,
+0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67,
+0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,
+0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20,
+0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20,
+0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61,
+0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22,
+0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73,
+0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x30,0x20,
+0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,
+0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74,
+0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,
+0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xdf,0x7d,0xe6,0xbe,0xbf,0xd5,
+0xf0,0x2f,0x6d,0x4e,0x0e,0xd1,0xe0,0x8d,0x0b,0x7f,0x3b,0x54,0xe8,0x8a,0xe2,0xb0,
+0x9f,0x28,0xc5,0x8a,0xc6,0xb9,0xb3,0x33,0x27,0xf5,0x27,0xca,0x1a,0x4c,0x54,0x12,
+0x6b,0xb4,0xb2,0x46,0xb3,0x1d,0x4b,0xb3,0xf4,0x21,0x0b,0x4b,0x02,0x2e,0xa1,0xc2,
+0x34,0x9c,0x85,0xa0,0xc4,0x78,0x11,0xdb,0xdb,0x6b,0x27,0x2b,0x09,0x2a,0x18,0x4e,
+0x40,0xcc,0x9f,0x71,0x19,0x67,0x99,0x74,0xa2,0x7c,0x3f,0xc1,0xd8,0x8b,0x23,0xc8,
+0x63,0x3b,0x8a,0x21,0xab,0x5c,0xde,0x1e,0xf4,0x8d,0xdc,0xb4,0x18,0xc3,0x05,0x73,
+0xf4,0x6a,0xb4,0xa1,0xfa,0x01,0x08,0x2b,0x01,0x0f,0x6d,0x37,0x5b,0xaa,0x38,0x86,
+0x67,0x39,0xd7,0xe5,0x5f,0xfa,0xe4,0x7e,0xcc,0xa3,0x02,0x03,0x01,0x00,0x01,0xa3,
+0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86,
+0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,
+0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,
+0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b,
+0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,
+0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,
+0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,
+0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60,
+0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70,
+0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,
+0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52,
+0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f,
+0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,
+0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69,
+0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75,
+0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x30,
+0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01,
+0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
+0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x4d,0x07,0x7f,0x5f,0x09,0x30,0x19,
+0x92,0xaa,0x05,0x47,0x7a,0x94,0x75,0x54,0x2a,0xae,0xcf,0xfc,0xd8,0x0c,0x42,0xe1,
+0x45,0x38,0x2b,0x24,0x95,0xb2,0xca,0x87,0xca,0x79,0xc4,0xc3,0x97,0x90,0x5e,0x62,
+0x18,0xc6,0xc9,0x38,0x61,0x4c,0x68,0x35,0xd3,0x4c,0x14,0x11,0xeb,0xc4,0xcd,0xa1,
+0xa9,0xd8,0xc5,0x9e,0x68,0x27,0x32,0x07,0x35,0x45,0x04,0xf8,0x5f,0x21,0xa0,0x60,
+0x1e,0x1c,0x00,0x48,0x04,0x58,0xd2,0xc5,0xcb,0xae,0x6d,0x32,0x6e,0x3d,0x77,0x95,
+0x8c,0x85,0xc7,0xe5,0xae,0x50,0x9d,0x75,0x4a,0x7b,0xff,0x0b,0x27,0x79,0xea,0x4d,
+0xa4,0x59,0xff,0xec,0x5a,0xea,0x26,0xa5,0x39,0x83,0xa4,0xd1,0x78,0xce,0xa7,0xa9,
+0x7e,0xbc,0xdd,0x2b,0xca,0x12,0x93,0x03,0x4a,};
+static const unsigned char cert_18 [] = {
+0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x02,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,
+0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,
+0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,
+0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,
+0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,
+0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,
+0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,
+0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,
+0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,
+0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x31,
+0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
+0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,
+0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e,
+0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x33,0x35,0x36,0x33,0x33,0x5a,0x17,
+0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x33,0x35,0x36,0x33,0x33,0x5a,0x30,0x81,
+0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10,
+0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67,
+0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,
+0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20,
+0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20,
+0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61,
+0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22,
+0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73,
+0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x31,0x20,
+0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,
+0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74,
+0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,
+0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb0,0x29,0xeb,0xb4,0x76,0xb3,
+0xae,0xd7,0xb6,0x5b,0xb4,0x5e,0xe7,0xbd,0xe3,0xb1,0x9c,0x49,0x04,0x57,0x5b,0xa1,
+0xab,0xd9,0x7f,0x13,0x1b,0xfd,0xba,0x61,0xab,0xd8,0xe7,0x71,0xdf,0x2d,0x00,0x94,
+0x5d,0x51,0x48,0x7d,0x23,0xef,0x75,0x62,0x84,0x90,0x3c,0x0a,0x1f,0x59,0x11,0x74,
+0x2f,0x8e,0x80,0xa5,0xfd,0x30,0x02,0x3d,0x29,0x52,0xcd,0x72,0x1a,0x49,0x21,0x9c,
+0xbc,0xcb,0x52,0x8e,0x48,0xa1,0x63,0x96,0xc8,0x10,0x85,0x30,0x69,0x57,0x74,0x45,
+0xc0,0x5a,0x86,0xc6,0xd5,0x3d,0xe0,0x68,0x57,0x7d,0x31,0x6a,0x24,0x8d,0x45,0x97,
+0x3e,0x31,0x7e,0x68,0x66,0x32,0x6e,0x24,0x6d,0xec,0x32,0x36,0xc9,0x41,0xca,0xf0,
+0x31,0x44,0xc8,0xa3,0x61,0xca,0x1b,0xa0,0x36,0x1f,0x02,0x03,0x01,0x00,0x01,0xa3,
+0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86,
+0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,
+0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,
+0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b,
+0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,
+0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,
+0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,
+0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60,
+0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70,
+0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,
+0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52,
+0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f,
+0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,
+0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69,
+0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75,
+0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x31,
+0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01,
+0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
+0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x05,0x42,0x52,0x26,0xa4,0x0c,0x27,
+0x01,0x44,0xac,0x5c,0x25,0x28,0xc2,0x44,0x42,0x54,0x08,0xb9,0x1d,0xc5,0x3e,0x6c,
+0x59,0x66,0xc4,0xb3,0x4e,0x50,0xa7,0xf8,0xf8,0x96,0x75,0xa1,0x96,0x75,0xe8,0x16,
+0x38,0xa0,0xcd,0x5d,0x6e,0xfa,0x79,0xa7,0x1b,0x7b,0x1d,0x1e,0xc3,0x00,0xb9,0x66,
+0xbe,0x5a,0xd6,0x62,0x0f,0xe7,0xf2,0x7b,0xb8,0xef,0x4c,0xe0,0xc0,0x3f,0x59,0xae,
+0x39,0xb7,0x84,0x09,0x9e,0xab,0xf1,0xa9,0x2e,0x6b,0x69,0xe2,0xad,0xcc,0xf2,0xea,
+0x78,0x09,0x05,0x20,0x38,0x42,0x71,0x18,0x7e,0xc7,0xb2,0x97,0xe6,0xd5,0x02,0x05,
+0x06,0x56,0xa3,0x5f,0xf1,0xaa,0xc2,0xc4,0x4f,0xfe,0xf7,0xef,0x16,0x0f,0x9d,0xec,
+0xaa,0x85,0xcf,0x3d,0x29,0x24,0xf1,0x04,0xcd,};
+static const unsigned char cert_19 [] = {
+0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x03,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,
+0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,
+0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,
+0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,
+0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,
+0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,
+0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,
+0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,
+0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,
+0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x32,
+0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
+0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,
+0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e,
+0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x33,0x35,0x37,0x34,0x34,0x5a,0x17,
+0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x33,0x35,0x37,0x34,0x34,0x5a,0x30,0x81,
+0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10,
+0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67,
+0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,
+0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20,
+0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20,
+0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61,
+0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22,
+0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73,
+0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x32,0x20,
+0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,
+0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74,
+0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,
+0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xda,0x38,0xe8,0xed,0x32,0x00,
+0x29,0x71,0x83,0x01,0x0d,0xbf,0x8c,0x01,0xdc,0xda,0xc6,0xad,0x39,0xa4,0xa9,0x8a,
+0x2f,0xd5,0x8b,0x5c,0x68,0x5f,0x50,0xc6,0x62,0xf5,0x66,0xbd,0xca,0x91,0x22,0xec,
+0xaa,0x1d,0x51,0xd7,0x3d,0xb3,0x51,0xb2,0x83,0x4e,0x5d,0xcb,0x49,0xb0,0xf0,0x4c,
+0x55,0xe5,0x6b,0x2d,0xc7,0x85,0x0b,0x30,0x1c,0x92,0x4e,0x82,0xd4,0xca,0x02,0xed,
+0xf7,0x6f,0xbe,0xdc,0xe0,0xe3,0x14,0xb8,0x05,0x53,0xf2,0x9a,0xf4,0x56,0x8b,0x5a,
+0x9e,0x85,0x93,0xd1,0xb4,0x82,0x56,0xae,0x4d,0xbb,0xa8,0x4b,0x57,0x16,0xbc,0xfe,
+0xf8,0x58,0x9e,0xf8,0x29,0x8d,0xb0,0x7b,0xcd,0x78,0xc9,0x4f,0xac,0x8b,0x67,0x0c,
+0xf1,0x9c,0xfb,0xfc,0x57,0x9b,0x57,0x5c,0x4f,0x0d,0x02,0x03,0x01,0x00,0x01,0xa3,
+0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86,
+0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,
+0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,
+0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b,
+0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,
+0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,
+0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,
+0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60,
+0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70,
+0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,
+0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52,
+0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f,
+0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,
+0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69,
+0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75,
+0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x32,
+0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01,
+0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
+0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x89,0x1b,0xf4,0xef,0xe9,0x38,0xe2,
+0x6c,0x0c,0xf6,0xcd,0x6f,0x49,0xce,0x29,0xcc,0xfb,0xa6,0x0f,0xf9,0x8d,0x3e,0x95,
+0x46,0xd6,0xfc,0x47,0x32,0x89,0xb2,0xc8,0x06,0x61,0x7a,0xd2,0xe7,0x0d,0x13,0x02,
+0x94,0x0b,0xd9,0x8b,0x56,0x47,0xf4,0xbb,0xe7,0xc5,0x5f,0x7b,0xf4,0x63,0x4c,0xae,
+0x7c,0x34,0xea,0x0d,0xa2,0xa9,0xb3,0x2c,0x85,0xf3,0xe3,0xfe,0x27,0x54,0x10,0x92,
+0xb0,0x8f,0x92,0xc1,0x98,0x42,0x18,0x70,0x48,0xdb,0x4e,0x2c,0xeb,0x0d,0x24,0x68,
+0xe4,0xd1,0xf7,0xbe,0x09,0xa9,0x29,0x87,0xbb,0xe8,0xda,0xdc,0x3e,0xa3,0x88,0x42,
+0x31,0xf5,0xd1,0xe3,0x7f,0xae,0xd8,0x8e,0x00,0x5a,0x74,0x98,0xb0,0x4f,0xc6,0xff,
+0x23,0x7b,0x5c,0x73,0x00,0x78,0xc9,0xdb,0x4e,};
+static const unsigned char cert_20 [] = {
+0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x04,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,
+0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,
+0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,
+0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,
+0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,
+0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,
+0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,
+0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,
+0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,
+0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,
+0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
+0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,
+0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e,
+0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x33,0x35,0x38,0x34,0x39,0x5a,0x17,
+0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x33,0x35,0x38,0x34,0x39,0x5a,0x30,0x81,
+0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10,
+0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67,
+0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,
+0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20,
+0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20,
+0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61,
+0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22,
+0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73,
+0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,0x20,
+0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,
+0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74,
+0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,
+0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb6,0xb4,0xc1,0x35,0x05,0x2e,
+0x0d,0x8d,0xec,0xa0,0x40,0x6a,0x1c,0x0e,0x27,0xa6,0x50,0x92,0x6b,0x50,0x1b,0x07,
+0xde,0x2e,0xe7,0x76,0xcc,0xe0,0xda,0xfc,0x84,0xa8,0x5e,0x8c,0x63,0x6a,0x2b,0x4d,
+0xd9,0x4e,0x02,0x76,0x11,0xc1,0x0b,0xf2,0x8d,0x79,0xca,0x00,0xb6,0xf1,0xb0,0x0e,
+0xd7,0xfb,0xa4,0x17,0x3d,0xaf,0xab,0x69,0x7a,0x96,0x27,0xbf,0xaf,0x33,0xa1,0x9a,
+0x2a,0x59,0xaa,0xc4,0xb5,0x37,0x08,0xf2,0x12,0xa5,0x31,0xb6,0x43,0xf5,0x32,0x96,
+0x71,0x28,0x28,0xab,0x8d,0x28,0x86,0xdf,0xbb,0xee,0xe3,0x0c,0x7d,0x30,0xd6,0xc3,
+0x52,0xab,0x8f,0x5d,0x27,0x9c,0x6b,0xc0,0xa3,0xe7,0x05,0x6b,0x57,0x49,0x44,0xb3,
+0x6e,0xea,0x64,0xcf,0xd2,0x8e,0x7a,0x50,0x77,0x77,0x02,0x03,0x01,0x00,0x01,0xa3,
+0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86,
+0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,
+0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,
+0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b,
+0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,
+0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,
+0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,
+0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60,
+0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70,
+0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,
+0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52,
+0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f,
+0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,
+0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69,
+0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75,
+0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x33,
+0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01,
+0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
+0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x84,0x86,0x50,0x62,0x79,0xa0,0x27,
+0xe1,0x25,0xba,0x09,0xb1,0x34,0x0f,0x13,0x09,0xed,0x2d,0xca,0xa3,0xe6,0x95,0xf9,
+0x30,0xac,0xcd,0x17,0xa5,0xce,0x3d,0x97,0x9d,0xec,0x7c,0x8f,0x26,0x7f,0xc0,0x61,
+0xca,0x22,0xf7,0x91,0xdd,0x3c,0x36,0x59,0x9a,0x9b,0x75,0xf7,0xbc,0xe4,0xc8,0xed,
+0xec,0x02,0xb6,0x22,0xa7,0xf3,0x2c,0xf1,0xc8,0x92,0x78,0x6d,0xb6,0xee,0xc5,0x28,
+0xec,0x80,0x20,0x4f,0xb9,0x6b,0x08,0xe7,0x2f,0xa7,0x86,0x1e,0x7d,0xb1,0x08,0x9f,
+0x54,0xb9,0x00,0x37,0x3c,0xa0,0xd8,0x1a,0xc8,0x96,0x1c,0xf4,0x32,0x14,0x9c,0x39,
+0x95,0xb7,0xee,0xf0,0x43,0x49,0xc2,0x5e,0xe8,0xcb,0x79,0x6f,0x53,0xbf,0xfb,0x49,
+0x8a,0x2c,0xd8,0x4b,0xd9,0x55,0xf2,0x12,0x70,};
+static const unsigned char cert_21 [] = {
+0x30,0x82,0x04,0x35,0x30,0x82,0x03,0x9e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x05,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,
+0x81,0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,
+0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,
+0x67,0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,
+0x75,0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,
+0x20,0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,
+0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,
+0x61,0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,
+0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,
+0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x34,
+0x20,0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
+0x09,0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,
+0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x1e,
+0x17,0x0d,0x39,0x38,0x30,0x33,0x30,0x39,0x31,0x34,0x30,0x30,0x32,0x30,0x5a,0x17,
+0x0d,0x30,0x35,0x31,0x32,0x33,0x31,0x31,0x34,0x30,0x30,0x32,0x30,0x5a,0x30,0x81,
+0xbc,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x10,
+0x30,0x0e,0x06,0x03,0x55,0x04,0x08,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,0x72,0x67,
+0x31,0x10,0x30,0x0e,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x48,0x61,0x6d,0x62,0x75,
+0x72,0x67,0x31,0x3a,0x30,0x38,0x06,0x03,0x55,0x04,0x0a,0x13,0x31,0x54,0x43,0x20,
+0x54,0x72,0x75,0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x66,0x6f,0x72,0x20,
+0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x20,0x69,0x6e,0x20,0x44,0x61,0x74,0x61,
+0x20,0x4e,0x65,0x74,0x77,0x6f,0x72,0x6b,0x73,0x20,0x47,0x6d,0x62,0x48,0x31,0x22,
+0x30,0x20,0x06,0x03,0x55,0x04,0x0b,0x13,0x19,0x54,0x43,0x20,0x54,0x72,0x75,0x73,
+0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x34,0x20,
+0x43,0x41,0x31,0x29,0x30,0x27,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,
+0x01,0x16,0x1a,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x40,0x74,
+0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,0x64,0x65,0x30,0x81,0x9f,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,
+0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xbf,0x2f,0x63,0xd6,0x36,0x7b,
+0xb2,0x0d,0xd3,0x55,0xf5,0x64,0x6c,0xe6,0x25,0x5d,0xc6,0xb4,0xc8,0x14,0xba,0x25,
+0x38,0x83,0xeb,0x56,0x62,0xa5,0x55,0xa9,0x65,0xa3,0xf4,0x23,0x99,0xc2,0x4b,0xb9,
+0xd0,0xcd,0x54,0x67,0xa6,0xa3,0xa0,0xa3,0xa9,0x33,0x2b,0x76,0xe4,0xbd,0xad,0x77,
+0xb2,0xed,0x5c,0x12,0x74,0xc3,0xc5,0xb6,0x0f,0x52,0x9a,0x72,0x93,0x43,0x90,0x62,
+0x66,0x15,0x0f,0x45,0xa5,0xdd,0xe0,0xdd,0xb8,0x6f,0x40,0x6e,0x57,0xc1,0x79,0x72,
+0xa3,0x60,0xaa,0xba,0x76,0x1d,0x12,0x89,0x53,0x5a,0xfc,0x02,0xbe,0xe1,0x09,0x13,
+0xc5,0x4a,0x2f,0xdc,0x3d,0x8b,0x19,0xad,0xd7,0x8b,0x24,0x45,0xfb,0x4c,0xf4,0xcd,
+0x5c,0x35,0x1d,0x29,0x4c,0x51,0xf3,0xf2,0x6c,0x55,0x02,0x03,0x01,0x00,0x01,0xa3,
+0x82,0x01,0x43,0x30,0x82,0x01,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,0x01,0x86,
+0xf8,0x42,0x01,0x03,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,0x2f,0x2f,
+0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,0x2e,
+0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,0x63,0x6b,
+0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x40,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x04,0x04,0x33,0x16,0x31,0x68,0x74,0x74,0x70,0x73,0x3a,
+0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,
+0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x63,0x68,0x65,
+0x63,0x6b,0x2d,0x72,0x65,0x76,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3c,0x06,0x09,0x60,
+0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x07,0x04,0x2f,0x16,0x2d,0x68,0x74,0x74,0x70,
+0x73,0x3a,0x2f,0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,
+0x74,0x65,0x72,0x2e,0x64,0x65,0x2f,0x63,0x67,0x69,0x2d,0x62,0x69,0x6e,0x2f,0x52,
+0x65,0x6e,0x65,0x77,0x2e,0x63,0x67,0x69,0x3f,0x30,0x3e,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x08,0x04,0x31,0x16,0x2f,0x68,0x74,0x74,0x70,0x3a,0x2f,
+0x2f,0x77,0x77,0x77,0x2e,0x74,0x72,0x75,0x73,0x74,0x63,0x65,0x6e,0x74,0x65,0x72,
+0x2e,0x64,0x65,0x2f,0x67,0x75,0x69,0x64,0x65,0x6c,0x69,0x6e,0x65,0x73,0x2f,0x69,
+0x6e,0x64,0x65,0x78,0x2e,0x68,0x74,0x6d,0x6c,0x30,0x28,0x06,0x09,0x60,0x86,0x48,
+0x01,0x86,0xf8,0x42,0x01,0x0d,0x04,0x1b,0x16,0x19,0x54,0x43,0x20,0x54,0x72,0x75,
+0x73,0x74,0x43,0x65,0x6e,0x74,0x65,0x72,0x20,0x43,0x6c,0x61,0x73,0x73,0x20,0x34,
+0x20,0x43,0x41,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01,
+0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
+0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x94,0x68,0x14,0x1b,0x25,0x9e,0x29,
+0x99,0xb1,0xb2,0x23,0xd2,0x44,0xb3,0x95,0x9f,0xd1,0x9e,0x55,0x04,0xdd,0xe3,0x2f,
+0x82,0x33,0x55,0x96,0x77,0x19,0x9d,0x2b,0x9e,0x65,0x1c,0xfa,0x8a,0xe3,0xc7,0x8f,
+0x25,0xfc,0xb1,0x1e,0x55,0x46,0x0f,0x8f,0xff,0x4f,0x37,0x2f,0xa4,0x76,0x59,0xa6,
+0x64,0xeb,0xd5,0x16,0x70,0xbd,0xdd,0x95,0x33,0x0c,0xa4,0x0d,0x24,0xeb,0x64,0x50,
+0xb4,0x43,0x11,0xf2,0x43,0xbe,0x0d,0x71,0x98,0x22,0xec,0x01,0xaf,0xec,0xf7,0xc7,
+0x5c,0x71,0xc3,0x75,0x91,0x58,0x19,0xe8,0xdd,0xa0,0xf4,0xb4,0xf1,0xbc,0x10,0x4a,
+0xf3,0x93,0xb4,0x06,0x49,0xbb,0x1f,0x66,0xd2,0xbd,0x74,0x47,0xe1,0x9a,0xf9,0xeb,
+0xd7,0xab,0x6d,0x1f,0xba,0xe1,0x1d,0x2c,0xda,};
+static const unsigned char cert_22 [] = {
+0x30,0x82,0x03,0x21,0x30,0x82,0x02,0x8a,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,
+0x81,0xcb,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31,
+0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72,
+0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,
+0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73,
+0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13,
+0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53,
+0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e,
+0x31,0x21,0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x54,0x68,0x61,0x77,0x74,
+0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x42,0x61,0x73,0x69,0x63,
+0x20,0x43,0x41,0x31,0x28,0x30,0x26,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
+0x09,0x01,0x16,0x19,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x2d,0x62,0x61,0x73,
+0x69,0x63,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x1e,0x17,
+0x0d,0x39,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
+0x32,0x30,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xcb,
+0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31,0x15,0x30,
+0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72,0x6e,0x20,
+0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,
+0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,0x06,0x03,0x55,0x04,
+0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73,0x75,0x6c,
+0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13,0x1f,0x43,
+0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53,0x65,0x72,
+0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e,0x31,0x21,
+0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x54,0x68,0x61,0x77,0x74,0x65,0x20,
+0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x43,
+0x41,0x31,0x28,0x30,0x26,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01,
+0x16,0x19,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x2d,0x62,0x61,0x73,0x69,0x63,
+0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x81,0x9f,0x30,0x0d,
+0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,
+0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xbc,0xbc,0x93,0x53,0x6d,0xc0,0x50,0x4f,
+0x82,0x15,0xe6,0x48,0x94,0x35,0xa6,0x5a,0xbe,0x6f,0x42,0xfa,0x0f,0x47,0xee,0x77,
+0x75,0x72,0xdd,0x8d,0x49,0x9b,0x96,0x57,0xa0,0x78,0xd4,0xca,0x3f,0x51,0xb3,0x69,
+0x0b,0x91,0x76,0x17,0x22,0x07,0x97,0x6a,0xc4,0x51,0x93,0x4b,0xe0,0x8d,0xef,0x37,
+0x95,0xa1,0x0c,0x4d,0xda,0x34,0x90,0x1d,0x17,0x89,0x97,0xe0,0x35,0x38,0x57,0x4a,
+0xc0,0xf4,0x08,0x70,0xe9,0x3c,0x44,0x7b,0x50,0x7e,0x61,0x9a,0x90,0xe3,0x23,0xd3,
+0x88,0x11,0x46,0x27,0xf5,0x0b,0x07,0x0e,0xbb,0xdd,0xd1,0x7f,0x20,0x0a,0x88,0xb9,
+0x56,0x0b,0x2e,0x1c,0x80,0xda,0xf1,0xe3,0x9e,0x29,0xef,0x14,0xbd,0x0a,0x44,0xfb,
+0x1b,0x5b,0x18,0xd1,0xbf,0x23,0x93,0x21,0x02,0x03,0x01,0x00,0x01,0xa3,0x13,0x30,
+0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,
+0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,
+0x00,0x03,0x81,0x81,0x00,0x2d,0xe2,0x99,0x6b,0xb0,0x3d,0x7a,0x89,0xd7,0x59,0xa2,
+0x94,0x01,0x1f,0x2b,0xdd,0x12,0x4b,0x53,0xc2,0xad,0x7f,0xaa,0xa7,0x00,0x5c,0x91,
+0x40,0x57,0x25,0x4a,0x38,0xaa,0x84,0x70,0xb9,0xd9,0x80,0x0f,0xa5,0x7b,0x5c,0xfb,
+0x73,0xc6,0xbd,0xd7,0x8a,0x61,0x5c,0x03,0xe3,0x2d,0x27,0xa8,0x17,0xe0,0x84,0x85,
+0x42,0xdc,0x5e,0x9b,0xc6,0xb7,0xb2,0x6d,0xbb,0x74,0xaf,0xe4,0x3f,0xcb,0xa7,0xb7,
+0xb0,0xe0,0x5d,0xbe,0x78,0x83,0x25,0x94,0xd2,0xdb,0x81,0x0f,0x79,0x07,0x6d,0x4f,
+0xf4,0x39,0x15,0x5a,0x52,0x01,0x7b,0xde,0x32,0xd6,0x4d,0x38,0xf6,0x12,0x5c,0x06,
+0x50,0xdf,0x05,0x5b,0xbd,0x14,0x4b,0xa1,0xdf,0x29,0xba,0x3b,0x41,0x8d,0xf7,0x63,
+0x56,0xa1,0xdf,0x22,0xb1,};
+static const unsigned char cert_23 [] = {
+0x30,0x82,0x03,0x2d,0x30,0x82,0x02,0x96,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,
+0x81,0xd1,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31,
+0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72,
+0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,
+0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73,
+0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13,
+0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53,
+0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e,
+0x31,0x24,0x30,0x22,0x06,0x03,0x55,0x04,0x03,0x13,0x1b,0x54,0x68,0x61,0x77,0x74,
+0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x46,0x72,0x65,0x65,0x6d,
+0x61,0x69,0x6c,0x20,0x43,0x41,0x31,0x2b,0x30,0x29,0x06,0x09,0x2a,0x86,0x48,0x86,
+0xf7,0x0d,0x01,0x09,0x01,0x16,0x1c,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x2d,
+0x66,0x72,0x65,0x65,0x6d,0x61,0x69,0x6c,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,
+0x63,0x6f,0x6d,0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30,
+0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,
+0x35,0x39,0x5a,0x30,0x81,0xd1,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,
+0x02,0x5a,0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,
+0x73,0x74,0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,
+0x55,0x04,0x07,0x13,0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,
+0x30,0x18,0x06,0x03,0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,
+0x43,0x6f,0x6e,0x73,0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,
+0x55,0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,
+0x6f,0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,
+0x73,0x69,0x6f,0x6e,0x31,0x24,0x30,0x22,0x06,0x03,0x55,0x04,0x03,0x13,0x1b,0x54,
+0x68,0x61,0x77,0x74,0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x46,
+0x72,0x65,0x65,0x6d,0x61,0x69,0x6c,0x20,0x43,0x41,0x31,0x2b,0x30,0x29,0x06,0x09,
+0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01,0x16,0x1c,0x70,0x65,0x72,0x73,0x6f,
+0x6e,0x61,0x6c,0x2d,0x66,0x72,0x65,0x65,0x6d,0x61,0x69,0x6c,0x40,0x74,0x68,0x61,
+0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,
+0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
+0x02,0x81,0x81,0x00,0xd4,0x69,0xd7,0xd4,0xb0,0x94,0x64,0x5b,0x71,0xe9,0x47,0xd8,
+0x0c,0x51,0xb6,0xea,0x72,0x91,0xb0,0x84,0x5e,0x7d,0x2d,0x0d,0x8f,0x7b,0x12,0xdf,
+0x85,0x25,0x75,0x28,0x74,0x3a,0x42,0x2c,0x63,0x27,0x9f,0x95,0x7b,0x4b,0xef,0x7e,
+0x19,0x87,0x1d,0x86,0xea,0xa3,0xdd,0xb9,0xce,0x96,0x64,0x1a,0xc2,0x14,0x6e,0x44,
+0xac,0x7c,0xe6,0x8f,0xe8,0x4d,0x0f,0x71,0x1f,0x40,0x38,0xa6,0x00,0xa3,0x87,0x78,
+0xf6,0xf9,0x94,0x86,0x5e,0xad,0xea,0xc0,0x5e,0x76,0xeb,0xd9,0x14,0xa3,0x5d,0x6e,
+0x7a,0x7c,0x0c,0xa5,0x4b,0x55,0x7f,0x06,0x19,0x29,0x7f,0x9e,0x9a,0x26,0xd5,0x6a,
+0xbb,0x38,0x24,0x08,0x6a,0x98,0xc7,0xb1,0xda,0xa3,0x98,0x91,0xfd,0x79,0xdb,0xe5,
+0x5a,0xc4,0x1c,0xb9,0x02,0x03,0x01,0x00,0x01,0xa3,0x13,0x30,0x11,0x30,0x0f,0x06,
+0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0d,
+0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,
+0x00,0xc7,0xec,0x92,0x7e,0x4e,0xf8,0xf5,0x96,0xa5,0x67,0x62,0x2a,0xa4,0xf0,0x4d,
+0x11,0x60,0xd0,0x6f,0x8d,0x60,0x58,0x61,0xac,0x26,0xbb,0x52,0x35,0x5c,0x08,0xcf,
+0x30,0xfb,0xa8,0x4a,0x96,0x8a,0x1f,0x62,0x42,0x23,0x8c,0x17,0x0f,0xf4,0xba,0x64,
+0x9c,0x17,0xac,0x47,0x29,0xdf,0x9d,0x98,0x5e,0xd2,0x6c,0x60,0x71,0x5c,0xa2,0xac,
+0xdc,0x79,0xe3,0xe7,0x6e,0x00,0x47,0x1f,0xb5,0x0d,0x28,0xe8,0x02,0x9d,0xe4,0x9a,
+0xfd,0x13,0xf4,0xa6,0xd9,0x7c,0xb1,0xf8,0xdc,0x5f,0x23,0x26,0x09,0x91,0x80,0x73,
+0xd0,0x14,0x1b,0xde,0x43,0xa9,0x83,0x25,0xf2,0xe6,0x9c,0x2f,0x15,0xca,0xfe,0xa6,
+0xab,0x8a,0x07,0x75,0x8b,0x0c,0xdd,0x51,0x84,0x6b,0xe4,0xf8,0xd1,0xce,0x77,0xa2,
+0x81,};
+static const unsigned char cert_24 [] = {
+0x30,0x82,0x03,0x29,0x30,0x82,0x02,0x92,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,
+0x81,0xcf,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31,
+0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72,
+0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,
+0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73,
+0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13,
+0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53,
+0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e,
+0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1a,0x54,0x68,0x61,0x77,0x74,
+0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x50,0x72,0x65,0x6d,0x69,
+0x75,0x6d,0x20,0x43,0x41,0x31,0x2a,0x30,0x28,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
+0x0d,0x01,0x09,0x01,0x16,0x1b,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x2d,0x70,
+0x72,0x65,0x6d,0x69,0x75,0x6d,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,
+0x6d,0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
+0x30,0x5a,0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,
+0x5a,0x30,0x81,0xcf,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,
+0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,
+0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,
+0x07,0x13,0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1a,0x30,0x18,
+0x06,0x03,0x55,0x04,0x0a,0x13,0x11,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,
+0x6e,0x73,0x75,0x6c,0x74,0x69,0x6e,0x67,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,
+0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,
+0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,
+0x6f,0x6e,0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1a,0x54,0x68,0x61,
+0x77,0x74,0x65,0x20,0x50,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,0x20,0x50,0x72,0x65,
+0x6d,0x69,0x75,0x6d,0x20,0x43,0x41,0x31,0x2a,0x30,0x28,0x06,0x09,0x2a,0x86,0x48,
+0x86,0xf7,0x0d,0x01,0x09,0x01,0x16,0x1b,0x70,0x65,0x72,0x73,0x6f,0x6e,0x61,0x6c,
+0x2d,0x70,0x72,0x65,0x6d,0x69,0x75,0x6d,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,
+0x63,0x6f,0x6d,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
+0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,
+0xc9,0x66,0xd9,0xf8,0x07,0x44,0xcf,0xb9,0x8c,0x2e,0xf0,0xa1,0xef,0x13,0x45,0x6c,
+0x05,0xdf,0xde,0x27,0x16,0x51,0x36,0x41,0x11,0x6c,0x6c,0x3b,0xed,0xfe,0x10,0x7d,
+0x12,0x9e,0xe5,0x9b,0x42,0x9a,0xfe,0x60,0x31,0xc3,0x66,0xb7,0x73,0x3a,0x48,0xae,
+0x4e,0xd0,0x32,0x37,0x94,0x88,0xb5,0x0d,0xb6,0xd9,0xf3,0xf2,0x44,0xd9,0xd5,0x88,
+0x12,0xdd,0x76,0x4d,0xf2,0x1a,0xfc,0x6f,0x23,0x1e,0x7a,0xf1,0xd8,0x98,0x45,0x4e,
+0x07,0x10,0xef,0x16,0x42,0xd0,0x43,0x75,0x6d,0x4a,0xde,0xe2,0xaa,0xc9,0x31,0xff,
+0x1f,0x00,0x70,0x7c,0x66,0xcf,0x10,0x25,0x08,0xba,0xfa,0xee,0x00,0xe9,0x46,0x03,
+0x66,0x27,0x11,0x15,0x3b,0xaa,0x5b,0xf2,0x98,0xdd,0x36,0x42,0xb2,0xda,0x88,0x75,
+0x02,0x03,0x01,0x00,0x01,0xa3,0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,
+0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,
+0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x69,0x36,0x89,
+0xf7,0x34,0x2a,0x33,0x72,0x2f,0x6d,0x3b,0xd4,0x22,0xb2,0xb8,0x6f,0x9a,0xc5,0x36,
+0x66,0x0e,0x1b,0x3c,0xa1,0xb1,0x75,0x5a,0xe6,0xfd,0x35,0xd3,0xf8,0xa8,0xf2,0x07,
+0x6f,0x85,0x67,0x8e,0xde,0x2b,0xb9,0xe2,0x17,0xb0,0x3a,0xa0,0xf0,0x0e,0xa2,0x00,
+0x9a,0xdf,0xf3,0x14,0x15,0x6e,0xbb,0xc8,0x85,0x5a,0x98,0x80,0xf9,0xff,0xbe,0x74,
+0x1d,0x3d,0xf3,0xfe,0x30,0x25,0xd1,0x37,0x34,0x67,0xfa,0xa5,0x71,0x79,0x30,0x61,
+0x29,0x72,0xc0,0xe0,0x2c,0x4c,0xfb,0x56,0xe4,0x3a,0xa8,0x6f,0xe5,0x32,0x59,0x52,
+0xdb,0x75,0x28,0x50,0x59,0x0c,0xf8,0x0b,0x19,0xe4,0xac,0xd9,0xaf,0x96,0x8d,0x2f,
+0x50,0xdb,0x07,0xc3,0xea,0x1f,0xab,0x33,0xe0,0xf5,0x2b,0x31,0x89,};
+static const unsigned char cert_25 [] = {
+0x30,0x82,0x03,0x13,0x30,0x82,0x02,0x7c,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,
+0x81,0xc4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31,
+0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72,
+0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,
+0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1d,0x30,0x1b,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x14,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73,
+0x75,0x6c,0x74,0x69,0x6e,0x67,0x20,0x63,0x63,0x31,0x28,0x30,0x26,0x06,0x03,0x55,
+0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,
+0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,
+0x69,0x6f,0x6e,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13,0x10,0x54,0x68,
+0x61,0x77,0x74,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x41,0x31,0x26,
+0x30,0x24,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01,0x16,0x17,0x73,
+0x65,0x72,0x76,0x65,0x72,0x2d,0x63,0x65,0x72,0x74,0x73,0x40,0x74,0x68,0x61,0x77,
+0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x38,0x30,0x31,
+0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x32,
+0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x81,0xc4,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
+0x04,0x06,0x13,0x02,0x5a,0x41,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,
+0x0c,0x57,0x65,0x73,0x74,0x65,0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,
+0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,
+0x6e,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x0a,0x13,0x14,0x54,0x68,0x61,0x77,
+0x74,0x65,0x20,0x43,0x6f,0x6e,0x73,0x75,0x6c,0x74,0x69,0x6e,0x67,0x20,0x63,0x63,
+0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,
+0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,
+0x73,0x20,0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e,0x31,0x19,0x30,0x17,0x06,0x03,
+0x55,0x04,0x03,0x13,0x10,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x53,0x65,0x72,0x76,
+0x65,0x72,0x20,0x43,0x41,0x31,0x26,0x30,0x24,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
+0x0d,0x01,0x09,0x01,0x16,0x17,0x73,0x65,0x72,0x76,0x65,0x72,0x2d,0x63,0x65,0x72,
+0x74,0x73,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,0x30,0x81,0x9f,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,
+0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd3,0xa4,0x50,0x6e,0xc8,0xff,
+0x56,0x6b,0xe6,0xcf,0x5d,0xb6,0xea,0x0c,0x68,0x75,0x47,0xa2,0xaa,0xc2,0xda,0x84,
+0x25,0xfc,0xa8,0xf4,0x47,0x51,0xda,0x85,0xb5,0x20,0x74,0x94,0x86,0x1e,0x0f,0x75,
+0xc9,0xe9,0x08,0x61,0xf5,0x06,0x6d,0x30,0x6e,0x15,0x19,0x02,0xe9,0x52,0xc0,0x62,
+0xdb,0x4d,0x99,0x9e,0xe2,0x6a,0x0c,0x44,0x38,0xcd,0xfe,0xbe,0xe3,0x64,0x09,0x70,
+0xc5,0xfe,0xb1,0x6b,0x29,0xb6,0x2f,0x49,0xc8,0x3b,0xd4,0x27,0x04,0x25,0x10,0x97,
+0x2f,0xe7,0x90,0x6d,0xc0,0x28,0x42,0x99,0xd7,0x4c,0x43,0xde,0xc3,0xf5,0x21,0x6d,
+0x54,0x9f,0x5d,0xc3,0x58,0xe1,0xc0,0xe4,0xd9,0x5b,0xb0,0xb8,0xdc,0xb4,0x7b,0xdf,
+0x36,0x3a,0xc2,0xb5,0x66,0x22,0x12,0xd6,0x87,0x0d,0x02,0x03,0x01,0x00,0x01,0xa3,
+0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x05,0x30,
+0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
+0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x07,0xfa,0x4c,0x69,0x5c,0xfb,0x95,0xcc,0x46,
+0xee,0x85,0x83,0x4d,0x21,0x30,0x8e,0xca,0xd9,0xa8,0x6f,0x49,0x1a,0xe6,0xda,0x51,
+0xe3,0x60,0x70,0x6c,0x84,0x61,0x11,0xa1,0x1a,0xc8,0x48,0x3e,0x59,0x43,0x7d,0x4f,
+0x95,0x3d,0xa1,0x8b,0xb7,0x0b,0x62,0x98,0x7a,0x75,0x8a,0xdd,0x88,0x4e,0x4e,0x9e,
+0x40,0xdb,0xa8,0xcc,0x32,0x74,0xb9,0x6f,0x0d,0xc6,0xe3,0xb3,0x44,0x0b,0xd9,0x8a,
+0x6f,0x9a,0x29,0x9b,0x99,0x18,0x28,0x3b,0xd1,0xe3,0x40,0x28,0x9a,0x5a,0x3c,0xd5,
+0xb5,0xe7,0x20,0x1b,0x8b,0xca,0xa4,0xab,0x8d,0xe9,0x51,0xd9,0xe2,0x4c,0x2c,0x59,
+0xa9,0xda,0xb9,0xb2,0x75,0x1b,0xf6,0x42,0xf2,0xef,0xc7,0xf2,0x18,0xf9,0x89,0xbc,
+0xa3,0xff,0x8a,0x23,0x2e,0x70,0x47,};
+static const unsigned char cert_26 [] = {
+0x30,0x82,0x03,0x27,0x30,0x82,0x02,0x90,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,
+0x81,0xce,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,0x31,
+0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,0x72,
+0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x13,
+0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1d,0x30,0x1b,0x06,0x03,
+0x55,0x04,0x0a,0x13,0x14,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,0x73,
+0x75,0x6c,0x74,0x69,0x6e,0x67,0x20,0x63,0x63,0x31,0x28,0x30,0x26,0x06,0x03,0x55,
+0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,
+0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,0x73,
+0x69,0x6f,0x6e,0x31,0x21,0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x54,0x68,
+0x61,0x77,0x74,0x65,0x20,0x50,0x72,0x65,0x6d,0x69,0x75,0x6d,0x20,0x53,0x65,0x72,
+0x76,0x65,0x72,0x20,0x43,0x41,0x31,0x28,0x30,0x26,0x06,0x09,0x2a,0x86,0x48,0x86,
+0xf7,0x0d,0x01,0x09,0x01,0x16,0x19,0x70,0x72,0x65,0x6d,0x69,0x75,0x6d,0x2d,0x73,
+0x65,0x72,0x76,0x65,0x72,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,0x6d,
+0x30,0x1e,0x17,0x0d,0x39,0x36,0x30,0x38,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,
+0x5a,0x17,0x0d,0x32,0x30,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,
+0x30,0x81,0xce,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x5a,0x41,
+0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x08,0x13,0x0c,0x57,0x65,0x73,0x74,0x65,
+0x72,0x6e,0x20,0x43,0x61,0x70,0x65,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,
+0x13,0x09,0x43,0x61,0x70,0x65,0x20,0x54,0x6f,0x77,0x6e,0x31,0x1d,0x30,0x1b,0x06,
+0x03,0x55,0x04,0x0a,0x13,0x14,0x54,0x68,0x61,0x77,0x74,0x65,0x20,0x43,0x6f,0x6e,
+0x73,0x75,0x6c,0x74,0x69,0x6e,0x67,0x20,0x63,0x63,0x31,0x28,0x30,0x26,0x06,0x03,
+0x55,0x04,0x0b,0x13,0x1f,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,
+0x6f,0x6e,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x44,0x69,0x76,0x69,
+0x73,0x69,0x6f,0x6e,0x31,0x21,0x30,0x1f,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x54,
+0x68,0x61,0x77,0x74,0x65,0x20,0x50,0x72,0x65,0x6d,0x69,0x75,0x6d,0x20,0x53,0x65,
+0x72,0x76,0x65,0x72,0x20,0x43,0x41,0x31,0x28,0x30,0x26,0x06,0x09,0x2a,0x86,0x48,
+0x86,0xf7,0x0d,0x01,0x09,0x01,0x16,0x19,0x70,0x72,0x65,0x6d,0x69,0x75,0x6d,0x2d,
+0x73,0x65,0x72,0x76,0x65,0x72,0x40,0x74,0x68,0x61,0x77,0x74,0x65,0x2e,0x63,0x6f,
+0x6d,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
+0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd2,0x36,
+0x36,0x6a,0x8b,0xd7,0xc2,0x5b,0x9e,0xda,0x81,0x41,0x62,0x8f,0x38,0xee,0x49,0x04,
+0x55,0xd6,0xd0,0xef,0x1c,0x1b,0x95,0x16,0x47,0xef,0x18,0x48,0x35,0x3a,0x52,0xf4,
+0x2b,0x6a,0x06,0x8f,0x3b,0x2f,0xea,0x56,0xe3,0xaf,0x86,0x8d,0x9e,0x17,0xf7,0x9e,
+0xb4,0x65,0x75,0x02,0x4d,0xef,0xcb,0x09,0xa2,0x21,0x51,0xd8,0x9b,0xd0,0x67,0xd0,
+0xba,0x0d,0x92,0x06,0x14,0x73,0xd4,0x93,0xcb,0x97,0x2a,0x00,0x9c,0x5c,0x4e,0x0c,
+0xbc,0xfa,0x15,0x52,0xfc,0xf2,0x44,0x6e,0xda,0x11,0x4a,0x6e,0x08,0x9f,0x2f,0x2d,
+0xe3,0xf9,0xaa,0x3a,0x86,0x73,0xb6,0x46,0x53,0x58,0xc8,0x89,0x05,0xbd,0x83,0x11,
+0xb8,0x73,0x3f,0xaa,0x07,0x8d,0xf4,0x42,0x4d,0xe7,0x40,0x9d,0x1c,0x37,0x02,0x03,
+0x01,0x00,0x01,0xa3,0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
+0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
+0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x03,0x81,0x81,0x00,0x26,0x48,0x2c,0x16,0xc2,
+0x58,0xfa,0xe8,0x16,0x74,0x0c,0xaa,0xaa,0x5f,0x54,0x3f,0xf2,0xd7,0xc9,0x78,0x60,
+0x5e,0x5e,0x6e,0x37,0x63,0x22,0x77,0x36,0x7e,0xb2,0x17,0xc4,0x34,0xb9,0xf5,0x08,
+0x85,0xfc,0xc9,0x01,0x38,0xff,0x4d,0xbe,0xf2,0x16,0x42,0x43,0xe7,0xbb,0x5a,0x46,
+0xfb,0xc1,0xc6,0x11,0x1f,0xf1,0x4a,0xb0,0x28,0x46,0xc9,0xc3,0xc4,0x42,0x7d,0xbc,
+0xfa,0xab,0x59,0x6e,0xd5,0xb7,0x51,0x88,0x11,0xe3,0xa4,0x85,0x19,0x6b,0x82,0x4c,
+0xa4,0x0c,0x12,0xad,0xe9,0xa4,0xae,0x3f,0xf1,0xc3,0x49,0x65,0x9a,0x8c,0xc5,0xc8,
+0x3e,0x25,0xb7,0x94,0x99,0xbb,0x92,0x32,0x71,0x07,0xf0,0x86,0x5e,0xed,0x50,0x27,
+0xa6,0x0d,0xa6,0x23,0xf9,0xbb,0xcb,0xa6,0x07,0x14,0x42,};
+static const CSSM_DATA rootCertificates[] = {
+{ 891, (unsigned char *)cert_0 },
+{ 938, (unsigned char *)cert_1 },
+{ 641, (unsigned char *)cert_2 },
+{ 774, (unsigned char *)cert_3 },
+{ 775, (unsigned char *)cert_4 },
+{ 774, (unsigned char *)cert_5 },
+{ 774, (unsigned char *)cert_6 },
+{ 606, (unsigned char *)cert_7 },
+{ 510, (unsigned char *)cert_8 },
+{ 596, (unsigned char *)cert_9 },
+{ 596, (unsigned char *)cert_10 },
+{ 857, (unsigned char *)cert_11 },
+{ 954, (unsigned char *)cert_12 },
+{ 577, (unsigned char *)cert_13 },
+{ 576, (unsigned char *)cert_14 },
+{ 576, (unsigned char *)cert_15 },
+{ 568, (unsigned char *)cert_16 },
+{ 1081, (unsigned char *)cert_17 },
+{ 1081, (unsigned char *)cert_18 },
+{ 1081, (unsigned char *)cert_19 },
+{ 1081, (unsigned char *)cert_20 },
+{ 1081, (unsigned char *)cert_21 },
+{ 805, (unsigned char *)cert_22 },
+{ 817, (unsigned char *)cert_23 },
+{ 813, (unsigned char *)cert_24 },
+{ 791, (unsigned char *)cert_25 },
+{ 811, (unsigned char *)cert_26 },
+};
+static const int rootCertificateCount = 27;
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
//
// Schema.h
//
-#ifndef _H_SCHEMA
-#define _H_SCHEMA
+#ifndef _SECURITY_SCHEMA_H_
+#define _SECURITY_SCHEMA_H_
-//#include <Security/dlclient.h>
-#include <Security/SecKeychainAPI.h>
+#include <Security/SecKeychainItem.h>
namespace Security {
extern const CSSM_DBINFO DBInfo;
+// Certificate attributes and schema
+extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateCertType;
+extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateCertEncoding;
+extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificatePrintName;
+extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateAlias;
+extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateSubject;
+extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateIssuer;
+extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateSerialNumber;
+extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificateSubjectKeyIdentifier;
+extern const CSSM_DB_ATTRIBUTE_INFO kX509CertificatePublicKeyHash;
+
+extern const CSSM_DB_SCHEMA_ATTRIBUTE_INFO X509CertificateSchemaAttributeList[];
+extern const CSSM_DB_SCHEMA_INDEX_INFO X509CertificateSchemaIndexList[];
+extern const uint32 X509CertificateSchemaAttributeCount;
+extern const uint32 X509CertificateSchemaIndexCount;
+
+// UserTrust records attributes and schema
+extern const CSSM_DB_ATTRIBUTE_INFO kUserTrustTrustedCertificate;
+extern const CSSM_DB_ATTRIBUTE_INFO kUserTrustTrustedPolicy;
+
+extern const CSSM_DB_SCHEMA_ATTRIBUTE_INFO UserTrustSchemaAttributeList[];
+extern const CSSM_DB_SCHEMA_INDEX_INFO UserTrustSchemaIndexList[];
+extern const uint32 UserTrustSchemaAttributeCount;
+extern const uint32 UserTrustSchemaIndexCount;
+
} // end namespace Schema
} // end namespace KeychainCore
} // end namespace Security
-#endif // _H_SCHEMA
-
+#endif // !_SECURITY_SCHEMA_H_
divert(-1)
changecom(/*, */)
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
}
}')
+define(`startNewClass',
+`define(`indexIndex', 0)dnl
+define(`class', $1)dnl
+divert(2)dnl
+// $1 attributes
+const CSSM_DB_SCHEMA_ATTRIBUTE_INFO $1SchemaAttributeList[] =
+{
+divert(3)dnl
+// $1 indices
+const CSSM_DB_SCHEMA_INDEX_INFO $1SchemaIndexList[] =
+{')
+
+define(`endNewClass',
+`divert(2)dnl
+};
+
+const uint32 class()SchemaAttributeCount = sizeof(class()SchemaAttributeList) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO);
+
+divert(3)dnl
+` // Unique (primary) index'
+undivert(5)
+` // Secondary indices'
+undivert(6)dnl
+};
+
+const uint32 class()SchemaIndexCount = sizeof(class()SchemaIndexList) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO);
+
+undivert(4)dnl
+divert(0)dnl
+undivert(2)dnl
+undivert(3)dnl')
+
+define(`newAttributeBody',
+`{
+ifelse(index(`$1',`s'),-1,
+` CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER,
+ {(char *)$3},',
+` CSSM_DB_ATTRIBUTE_NAME_AS_STRING,
+ {$4},')
+ CSSM_DB_ATTRIBUTE_FORMAT_$7
+}')
+
+define(`simpleNewAttribute',
+`const CSSM_DB_ATTRIBUTE_INFO `k'class()$2 =
+newAttributeBody($*);
+')
+
+define(`newAttribute',
+`divert(2)dnl
+ { $3, $4, { $5, $6 }, CSSM_DB_ATTRIBUTE_FORMAT_$7 },
+divert(-1)
+ifelse(index(`$1',`S'),-1,`',
+`divert(4)dnl
+simpleNewAttribute($*)
+divert(-1)')dnl
+
+ifelse(index(`$1',`U'),-1,`',
+`divert(5)dnl
+ { $3, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+divert(-1)')dnl
+ifelse(index(`$1',`I'),-1,`',
+`define(`indexIndex', incr(indexIndex))dnl
+divert(6)dnl
+ { $3, indexIndex(), CSSM_DB_INDEX_NONUNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE },
+divert(-1)')')
+
/* Start of actual output */
divert(0)dnl
/*
`#include <Security/Schema.h>'
+`#include <Security/SecCertificate.h>'
+`#include <Security/TrustItem.h>'
`#include <Security/SecKeychainAPIPriv.h>'
`#include <Security/cssmapple.h>'
`#include <Security/utilities.h>'
attribute(`UIi', SecurityDomain, kSecSecurityDomainItemAttr, "SecurityDomain", 0, NULL, BLOB)
attribute(`UIi', Server, kSecServerItemAttr, "Server", 0, NULL, BLOB)
attribute(`UIi', Protocol, kSecProtocolItemAttr, "Protocol", 0, NULL, UINT32)
-attribute(`UIi', AuthType, kSecAuthTypeItemAttr, "AuthType", 0, NULL, BLOB)
+attribute(`UIi', AuthType, kSecAuthenticationTypeItemAttr, "AuthType", 0, NULL, BLOB)
attribute(`UIi', Port, kSecPortItemAttr, "Port", 0, NULL, UINT32)
attribute(`UIi', Path, kSecPathItemAttr, "Path", 0, NULL, BLOB)
endClass()
+startNewClass(X509Certificate)
+newAttribute(`UISs', CertType, kSecCertTypeItemAttr, "CertType", 0, NULL, UINT32)
+newAttribute(` Ss', CertEncoding, kSecCertEncodingItemAttr, "CertEncoding", 0, NULL, UINT32)
+newAttribute(` Ss', PrintName, kSecLabelItemAttr, "PrintName", 0, NULL, BLOB)
+newAttribute(` Ss', Alias, kSecAliasItemAttr, "Alias", 0, NULL, BLOB)
+newAttribute(` ISs', Subject, kSecSubjectItemAttr, "Subject", 0, NULL, BLOB)
+newAttribute(`UISs', Issuer, kSecIssuerItemAttr, "Issuer", 0, NULL, BLOB)
+newAttribute(`UISs', SerialNumber, kSecSerialNumberItemAttr, "SerialNumber", 0, NULL, BLOB)
+newAttribute(` ISs', SubjectKeyIdentifier, kSecSubjectKeyIdentifierItemAttr, "SubjectKeyIdentifier", 0, NULL, BLOB)
+newAttribute(` ISs', PublicKeyHash, kSecPublicKeyHashItemAttr, "PublicKeyHash", 0, NULL, BLOB)
+endNewClass()
+
+startNewClass(UserTrust)
+newAttribute(`UISs', TrustedCertificate, kSecTrustCertAttr, "TrustedCertificate", 0, NULL, BLOB)
+newAttribute(`UISs', TrustedPolicy, kSecTrustPolicyAttr, "TrustedPolicy", 0, NULL, BLOB)
+newAttribute(` Ss', PrintName, kSecLabelItemAttr, "PrintName", 0, NULL, BLOB)
+endNewClass()
+
+
divert(3)
static const CSSM_DB_RECORD_ATTRIBUTE_INFO Attributes[] =
{
case kSecGenericPasswordItemClass: return CSSM_DL_DB_RECORD_GENERIC_PASSWORD;
case kSecInternetPasswordItemClass: return CSSM_DL_DB_RECORD_INTERNET_PASSWORD;
case kSecAppleSharePasswordItemClass: return CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD;
- default: MacOSError::throwMe(errSecNoSuchClass);
+ default: return CSSM_DB_RECORDTYPE(itemClass);
}
}
case CSSM_DL_DB_RECORD_GENERIC_PASSWORD: return kSecGenericPasswordItemClass;
case CSSM_DL_DB_RECORD_INTERNET_PASSWORD: return kSecInternetPasswordItemClass;
case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD: return kSecAppleSharePasswordItemClass;
- default: return 0; // MacOSError::throwMe(errSecNoSuchClass);
+ default: return SecItemClass(recordType);
}
}
case kSecProtocolItemAttr: return kAppleshareProtocol;
/* Unique Internet password attributes */
case kSecSecurityDomainItemAttr: return kInternetSecurityDomain;
- case kSecAuthTypeItemAttr: return kInternetAuthType;
+ case kSecAuthenticationTypeItemAttr: return kInternetAuthType;
case kSecPortItemAttr: return kInternetPort;
case kSecPathItemAttr: return kInternetPath;
+ /* Unique Certificate attributes */
+ case kSecCertTypeItemAttr: return kX509CertificateCertType;
+ case kSecCertEncodingItemAttr: return kX509CertificateCertEncoding;
+ case kSecSubjectItemAttr: return kX509CertificateSubject;
+ case kSecIssuerItemAttr: return kX509CertificateIssuer;
+ case kSecSerialNumberItemAttr: return kX509CertificateSerialNumber;
+ case kSecSubjectKeyIdentifierItemAttr: return kX509CertificateSubjectKeyIdentifier;
+ case kSecPublicKeyHashItemAttr: return kX509CertificatePublicKeyHash;
+ /* Unique UserTrust attributes */
+ case kSecTrustCertAttr: return kUserTrustTrustedCertificate;
+ case kSecTrustPolicyAttr: return kUserTrustTrustedPolicy;
default: MacOSError::throwMe(errSecNoSuchAttr); // @@@ Not really but whatever.
}
}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecACL.h>
+
+#include "SecBridge.h"
+
+
+//
+// Local functions
+//
+static void setApplications(ACL *acl, CFArrayRef applicationList);
+
+
+CFTypeID
+SecACLGetTypeID(void)
+{
+ BEGIN_SECAPI
+
+ return gTypes().acl.typeId;
+
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+/*!
+ */
+OSStatus SecACLCreateFromSimpleContents(SecAccessRef accessRef,
+ CFArrayRef applicationList,
+ CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector,
+ SecACLRef *newAcl)
+{
+ BEGIN_SECAPI
+ RefPointer<Access> access = gTypes().access.required(accessRef);
+ RefPointer<ACL> acl = new ACL(*access, cfString(description), *promptSelector);
+ setApplications(acl, applicationList);
+ access->add(acl.get());
+ Required(newAcl) = gTypes().acl.handle(*acl);
+ END_SECAPI
+}
+
+
+/*!
+ */
+OSStatus SecACLRemove(SecACLRef aclRef)
+{
+ BEGIN_SECAPI
+ gTypes().acl.required(aclRef)->remove();
+ END_SECAPI
+}
+
+
+/*!
+ */
+OSStatus SecACLCopySimpleContents(SecACLRef aclRef,
+ CFArrayRef *applicationList,
+ CFStringRef *promptDescription, CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
+{
+ BEGIN_SECAPI
+ RefPointer<ACL> acl = gTypes().acl.required(aclRef);
+ switch (acl->form()) {
+ case ACL::allowAllForm:
+ Required(applicationList) = NULL;
+ Required(promptDescription) =
+ acl->promptDescription().empty() ? NULL
+ : makeCFString(acl->promptDescription());
+ Required(promptSelector) = acl->promptSelector();
+ break;
+ case ACL::appListForm:
+ Required(applicationList) =
+ makeCFArray(gTypes().trustedApplication, acl->applications());
+ Required(promptDescription) = makeCFString(acl->promptDescription());
+ Required(promptSelector) = acl->promptSelector();
+ break;
+ default:
+ return errSecACLNotSimple; // custom or unknown
+ }
+ END_SECAPI
+}
+
+OSStatus SecACLSetSimpleContents(SecACLRef aclRef,
+ CFArrayRef applicationList,
+ CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
+{
+ BEGIN_SECAPI
+ RefPointer<ACL> acl = gTypes().acl.required(aclRef);
+ acl->promptDescription() = description ? cfString(description) : "";
+ acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector;
+ if (applicationList) {
+ // application-list + prompt
+ acl->form(ACL::appListForm);
+ setApplications(acl, applicationList);
+ } else {
+ // allow-any
+ acl->form(ACL::allowAllForm);
+ }
+ acl->modify();
+ END_SECAPI
+}
+
+
+//
+// Stuff a CFArray-of-SecTrustedApplications into an ACL object
+//
+static void setApplications(ACL *acl, CFArrayRef applicationList)
+{
+ ACL::ApplicationList &appList = acl->applications();
+ appList.clear();
+ //@@@ should really use STL iterator overlay on CFArray. By hand...
+ CFIndex count = CFArrayGetCount(applicationList);
+ for (CFIndex n = 0; n < count; n++)
+ appList.push_back(gTypes().trustedApplication.required(
+ SecTrustedApplicationRef(CFArrayGetValueAtIndex(applicationList, n))));
+}
+
+
+//
+// Set and get the authorization tags of an ACL entry
+//
+OSStatus SecACLGetAuthorizations(SecACLRef acl,
+ CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 *tagCount)
+{
+ BEGIN_SECAPI
+ AclAuthorizationSet auths = gTypes().acl.required(acl)->authorizations();
+ if (Required(tagCount) < auths.size()) { // overflow
+ *tagCount = auths.size(); // report size required
+ CssmError::throwMe(paramErr);
+ }
+ *tagCount = auths.size();
+ copy(auths.begin(), auths.end(), tags);
+ END_SECAPI
+}
+
+OSStatus SecACLSetAuthorizations(SecACLRef aclRef,
+ CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount)
+{
+ BEGIN_SECAPI
+ RefPointer<ACL> acl = gTypes().acl.required(aclRef);
+ if (acl->isOwner()) // can't change rights of the owner ACL
+ MacOSError::throwMe(errSecInvalidOwnerEdit);
+ AclAuthorizationSet &auths = acl->authorizations();
+ auths.clear();
+ copy(tags, tags + tagCount, insert_iterator<AclAuthorizationSet>(auths, auths.begin()));
+ acl->modify();
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecACL
+ The functions provided in SecACL are for managing entries in the access control list.
+*/
+
+#ifndef _SECURITY_SECACL_H_
+#define _SECURITY_SECACL_H_
+
+#include <Security/SecBase.h>
+#include <Security/cssmtype.h>
+#include <Security/cssmapple.h>
+#include <CoreFoundation/CoreFoundation.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @function SecACLGetTypeID
+ @abstract Returns the type identifier of SecACL instances.
+ @result The CFTypeID of SecACL instances.
+*/
+CFTypeID SecACLGetTypeID(void);
+
+/*!
+ @function SecACLCreateFromSimpleContents
+ @abstract Creates a new access control list entry from the application list, description, and prompt selector provided and adds it to an item's access.
+ @param access An access reference.
+ @param applicationList An array of SecTrustedApplication instances that will be allowed access without prompting.
+ @param description The human readable name that will be used to refer to this item when the user is prompted.
+ @param promptSelector A pointer to a CSSM prompt selector.
+ @param newAcl A pointer to an access control list entry. On return, this points to the reference of the new access control list entry.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ */
+OSStatus SecACLCreateFromSimpleContents(SecAccessRef access,
+ CFArrayRef applicationList,
+ CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector,
+ SecACLRef *newAcl);
+
+/*!
+ @function SecACLRemove
+ @abstract Removes the access control list entry specified.
+ @param aclRef The reference to the access control list entry to remove.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ */
+OSStatus SecACLRemove(SecACLRef aclRef);
+
+/*!
+ @function SecACLGetSimpleContents
+ @abstract Returns the application list, description, and CSSM prompt selector for a given access control list entry.
+ @param acl An access control list entry reference.
+ @param applicationList On return, An array of SecTrustedApplication instances that will be allowed access without prompting, for the given access control list entry. The caller needs to call CFRelease on this array when it's no longer needed.
+ @param description On return, the human readable name that will be used to refer to this item when the user is prompted, for the given access control list entry. The caller needs to call CFRelease on this string when it's no longer needed.
+ @param promptSelector A pointer to a CSSM prompt selector. On return, this points to the CSSM prompt selector for the given access control list entry.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ */
+OSStatus SecACLCopySimpleContents(SecACLRef acl,
+ CFArrayRef *applicationList,
+ CFStringRef *description, CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector);
+
+/*!
+ @function SecACLSetSimpleContents
+ @abstract Sets the application list, description, and CSSM prompt selector for a given access control list entry.
+ @param acl A reference to the access control list entry to edit.
+ @param applicationList An application list reference.
+ @param description The human readable name that will be used to refer to this item when the user is prompted.
+ @param promptSelector A pointer to a CSSM prompt selector.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecACLSetSimpleContents(SecACLRef acl,
+ CFArrayRef applicationList,
+ CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector);
+
+/*!
+ @function SecACLGetAuthorizations
+ @abstract Retrieve the CSSM authorization tags of a given access control list entry.
+ @param acl An access control list entry reference.
+ @param tags On return, this points to the first item in an array of CSSM authorization tags.
+ @param tagCount On return, this points to the number of tags in the CSSM authorization tag array.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ */
+OSStatus SecACLGetAuthorizations(SecACLRef acl,
+ CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 *tagCount);
+
+/*!
+ @function SecACLSetAuthorizations
+ @abstract Sets the CSSM authorization tags of a given access control list entry.
+ @param acl An access control list entry reference.
+ @param tags A pointer to the first item in an array of CSSM authorization tags.
+ @param tagCount The number of tags in the CSSM authorization tag array.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecACLSetAuthorizations(SecACLRef acl,
+ CSSM_ACL_AUTHORIZATION_TAG *tags, uint32 tagCount);
+
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECACL_H_ */
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecAccess.h>
+#include <Security/Access.h>
+#include "SecBridge.h"
+
+
+//
+// CF boilerplate
+//
+CFTypeID SecAccessGetTypeID(void)
+{
+ BEGIN_SECAPI
+ return gTypes().access.typeId;
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+//
+// API bridge calls
+//
+/*!
+ * Create a new SecAccessRef that is set to the default configuration
+ * of a (newly created) security object.
+ */
+OSStatus SecAccessCreate(CFStringRef descriptor, CFArrayRef trustedList, SecAccessRef *accessRef)
+{
+ BEGIN_SECAPI
+ Required(descriptor);
+ RefPointer<Access> access;
+ if (trustedList) {
+ CFIndex length = CFArrayGetCount(trustedList);
+ ACL::ApplicationList trusted;
+ for (CFIndex n = 0; n < length; n++)
+ trusted.push_back(gTypes().trustedApplication.required(
+ SecTrustedApplicationRef(CFArrayGetValueAtIndex(trustedList, n))));
+ access = new Access(cfString(descriptor), trusted);
+ } else {
+ access = new Access(cfString(descriptor));
+ }
+ Required(accessRef) = gTypes().access.handle(*access);
+ END_SECAPI
+}
+
+
+/*!
+ */
+OSStatus SecAccessCreateFromOwnerAndACL(const CSSM_ACL_OWNER_PROTOTYPE *owner,
+ uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls,
+ SecAccessRef *accessRef)
+{
+ BEGIN_SECAPI
+ Required(accessRef); // preflight
+ RefPointer<Access> access = new Access(Required(owner), aclCount, &Required(acls));
+ *accessRef = gTypes().access.handle(*access);
+ END_SECAPI
+}
+
+
+/*!
+ */
+OSStatus SecAccessGetOwnerAndACL(SecAccessRef accessRef,
+ CSSM_ACL_OWNER_PROTOTYPE_PTR *owner,
+ uint32 *aclCount, CSSM_ACL_ENTRY_INFO_PTR *acls)
+{
+ BEGIN_SECAPI
+#if 0
+ gTypes().access.required(accessRef)->copyOwnerAndAcl(
+ Required(owner), Required(aclCount), Required(acls));
+#endif
+ END_SECAPI
+}
+
+
+/*!
+ */
+OSStatus SecAccessCopyACLList(SecAccessRef accessRef,
+ CFArrayRef *aclList)
+{
+ BEGIN_SECAPI
+ Required(aclList) = gTypes().access.required(accessRef)->copySecACLs();
+ END_SECAPI
+}
+
+
+/*!
+ */
+OSStatus SecAccessCopySelectedACLList(SecAccessRef accessRef,
+ CSSM_ACL_AUTHORIZATION_TAG action,
+ CFArrayRef *aclList)
+{
+ BEGIN_SECAPI
+ Required(aclList) = gTypes().access.required(accessRef)->copySecACLs(action);
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecAccess
+ SecAccess implements a way to set and manipulate access control rules and
+ restrictions on SecKeychainItems.
+*/
+
+#ifndef _SECURITY_SECACCESS_H_
+#define _SECURITY_SECACCESS_H_
+
+#include <Security/SecBase.h>
+#include <Security/cssmtype.h>
+#include <CoreFoundation/CFArray.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @function SecAccessGetTypeID
+ @abstract Returns the type identifier of SecAccess instances.
+ @result The CFTypeID of SecAccess instances.
+*/
+CFTypeID SecAccessGetTypeID(void);
+
+/*!
+ @function SecAccessCreate
+ @abstract Creates a new SecAccessRef that is set to the currently designated system default
+ configuration of a (newly created) security object. Note that the precise nature of
+ this default may change between releases.
+ @param descriptor The name of the item as it should appear in security dialogs
+ @param trustedlist A CFArray of TrustedApplicationRefs, specifying which applications
+ should be allowed to access an item without triggering confirmation dialogs.
+ If NULL, defaults to (just) the application creating the item. To set no applications,
+ pass a CFArray with no elements.
+ NOTE: This argument is not yet implemented. It is currently always treated as NULL.
+ @param accessRef On return, a pointer to the new access reference.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecAccessCreate(CFStringRef descriptor, CFArrayRef trustedlist, SecAccessRef *accessRef);
+
+/*!
+ @function SecAccessCreateFromOwnerAndACL
+ @abstract Creates a new SecAccessRef using the owner and access control list you provide.
+ @param owner A pointer to a CSSM access control list owner.
+ @param aclCount An unsigned 32-bit integer representing the number of items in the access control list.
+ @param acls A pointer to the access control list.
+ @param On return, a pointer to the new access reference.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecAccessCreateFromOwnerAndACL(const CSSM_ACL_OWNER_PROTOTYPE *owner, uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls, SecAccessRef *accessRef);
+
+/*!
+ @function SecAccessGetOwnerAndACL
+ @abstract Retrieves the owner and the access control list of a given access.
+ @param accessRef A reference to the access from which to retrieve the information.
+ @param owner On return, a pointer to the access control list owner.
+ @param aclCount On return, a pointer to an unsigned 32-bit integer representing the number of items in the access control list.
+ @param acls On return, a pointer to the access control list.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ */
+OSStatus SecAccessGetOwnerAndACL(SecAccessRef accessRef, CSSM_ACL_OWNER_PROTOTYPE_PTR *owner, uint32 *aclCount, CSSM_ACL_ENTRY_INFO_PTR *acls);
+
+/*!
+ @function SecAccessCopyACLList
+ @abstract Copies all the access control lists of a given access.
+ @param accessRef A reference to the access from which to retrieve the information.
+ @param aclList On return, a pointer to a new created CFArray of SecACL instances. The caller is responsible for calling CFRelease on this array.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecAccessCopyACLList(SecAccessRef accessRef, CFArrayRef *aclList);
+
+/*!
+ @function SecAccessCopySelectedACLList
+ @abstract Copies selected access control lists from a given access.
+ @param accessRef A reference to the access from which to retrieve the information.
+ @param action An authorization tag specifying what action with which to select the action control lists.
+ @param aclList On return, a pointer to the selected access control lists.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecAccessCopySelectedACLList(SecAccessRef accessRef, CSSM_ACL_AUTHORIZATION_TAG action, CFArrayRef *aclList);
+
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECACCESS_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecBase
+ SecBase contains common declarations for the Security functions.
+*/
+
+#ifndef _SECURITY_SECBASE_H_
+#define _SECURITY_SECBASE_H_
+
+#include <CoreFoundation/CFBase.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#ifndef __SEC_TYPES__
+#define __SEC_TYPES__
+
+/*!
+ @typedef SecKeychainRef
+ @abstract Contains information about a keychain.
+*/
+typedef struct OpaqueSecKeychainRef *SecKeychainRef;
+
+/*!
+ @typedef SecKeychainItemRef
+ @abstract Contains information about a keychain item.
+*/
+typedef struct OpaqueSecKeychainItemRef *SecKeychainItemRef;
+
+/*!
+ @typedef SecKeychainSearchRef
+ @abstract Contains information about a keychain search.
+*/
+typedef struct OpaqueSecKeychainSearchRef *SecKeychainSearchRef;
+
+/*!
+ @typedef SecKeychainAttrType
+ @abstract Represents a keychain attribute type.
+*/
+typedef OSType SecKeychainAttrType;
+
+/*!
+ @struct SecKeychainAttribute
+ @abstract Contains keychain attributes.
+ @field tag A 4-byte attribute tag.
+ @field length The length of the buffer pointed to by data.
+ @field data A pointer to the attribute data.
+*/
+struct SecKeychainAttribute
+{
+ SecKeychainAttrType tag;
+ UInt32 length;
+ void *data;
+};
+typedef struct SecKeychainAttribute SecKeychainAttribute;
+
+/*!
+ @typedef SecKeychainAttributePtr
+ @abstract Represents a pointer to a keychain attribute structure.
+*/
+typedef SecKeychainAttribute *SecKeychainAttributePtr;
+
+/*!
+ @typedef SecKeychainAttributeList
+ @abstract Represents a list of keychain attributes.
+ @field count An unsigned 32-bit integer that represents the number of keychain attributes in the array.
+ @field attr A pointer to the first keychain attribute in the array.
+*/
+struct SecKeychainAttributeList
+{
+ UInt32 count;
+ SecKeychainAttribute *attr;
+};
+typedef struct SecKeychainAttributeList SecKeychainAttributeList;
+
+/*!
+ @typedef SecKeychainStatus
+ @abstract Represents the status of a keychain.
+*/
+typedef UInt32 SecKeychainStatus;
+#endif
+
+/*!
+ @typedef SecTrustedApplicationRef
+ @abstract Contains information about a trusted application.
+*/
+typedef struct OpaqueSecTrustedApplicationRef *SecTrustedApplicationRef;
+
+/*!
+ @typedef SecPolicyRef
+ @abstract Contains information about a policy.
+*/
+typedef struct OpaqueSecPolicyRef *SecPolicyRef;
+
+/*!
+ @typedef SecCertificateRef
+ @abstract Contains information about a certificate.
+*/
+typedef struct OpaqueSecCertificateRef *SecCertificateRef;
+
+/*!
+ @typedef SecAccessRef
+ @abstract Contains information about an access.
+*/
+typedef struct OpaqueSecAccessRef *SecAccessRef;
+
+/*!
+ @typedef SecIdentityRef
+ @abstract Contains information about an identity.
+*/
+typedef struct OpaqueSecIdentityRef *SecIdentityRef;
+
+/*!
+ @typedef SecKeyRef
+ @abstract Contains information about a key.
+*/
+typedef struct OpaqueSecKeyRef *SecKeyRef;
+
+/*!
+ @typedef SecACLRef
+ @abstract Contains information about an access control list (ACL) entry.
+*/
+typedef struct OpaqueSecTrustRef *SecACLRef;
+
+/*!
+ @typedef SecKeychainAttributeInfo
+ @abstract Represents an attribute.
+ @field count The number of tag-format pairs in the respective arrays.
+ @field tag A pointer to the first attribute tag in the array.
+ @field format A pointer to the first attribute format in the array.
+ @discussion Each tag and format item form a pair.
+*/
+struct SecKeychainAttributeInfo
+{
+ UInt32 count;
+ UInt32 *tag;
+ UInt32 *format;
+};
+typedef struct SecKeychainAttributeInfo SecKeychainAttributeInfo;
+
+/*!
+@enum Security Error Codes
+@abstract Represents the result codes.
+@constant errSecNotAvailable No trust results are available.
+@constant errSecReadOnly Read only error.
+@constant errSecAuthFailed Authorization/Authentication failed.
+@constant errSecNoSuchKeychain The keychain does not exist.
+@constant errSecInvalidKeychain The keychain is not valid.
+@constant errSecDuplicateKeychain A keychain with the same name already exists.
+@constant errSecDuplicateCallback More than one callback of the same name exists.
+@constant errSecInvalidCallback The callback is not valid.
+@constant errSecDuplicateItem The item already exists.
+@constant errSecItemNotFound The item cannot be found.
+@constant errSecBufferTooSmall The buffer is too small.
+@constant errSecDataTooLarge The data is too large.
+@constant errSecNoSuchAttr The attribute does not exist.
+@constant errSecInvalidItemRef The item reference is invalid.
+@constant errSecInvalidSearchRef The search reference is invalid.
+@constant errSecNoSuchClass The keychain item class does not exist.
+@constant errSecNoDefaultKeychain A default keychain does not exist.
+@constant errSecInteractionNotAllowed Interaction is not allowed with the Security Server.
+@constant errSecReadOnlyAttr The attribute is read only.
+@constant errSecWrongSecVersion The version is incorrect.
+@constant errSecKeySizeNotAllowed The key size is not allowed.
+@constant errSecNoStorageModule There is no storage module available.
+@constant errSecNoCertificateModule There is no certificate module available.
+@constant errSecNoPolicyModule There is no policy module available.
+@constant errSecInteractionRequired User interaction is required.
+@constant errSecDataNotAvailable The data is not available.
+@constant errSecDataNotModifiable The data is not modifiable.
+@constant errSecCreateChainFailed The attempt to create a certificate chain failed.
+@constant errSecACLNotSimple The access control list is not in standard simple form.
+@constant errSecPolicyNotFound The policy specified cannot be found.
+@constant errSecInvalidTrustSetting The trust setting is invalid.
+@constant errSecNoAccessForItem The specified item has no access control.
+@discussion The assigned error space is discontinuous: -25240..-25279, -25290..25329.
+*/
+enum
+{
+ errSecNotAvailable = -25291,
+ errSecReadOnly = -25292,
+ errSecAuthFailed = -25293,
+ errSecNoSuchKeychain = -25294,
+ errSecInvalidKeychain = -25295,
+ errSecDuplicateKeychain = -25296,
+ errSecDuplicateCallback = -25297,
+ errSecInvalidCallback = -25298,
+ errSecDuplicateItem = -25299,
+ errSecItemNotFound = -25300,
+ errSecBufferTooSmall = -25301,
+ errSecDataTooLarge = -25302,
+ errSecNoSuchAttr = -25303,
+ errSecInvalidItemRef = -25304,
+ errSecInvalidSearchRef = -25305,
+ errSecNoSuchClass = -25306,
+ errSecNoDefaultKeychain = -25307,
+ errSecInteractionNotAllowed = -25308,
+ errSecReadOnlyAttr = -25309,
+ errSecWrongSecVersion = -25310,
+ errSecKeySizeNotAllowed = -25311,
+ errSecNoStorageModule = -25312,
+ errSecNoCertificateModule = -25313,
+ errSecNoPolicyModule = -25314,
+ errSecInteractionRequired = -25315,
+ errSecDataNotAvailable = -25316,
+ errSecDataNotModifiable = -25317,
+ errSecCreateChainFailed = -25318,
+
+ errSecACLNotSimple = -25240,
+ errSecPolicyNotFound = -25241,
+ errSecInvalidTrustSetting = -25242,
+ errSecNoAccessForItem = -25243,
+ errSecInvalidOwnerEdit = -25244
+};
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECBASE_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#ifndef _SECURITY_SECBRIDGE_H_
+#define _SECURITY_SECBRIDGE_H_
+
+#include <Security/Globals.h>
+#include <Security/KCUtilities.h>
+#include <Security/SecCFTypes.h>
+
+using namespace KeychainCore;
+
+//
+// API boilerplate macros. These provide a frame for C++ code that is impermeable to exceptions.
+// Usage:
+// BEGIN_API
+// ... your C++ code here ...
+// END_API // returns CSSM_RETURN on exception
+// END_API0 // returns nothing (void) on exception
+// END_API1(bad) // return (bad) on exception
+//
+#define BEGIN_SECAPI \
+ try { \
+ StLock<Mutex> _(globals().apiLock);
+#define END_SECAPI \
+ } \
+ catch (const MacOSError &err) { return err.osStatus(); } \
+ catch (const CssmCommonError &err) { return GetKeychainErrFromCSSMErr(err.cssmError())/*err.cssmError(CSSM_CSSM_BASE_ERROR)*/; } \
+ catch (const std::bad_alloc &) { return memFullErr; } \
+ catch (...) { return internalComponentErr; } \
+ return noErr;
+#define END_SECAPI0 } catch (...) { return; }
+#define END_SECAPI1(bad) } catch (...) { return bad; }
+
+#endif /* !_SECURITY_SECBRIDGE_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// SecCFTypes.cpp - CF runtime interface
+//
+
+#include <Security/SecCFTypes.h>
+
+using namespace KeychainCore;
+
+ModuleNexus<SecCFTypes> Security::KeychainCore::gTypes;
+
+SecCFTypes::SecCFTypes() :
+ access("SecAccess"),
+ acl("SecACL"),
+ certificate("SecCertificate"),
+ certificateRequest("SecCertificateRequest"),
+ identity("SecIdentity"),
+ identityCursor("SecIdentitySearch"),
+ item("SecKeychainItem"),
+ cursor("SecKeychainSearch"),
+ keychain("SecKeychain"),
+ keyItem("SecKey"),
+ policy("SecPolicy"),
+ policyCursor("SecPolicySearch"),
+ trust("SecTrust"),
+ trustedApplication("SecTrustedApplication")
+{
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// SecCFTypes.h - CF runtime interface
+//
+#ifndef _SECURITY_SECCFTYPES_H_
+#define _SECURITY_SECCFTYPES_H_
+
+#include <Security/Access.h>
+#include <Security/ACL.h>
+#include <Security/Certificate.h>
+#include <Security/CertificateRequest.h>
+#include <Security/Identity.h>
+#include <Security/IdentityCursor.h>
+#include <Security/Item.h>
+#include <Security/KCCursor.h>
+#include <Security/Keychains.h>
+#include <Security/KeyItem.h>
+#include <Security/Policies.h>
+#include <Security/PolicyCursor.h>
+#include <Security/Trust.h>
+#include <Security/TrustedApplication.h>
+
+//#include <Security/SecAccess.h>
+//#include <Security/SecCertificate.h>
+#include <Security/SecCertificateRequest.h>
+//#include <Security/SecIdentity.h>
+#include <Security/SecIdentitySearch.h>
+//#include <Security/SecKeychainItem.h>
+#include <Security/SecKeychainSearch.h>
+//#include <Security/SecKeychain.h>
+//#include <Security/SecKey.h>
+//#include <Security/SecPolicy.h>
+//#include <Security/SecACL.h>
+#include <Security/SecPolicySearch.h>
+#include <Security/SecTrust.h>
+//#include <Security/SecTrustedApplication.h>
+
+#include <Security/utilities.h>
+#include <map>
+
+namespace Security
+{
+
+namespace KeychainCore
+{
+
+/* Singleton that registers all the CFClass<> instances with the CFRuntime.
+
+ To make something a CFTypeRef you need to make the actual object inheirit from SecCFObject and provide implementation of the virtual functions in that class.
+
+ In addition to that you need to define an opque type for the C API like:
+ typedef struct __OpaqueYourObject *YourObjectRef;
+ and in the C++ headers you define something like:
+ typedef CFClass<YourObject, YourObjectRef> YourObjectClass;
+
+ Add an instance of the YourObjectClass to the public section of SecCFTypes below to get it registered with the CFRuntime.
+ YourObjectClass yourObject;
+
+
+ In your C++ code you should use RefPointer<YourObject> to refer to instances of your class. RefPointers are just like autopointers and implement * and -> semantics. They refcount the underlying object. So to create an instance or your new object you would do something like:
+
+ RefPointer<YourObject> instance(new YourObject());
+
+ RefPointers have copy semantics and if you subclass RefPointer and define a operator < on the subclass you can even safely store instances of your class in stl containers.
+
+ Use then like this:
+ instance->somemethod();
+ or if you want a reference to the underlying object:
+ YourObject &object = *instance;
+ if you want a pointer to the underlying object:
+ YourObject *object = instance.get();
+
+ In the API glue you will need to use:
+ RefPointer<YourObject> instance;
+ [...] get the instance somehow
+ return gTypes().yourObject.handle(*instance);
+ to return an opaque handle (the is a CFTypeRef) to your object.
+
+ when you obtain an object as input use:
+ SecYourObjectRef ref;
+ RefPointer<YourObject> instance = gTypes().yourObject.required(ref);
+ to get a RefPointer to an instance of your object fro the external CFTypeRef.
+*/
+class SecCFTypes
+{
+public:
+ SecCFTypes();
+
+public:
+ /* Add new instances of CFClass<> here that you want registered with the CF runtime. */
+
+ /* @@@ Error should be errSecInvalidAccessRef */
+ CFClass<Access, SecAccessRef, errSecInvalidItemRef> access;
+ /* @@@ Error should be errSecInvalidTrustedApplicationRef */
+ CFClass<ACL, SecACLRef, errSecInvalidItemRef> acl;
+ /* @@@ Error should be errSecInvalidCertificateRef */
+ CFClass<Certificate, SecCertificateRef, errSecInvalidItemRef> certificate;
+ /* @@@ Error should be errSecInvalidCertificateRequestRef */
+ CFClass<CertificateRequest, SecCertificateRequestRef, errSecInvalidItemRef> certificateRequest;
+ /* @@@ Error should be errSecInvalidIdentityRef */
+ CFClass<Identity, SecIdentityRef, errSecInvalidItemRef> identity;
+ CFClass<IdentityCursor, SecIdentitySearchRef, errSecInvalidSearchRef> identityCursor;
+ CFClass<ItemImpl, SecKeychainItemRef, errSecInvalidItemRef> item;
+ CFClass<KCCursorImpl, SecKeychainSearchRef, errSecInvalidSearchRef> cursor;
+ CFClass<KeychainImpl, SecKeychainRef, errSecInvalidKeychain> keychain;
+ /* @@@ Error should be errSecInvalidKeyRef */
+ CFClass<KeyItem, SecKeyRef, errSecInvalidItemRef> keyItem;
+ /* @@@ Error should be errSecInvalidPolicyRef */
+ CFClass<Policy, SecPolicyRef, errSecInvalidItemRef> policy;
+ /* @@@ Error should be errSecInvalidPolicySearchRef */
+ CFClass<PolicyCursor, SecPolicySearchRef, errSecInvalidSearchRef> policyCursor;
+ /* @@@ Error should be errSecInvalidTrustRef */
+ CFClass<Trust, SecTrustRef, errSecInvalidItemRef> trust;
+ /* @@@ Error should be errSecInvalidTrustedApplicationRef */
+ CFClass<TrustedApplication, SecTrustedApplicationRef, errSecInvalidItemRef> trustedApplication;
+
+public:
+ Mutex mapLock;
+ typedef std::map<SecCFObject *, const SecCFType *> Map;
+ Map map;
+};
+
+
+extern ModuleNexus<SecCFTypes> gTypes;
+
+} // end namespace KeychainCore
+
+} // end namespace Security
+
+
+#endif // !_SECURITY_SECCFTYPES_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecCertificate.h>
+
+#include "SecBridge.h"
+
+
+CFTypeID
+SecCertificateGetTypeID(void)
+{
+ BEGIN_SECAPI
+
+ return gTypes().certificate.typeId;
+
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+OSStatus
+SecCertificateCreateFromData(const CSSM_DATA *data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding, SecCertificateRef *certificate)
+{
+ BEGIN_SECAPI
+
+ RefPointer<Certificate> certificatePtr(new Certificate(Required(data), type, encoding));
+ Required(certificate) = gTypes().certificate.handle(*certificatePtr);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecCertificateAddToKeychain(SecCertificateRef certificate, SecKeychainRef keychain)
+{
+ BEGIN_SECAPI
+
+ Item item(gTypes().certificate.required(certificate));
+ Keychain::optional(keychain)->add(item);
+
+ END_SECAPI
+}
+
+OSStatus
+SecCertificateGetData(SecCertificateRef certificate, CSSM_DATA_PTR data)
+{
+ BEGIN_SECAPI
+
+ Required(data) = gTypes().certificate.required(certificate)->data();
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecCertificateGetType(SecCertificateRef certificate, CSSM_CERT_TYPE *certificateType)
+{
+ BEGIN_SECAPI
+
+ Required(certificateType) = gTypes().certificate.required(certificate)->type();
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecCertificateGetSubject(SecCertificateRef certificate, CSSM_X509_NAME* subject)
+{
+ BEGIN_SECAPI
+
+ gTypes().certificate.required(certificate)->getSubject(Required(subject));
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecCertificateGetIssuer(SecCertificateRef certificate, CSSM_X509_NAME* issuer)
+{
+ BEGIN_SECAPI
+
+ gTypes().certificate.required(certificate)->getIssuer(Required(issuer));
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecCertificateGetCLHandle(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle)
+{
+ BEGIN_SECAPI
+
+ Required(clHandle) = gTypes().certificate.required(certificate)->clHandle();
+
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecCertificate
+ The functions provided in SecCertificate implement and manage a particular type of keychain item that represents a certificate. You can store a certificate in a keychain, but a certificate can also be a transient object.
+
+ You can use a certificate as a keychain item in most functions.
+*/
+
+#ifndef _SECURITY_SECCERTIFICATE_H_
+#define _SECURITY_SECCERTIFICATE_H_
+
+#include <Security/SecBase.h>
+#include <Security/cssmtype.h>
+
+// @@@ Here for X509 specific defines
+#include <Security/x509defs.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+/*!
+ @enum CertificateItemAttributes
+ @abstract Indicates the type of a certificate item attribute.
+ @constant kSecSubjectItemAttr Indicates a DER-encoded subject distinguished name.
+ @constant kSecIssuerItemAttr Indicates a DER-encoded issuer distinguished name.
+ @constant kSecSerialNumberItemAttr Indicates a DER-encoded certificate serial number.
+ @constant kSecPublicKeyHashItemAttr Indicates a public key hash.
+ @constant kSecSubjectKeyIdentifierItemAttr Indicates a subject key identifier.
+ @constant kSecCertTypeItemAttr Indicates a certificate type.
+ @constant kSecCertEncodingItemAttr Indicates a certificate encoding.
+*/
+enum
+{
+ kSecSubjectItemAttr = 'subj',
+ kSecIssuerItemAttr = 'issu',
+ kSecSerialNumberItemAttr = 'snbr',
+ kSecPublicKeyHashItemAttr = 'hpky',
+ kSecSubjectKeyIdentifierItemAttr = 'skid',
+ kSecCertTypeItemAttr = 'ctyp',
+ kSecCertEncodingItemAttr = 'cenc'
+};
+
+/*!
+ @function SecCertificateGetTypeID
+ @abstract Returns the type identifier of SecCertificate instances.
+ @result The CFTypeID of SecCertificate instances.
+*/
+CFTypeID SecCertificateGetTypeID(void);
+
+#pragma mark ÑÑÑÑ Certificate Operations ÑÑÑÑ
+
+/*!
+ @function SecCertificateCreateFromData
+ @abstract Creates a certificate based on the input data, type, and encoding.
+ @param data A pointer to the certificate data.
+ @param type The certificate type as defined in cssmtype.h.
+ @param encoding The certificate encoding as defined in cssmtype.h.
+ @param certificate On return, a pointer to the newly created certificate reference.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecCertificateCreateFromData(const CSSM_DATA *data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding, SecCertificateRef *certificate);
+
+/*!
+ @function SecCertificateAddToKeychain
+ @abstract Adds a certificate to the keychain specified.
+ @param certificate A reference to the certificate to add to the keychain.
+ @param keychain A reference to the keychain to which to add the certificate. Pass NULL to add the certificate to the default keychain.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion This function call only works if the certificate was created using the SecCertificateCreateFromData function and the certificate has not yet been added to a keychain.
+*/
+OSStatus SecCertificateAddToKeychain(SecCertificateRef certificate, SecKeychainRef keychain);
+
+/*!
+ @function SecCertificateGetData
+ @abstract Retrieves the data for a given certificate.
+ @param certificate A reference to the certificate from which to retrieve the data.
+ @param data On return, a pointer to the data for the certificate specified. The caller must allocate the space for a CSSM_DATA structure before calling this function. This data pointer is only guaranteed to remain valid as long as the certificate remains unchanged and valid.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecCertificateGetData(SecCertificateRef certificate, CSSM_DATA_PTR data);
+
+/*!
+ @function SecCertificateGetItem
+ @abstract Retrieves the keychain item reference for a given certificate.
+ @param certificate A reference to the certificate from which to obtain the keychain item reference.
+ @param item On return, a pointer to the keychain item reference of the certificate specified. If the certificate is not based on a keychain item, the value of item is NULL.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecCertificateGetItem(SecCertificateRef certificate, SecKeychainItemRef *item);
+
+/*!
+ @function SecCertificateGetType
+ @abstract Retrieves the type for a given certificate.
+ @param certificate A reference to the certificate from which to obtain the type.
+ @param certificateType On return, a pointer to the certificate type of the certificate specified. Certificate types are defined in cssmtype.h
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecCertificateGetType(SecCertificateRef certificate, CSSM_CERT_TYPE *certificateType);
+
+/*!
+ @function SecCertificateGetSubject
+ @abstract Retrieves the subject for a given certificate.
+ @param certificate A reference to the certificate from which to obtain the subject.
+ @param subject On return, a pointer to the subject of the given certificate.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecCertificateGetSubject(SecCertificateRef certificate, CSSM_X509_NAME *subject);
+
+/*!
+ @function SecCertificateGetIssuer
+ @abstract Retrieves the issuer of a given certificate.
+ @param certificate A reference to the certificate from which to obtain the issuer.
+ @param issuer On return, a pointer to the issuer of the given certificate.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecCertificateGetIssuer(SecCertificateRef certificate, CSSM_X509_NAME *issuer);
+
+/*!
+ @function SecCertificateGetCLHandle
+ @abstract Retrieves the certificate library handle for a given certificate.
+ @param certificate A reference to the certificate from which to obtain the certificate library handle.
+ @param clHandle On return, a pointer to the certificate library handle of the given certificate. This handle remains valid at least as long as the certificate does.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecCertificateGetCLHandle(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECCERTIFICATE_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecCertificateBundle.h>
+
+#include "SecBridge.h"
+
+
+OSStatus
+SecCertificateBundleImport(
+ SecKeychainRef keychain,
+ const CSSM_CERT_BUNDLE* bundle,
+ CSSM_CERT_BUNDLE_TYPE type,
+ CSSM_CERT_BUNDLE_ENCODING encodingType,
+ CFArrayRef keychainListToSkipDuplicates)
+{
+ BEGIN_SECAPI
+
+ MacOSError::throwMe(unimpErr);//%%%for now
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecCertifcateBundleExport(
+ CFArrayRef itemList,
+ CSSM_CERT_BUNDLE_TYPE type,
+ CSSM_CERT_BUNDLE_ENCODING encodingType,
+ CSSM_DATA* data)
+{
+ BEGIN_SECAPI
+
+ MacOSError::throwMe(unimpErr);//%%%for now
+
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecCertificateBundle
+ The functions provided in SecCertificateBundle implement a way to issue a certificate request to a
+ certificate authority.
+*/
+
+#ifndef _SECURITY_SECCERTIFICATEBUNDLE_H_
+#define _SECURITY_SECCERTIFICATEBUNDLE_H_
+
+#include <Security/SecBase.h>
+#include <Security/cssmtype.h>
+#include <CoreFoundation/CFArray.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @function SecCertificateBundleImport
+ @abstract Imports one or more certificates into a keychain with the specified encoding and bundle type.
+ @param keychain The destination keychain for the import. Specify NULL for the default keychain.
+ @param bundle A pointer to the bundle data.
+ @param type The bundle type as defined in cssmtype.h.
+ @param encodingType The bundle encoding type as defined in cssmtype.h.
+ @param keychainListToSkipDuplicates A reference to an array of keychains. These keychains contain certificates that shouldn't be duplicated during the import.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecCertificateBundleImport(
+ SecKeychainRef keychain,
+ const CSSM_CERT_BUNDLE* bundle,
+ CSSM_CERT_BUNDLE_TYPE type,
+ CSSM_CERT_BUNDLE_ENCODING encodingType,
+ CFArrayRef keychainListToSkipDuplicates);
+
+/*!
+ @function SecCertifcateBundleExport
+ @abstract Exports one or more certificates into a bundle with the specified encoding and bundle type.
+ @param certificates An array of certificate and keychain items used to help build the bundle.
+ @param type The bundle type as defined in cssmtype.h. If the bundle type is unknown, an attempt will be made to determine the type for you.
+ @param encodingType The encoding type as defined in cssmtype.h.
+ @param data A pointer to data. On return, this points to the bundle data.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecCertifcateBundleExport(
+ CFArrayRef certificates,
+ CSSM_CERT_BUNDLE_TYPE type,
+ CSSM_CERT_BUNDLE_ENCODING encodingType,
+ CSSM_DATA* data);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECCERTIFICATEBUNDLE_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecCertificateRequest.h>
+
+#include "SecBridge.h"
+
+
+CFTypeID
+SecCertificateRequestGetTypeID(void)
+{
+ BEGIN_SECAPI
+
+ return gTypes().certificateRequest.typeId;
+
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+OSStatus
+SecCertificateRequestCreate(
+ SecPolicyRef policy,
+ CSSM_CERT_TYPE certificateType,
+ CSSM_TP_AUTHORITY_REQUEST_TYPE requestType,
+ SecCertificateRequestRef* certRequest)
+{
+ BEGIN_SECAPI
+
+ MacOSError::throwMe(unimpErr);//%%%for now
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecCertificateRequestSetPrivateKey(
+ SecCertificateRequestRef certRequest,
+ SecKeychainItemRef privateKeyItemRef)
+{
+ BEGIN_SECAPI
+
+ MacOSError::throwMe(unimpErr);//%%%for now
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecCertificateRequestSetAttribute(
+ SecCertificateRequestRef certRequest,
+ const CSSM_OID* oid,
+ const CSSM_DATA* value)
+{
+ BEGIN_SECAPI
+
+ MacOSError::throwMe(unimpErr);//%%%for now
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecCertificateRequestSubmit(
+ SecCertificateRequestRef certRequest,
+ SecKeychainRef keychain,
+ sint32* estimatedTime,
+ SecKeychainItemRef* certRequestItemRef)
+{
+ BEGIN_SECAPI
+
+ MacOSError::throwMe(unimpErr);//%%%for now
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecCertificateRequestCreateFromItem(
+ SecKeychainItemRef certRequestItemRef,
+ SecCertificateRequestRef* certRequestRef)
+{
+ BEGIN_SECAPI
+
+ MacOSError::throwMe(unimpErr);//%%%for now
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecCertificateRequestGetType(
+ SecCertificateRequestRef certRequestRef,
+ CSSM_TP_AUTHORITY_REQUEST_TYPE* requestType)
+{
+ BEGIN_SECAPI
+
+ MacOSError::throwMe(unimpErr);//%%%for now
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecCertificateRequestGetResult(
+ SecCertificateRequestRef certRequestRef,
+ sint32* estimatedTime,
+ SecCertificateRef* certificateRef)
+{
+ BEGIN_SECAPI
+
+ MacOSError::throwMe(unimpErr);//%%%for now
+
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecCertificateRequest
+ SecCertificateRequest implements a way to issue a certificate request to a
+ certificate authority.
+*/
+
+#ifndef _SECURITY_SECCERTIFICATEREQUEST_H_
+#define _SECURITY_SECCERTIFICATEREQUEST_H_
+
+#include <Security/SecBase.h>
+#include <Security/cssmtype.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @typedef SecCertificateRequestRef
+ @abstract Contains information about a certificate request.
+*/
+typedef struct OpaqueSecCertificateRequestRef *SecCertificateRequestRef;
+
+/*!
+ @function SecCertificateRequestGetTypeID
+ Returns the type identifier of all SecCertificateRequest instances.
+*/
+CFTypeID SecCertificateRequestGetTypeID(void);
+
+/*!
+ @function SecCertificateRequestCreate
+ Create a certificate request operation based on a policy and certificate type. If a policy is not specified, one will be chosen for the caller. Once the requeste is created, a request reference is returned. For this request reference, you can set attributes for it by using SecCertificateRequestSetAttribute(). To submit the request call SecCertificateRequestSubmit().
+ @param certificateType The certificate type (i.e. X509, PGP, etc). These types are in cssmtype.h
+ @param requestType The identifier to the type of request to submit (i.e. issue, verify, revoke, etc.). These are defined in cssmtype.h
+ @param certRequest A returned reference to the certificate request.
+ @result noErr 0 No error.
+*/
+OSStatus SecCertificateRequestCreate(
+ SecPolicyRef policy,
+ CSSM_CERT_TYPE certificateType,
+ CSSM_TP_AUTHORITY_REQUEST_TYPE requestType,
+ SecCertificateRequestRef* certRequest);
+
+/*!
+ @function SecCertificateRequestSetPrivateKey
+ For a given certificate request, set the private key for which the assocaited public key will be certified.
+ @param certRequest A reference to the certificate request.
+ @param privateKeyItemRef The keychain item private key to be used for this certificate request. The private key item must be of class type kSecAppleKeyItemClass.
+ @result noErr 0 No error.
+*/
+OSStatus SecCertificateRequestSetPrivateKey(
+ SecCertificateRequestRef certRequest,
+ SecKeychainItemRef privateKeyItemRef);
+
+/*!
+ @function SecCertificateRequestSetAttribute
+ For a given certificate request, set an optional attribute for the request. For example, an attribute can be the caller credentials or any other attribute needed for the certificate request operation.
+ @param oid An BER-encoded oid that defines the attribute (i.e. CSSMOID_CommonName, CSSMOID_SerialNumber, etc.)
+ @param value The value for the attribute.
+ @result noErr 0 No error.
+*/
+OSStatus SecCertificateRequestSetAttribute(
+ SecCertificateRequestRef certRequest,
+ const CSSM_OID* oid,
+ const CSSM_DATA* value);
+
+/*!
+ @function SecCertificateRequestSubmit
+ Submit a certificate request to be processed by the Security framework. Once the request is submitted, an estimated time is returned indicating when the request results can be retrieved. Once the estimated time has elapsed, obtain the result by calling SecCertificateRequestGetResult().
+ @param certRequest A reference to the certificate request.
+ @param keychain The keychain in which to store the new certificate (for a new cert request) and the cert request item reference.
+ @param estimatedTime The number of estimated seconds before the result can be retrieved.
+ @param certRequestItemRef The returned persistent reference for the submitted request. This item is stored in the keychain specified by the keychain parameter. This item can be viewed as an certificate request operation that is still pending.
+ @result noErr 0 No error.
+*/
+OSStatus SecCertificateRequestSubmit(
+ SecCertificateRequestRef certRequest,
+ SecKeychainRef keychain,
+ sint32* estimatedTime,
+ SecKeychainItemRef* certRequestItemRef);
+
+/*!
+ @function SecCertificateRequestCreateFromItem
+ Given a keychain item reference (a persistent reference for a certificate request), create a certificate request reference to be used by subsuequent calls that take a SecCertificateRequestRef. The keychain item must be obtained by calling SecKeychainSearchCreateFromAttributes() and SecKeychainCopySearchNextItem() for an item with the class of kSecAppleCertificateRequestItemClass.
+ @param certRequestItemRef A keychain item reference for the certificate request(%%%kSecGenericPasswordItemClass?)
+ @param certRequestRef The returned certificate request reference.
+ @result noErr 0 No error.
+*/
+OSStatus SecCertificateRequestCreateFromItem(
+ SecKeychainItemRef certRequestItemRef,
+ SecCertificateRequestRef* certRequestRef);
+
+/*!
+ @function SecCertificateRequestGetType
+ Returns the certificate request type (i.e. issue, revoke, etc) for a given certificate request item reference.
+ @param certRequestRef A reference to a submitted request.
+ @param requestType The returned request type.
+ @result noErr 0 No error.
+*/
+OSStatus SecCertificateRequestGetType(
+ SecCertificateRequestRef certRequestRef,
+ CSSM_TP_AUTHORITY_REQUEST_TYPE* requestType);
+
+/*!
+ @function SecCertificateRequestGetResult
+ Get the results of a certificate request. If the request is still pending, the estimated time will be returned which indicates when to call this function again.
+ @param certRequestRef A reference for the submitted request.
+ @param estimatedTime The number of estimated seconds before the result can be retrieved.
+ @param certficateRef The returned certificate reference for a CSSM_TP_AUTHORITY_REQUEST_CERTISSUE only. All other request types return NULL here.
+ @result noErr 0 No error.
+*/
+OSStatus SecCertificateRequestGetResult(
+ SecCertificateRequestRef certRequestRef,
+ sint32* estimatedTime,
+ SecCertificateRef* certificateRef);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECCERTIFICATEREQUEST_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecIdentity.h>
+
+#include "SecBridge.h"
+
+
+CFTypeID
+SecIdentityGetTypeID(void)
+{
+ BEGIN_SECAPI
+
+ return gTypes().identity.typeId;
+
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+OSStatus
+SecIdentityCopyCertificate(
+ SecIdentityRef identityRef,
+ SecCertificateRef *certificateRef)
+{
+ BEGIN_SECAPI
+
+ RefPointer<Certificate> certificatePtr(gTypes().identity.required(identityRef)->certificate());
+ Required(certificateRef) = gTypes().certificate.handle(*certificatePtr);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecIdentityCopyPrivateKey(
+ SecIdentityRef identityRef,
+ SecKeyRef *privateKeyRef)
+{
+ BEGIN_SECAPI
+
+ RefPointer<KeyItem> keyItemPtr(gTypes().identity.required(identityRef)->privateKey());
+ Required(privateKeyRef) = gTypes().keyItem.handle(*keyItemPtr);
+
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecIdentity
+ The functions provided in SecIdentity implement a convenient way to match private keys with certificates.
+*/
+
+#ifndef _SECURITY_SECIDENTITY_H_
+#define _SECURITY_SECIDENTITY_H_
+
+#include <Security/SecBase.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @function SecIdentityGetTypeID
+ @abstract Returns the type identifier of SecIdentity instances.
+ @result The CFTypeID of SecIdentity instances.
+*/
+CFTypeID SecIdentityGetTypeID(void);
+
+/*!
+ @function SecIdentityGetCertificate
+ @abstract Returns a reference to a certificate for the given identity reference.
+ @param identityRef An identity reference.
+ @param certificateRef On return, a pointer to the found certificate reference.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecIdentityCopyCertificate(
+ SecIdentityRef identityRef,
+ SecCertificateRef *certificateRef);
+
+/*!
+ @function SecIdentityGetPrivateKey
+ @abstract Returns the private key associated with an identity.
+ @param identityRef An identity reference.
+ @param privateKeyRef On return, a pointer to the private key for the given identity. The private key must be of class type kSecAppleKeyItemClass.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecIdentityCopyPrivateKey(
+ SecIdentityRef identityRef,
+ SecKeyRef *privateKeyRef);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECIDENTITY_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecIdentitySearch.h>
+
+#include "SecBridge.h"
+
+
+CFTypeID
+SecIdentitySearchGetTypeID(void)
+{
+ BEGIN_SECAPI
+
+ return gTypes().identityCursor.typeId;
+
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+OSStatus
+SecIdentitySearchCreate(
+ CFTypeRef keychainOrArray,
+ CSSM_KEYUSE keyUsage,
+ SecIdentitySearchRef *searchRef)
+{
+ BEGIN_SECAPI
+
+ Required(searchRef);
+
+ StorageManager::KeychainList keychains;
+ globals().storageManager.optionalSearchList(keychainOrArray, keychains);
+ RefPointer<IdentityCursor> identityCursor(new IdentityCursor (keychains, keyUsage));
+ *searchRef = gTypes().identityCursor.handle(*identityCursor);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecIdentitySearchCopyNext(
+ SecIdentitySearchRef searchRef,
+ SecIdentityRef *identityRef)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(identityRef);
+ RefPointer<Identity> identityPtr;
+ if (!gTypes().identityCursor.required(searchRef)->next(identityPtr))
+ return errSecItemNotFound;
+
+ *identityRef = gTypes().identity.handle(*identityPtr);
+
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecIdentitySearch
+ The functions provided in SecIdentitySearch implement a query for SecIdentity objects.
+*/
+
+#ifndef _SECURITY_SECIDENTITYSEARCH_H_
+#define _SECURITY_SECIDENTITYSEARCH_H_
+
+#include <Security/SecBase.h>
+#include <Security/cssmtype.h>
+#include <CoreFoundation/CFArray.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @typedef SecIdentitySearchRef
+ @abstract Contains information about an identity search.
+*/
+typedef struct OpaqueSecIdentitySearchRef *SecIdentitySearchRef;
+
+/*!
+ @function SecIdentitySearchGetTypeID
+ @abstract Returns the type identifier of SecIdentitySearch instances.
+ @result The CFTypeID of SecIdentitySearch instances.
+*/
+CFTypeID SecIdentitySearchGetTypeID(void);
+
+/*!
+ @function SecIdentitySearchCreate
+ @abstract Creates a search reference for finding identities.
+ @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list.
+ @param keyUsage A CSSM_KEYUSE value as defined in cssmtype.h. Control the search by specifying the key usage for the identity. Pass in 0 if you want all identities returned by this search. Passing in CSSM_KEYUSE_ANY will limit the identities returned to those that can be used for every operation.
+ @param searchRef On return, a pointer to the identity search reference. You must release the identity search reference by calling the CFRelease function.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion You can set values for key usage, and one or more policies, to control the search for identities. You can use the returned search reference to obtain the remaining identities in subsequent calls to the SecIentitySearchCopyNext function. You must release the identity search reference by calling the CFRelease function.
+*/
+OSStatus SecIdentitySearchCreate(CFTypeRef keychainOrArray, CSSM_KEYUSE keyUsage, SecIdentitySearchRef *searchRef);
+
+/*!
+ @function SecIdentitySearchCopyNext
+ @abstract Finds the next identity matching the given search criteria, as previously specified by a call to SecKeychainIdentitySearchCreate.
+ @param searchRef A reference to the current identity search. You create the identity search reference by calling the SecIdentitySearchCreate function.
+ @param identity On return, a pointer to an identity reference of the next matching identity, if any. You must call the CFRelease function when finished with the identity search reference.
+ @result A result code. When there are no more identities that match the parameters specified to SecPolicySearchCreate, errSecItemNotFound is returned. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecIdentitySearchCopyNext(SecIdentitySearchRef searchRef, SecIdentityRef *identity);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECIDENTITYSEARCH_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecKey.h>
+
+#include "SecBridge.h"
+
+CFTypeID
+SecKeyGetTypeID(void)
+{
+ BEGIN_SECAPI
+
+ return gTypes().keyItem.typeId;
+
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+OSStatus
+SecKeyCreatePair(
+ SecKeychainRef keychain,
+ CSSM_ALGORITHMS algorithm,
+ UInt32 keySizeInBits,
+ CSSM_KEYUSE publicKeyUsage,
+ uint32 publicKeyAttr,
+ SecKeychainItemRef* publicKeyItemRef,
+ CSSM_KEYUSE privateKeyUsage,
+ uint32 privateKeyAttr,
+ SecKeychainItemRef* privateKeyItemRef,
+ SecAccessRef initialAccess)
+{
+ BEGIN_SECAPI
+
+ MacOSError::throwMe(unimpErr);//%%%for now
+
+ END_SECAPI
+}
+
+OSStatus
+SecKeyGetCSSMKey(SecKeyRef key, const CSSM_KEY **cssmKey)
+{
+ BEGIN_SECAPI
+
+ Required(cssmKey) = &gTypes().keyItem.required(key)->cssmKey();
+
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecKey
+ The functions provided in SecKey implement a particular type of SecKeychainItem which represents a key. SecKeys might be stored in a SecKeychain, but can also be used as transient object representing keys.
+
+ Most SecKeychainItem* functions will work on an SecKeyRef.
+*/
+
+#ifndef _SECURITY_SECKEY_H_
+#define _SECURITY_SECKEY_H_
+
+#include <Security/SecBase.h>
+#include <Security/cssmtype.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @function SecKeyGetTypeID
+ @abstract Returns the type identifier of SecKey instances.
+ @result The CFTypeID of SecKey instances.
+*/
+CFTypeID SecKeyGetTypeID(void);
+
+/*!
+ @function SecKeyCreatePair
+ @abstract Creates an asymmetric key pair and stores it in the keychain specified by the keychain parameter.
+ @param keychain A reference to the keychain in which to store the private and public key items. Specify NULL for the default keychain.
+ @param algorithm An algorithm for the key pair.
+ @param keySizeInBits A key size for the key pair.
+ @param publicKeyUsage A bit mask indicating all permitted uses for the new public key. The bit mask values are defined in cssmtype.h
+ @param publicKeyAttr A bit mask defining attribute values for the new public key. The bit mask values are equivalent to a CSSM_KEYATTR_FLAGS and are defined in cssmtype.h
+ @param publicKey A pointer to the keychain item reference of the new public key. Use the SecKeyGetCSSMKey function to obtain the CSSM_KEY. The public key item must be of class type kSecAppleKeyItemClass.
+ @param privateKeyUsage A bit mask indicating all permitted uses for the new private key. The bit mask values are defined in cssmtype.h
+ @param privateKeyAttr A bit mask defining attribute values for the new private key. The bit mask values are equivalent to a CSSM_KEYATTR_FLAGS and are defined in cssmtype.h
+ @param privateKey A pointer to the keychain item reference of the new private key. Use the SecKeyGetCSSMKey function to obtain the CSSM_KEY. The private key item must be of class type kSecAppleKeyItemClass.
+ @param initialAccess A reference to an initial access to use for each of the keys returned.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeyCreatePair(
+ SecKeychainRef keychain,
+ CSSM_ALGORITHMS algorithm,
+ uint32 keySizeInBits,
+ CSSM_KEYUSE publicKeyUsage,
+ uint32 publicKeyAttr,
+ SecKeyRef* publicKey,
+ CSSM_KEYUSE privateKeyUsage,
+ uint32 privateKeyAttr,
+ SecKeyRef* privateKey,
+ SecAccessRef initialAccess);
+
+/*!
+ @function SecKeyGetCSSMKey
+ @abstract Returns a pointer to the CSSM_KEY for the given key item reference.
+ @param key A keychain key item reference. The key item must be of class type kSecAppleKeyItemClass.
+ @param cssmKey A pointer to a CSSM_KEY structure for the given key. The caller should not modify or free this data as it is owned by the library.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion The CSSM_KEY is valid until the key item reference is released.
+*/
+OSStatus SecKeyGetCSSMKey(SecKeyRef key, const CSSM_KEY **cssmKey);
+
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECKEY_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecKeychainAPIPriv.h>
+#include <Security/SecKeychain.h>
+#include <Security/cssmdata.h>
+#include <Security/KCExceptions.h>
+#include "SecBridge.h"
+#include "CCallbackMgr.h"
+#include "Schema.h"
+
+
+CFTypeID
+SecKeychainGetTypeID(void)
+{
+ BEGIN_SECAPI
+
+ return gTypes().keychain.typeId;
+
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+OSStatus
+SecKeychainGetVersion(UInt32 *returnVers)
+{
+ if (!returnVers)
+ return noErr;
+
+ *returnVers = 0x02028000;
+ return noErr;
+}
+
+
+OSStatus
+SecKeychainOpen(const char *pathName, SecKeychainRef *keychainRef)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(keychainRef)=gTypes().keychain.handle(*globals().storageManager.make(pathName));
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainCreate(const char *pathName, UInt32 passwordLength, const void *password,
+ Boolean promptUser, SecAccessRef initialAccess, SecKeychainRef *keychainRef)
+{
+ BEGIN_SECAPI
+
+ KCThrowParamErrIf_(!pathName);
+ Keychain keychain = globals().storageManager.make(pathName);
+
+ // @@@ the call to StorageManager::make above leaves keychain the the cache.
+ // If the create below fails we should probably remove it.
+ if(promptUser)
+ keychain->create();
+ else
+ {
+ KCThrowParamErrIf_(!password);
+ keychain->create(passwordLength, password);
+ }
+ RequiredParam(keychainRef)=gTypes().keychain.handle(*keychain);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainDelete(SecKeychainRef keychainOrArray)
+{
+ BEGIN_SECAPI
+
+ StorageManager::KeychainList keychains;
+ globals().storageManager.optionalSearchList(keychainOrArray, keychains);
+ globals().storageManager.remove(keychains, true);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainSetSettings(SecKeychainRef keychainRef, const SecKeychainSettings *newSettings)
+{
+ BEGIN_SECAPI
+
+ Keychain keychain = Keychain::optional(keychainRef);
+ if (newSettings->version==SEC_KEYCHAIN_SETTINGS_VERS1)
+ {
+ UInt32 lockInterval=newSettings->lockInterval;
+ bool lockOnSleep=newSettings->lockOnSleep;
+ keychain->setSettings(lockInterval, lockOnSleep);
+ }
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainCopySettings(SecKeychainRef keychainRef, SecKeychainSettings *outSettings)
+{
+ BEGIN_SECAPI
+
+ Keychain keychain = Keychain::optional(keychainRef);
+ if (outSettings->version==SEC_KEYCHAIN_SETTINGS_VERS1)
+ {
+ UInt32 lockInterval;
+ bool lockOnSleep;
+
+ keychain->getSettings(lockInterval, lockOnSleep);
+ outSettings->lockInterval=lockInterval;
+ outSettings->lockOnSleep=lockOnSleep;
+ }
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainUnlock(SecKeychainRef keychainRef, UInt32 passwordLength, void *password, Boolean usePassword)
+{
+ BEGIN_SECAPI
+
+ Keychain keychain = Keychain::optional(keychainRef);
+
+ if(usePassword)
+ keychain->unlock(CssmData(password,passwordLength));
+ else
+ keychain->unlock();
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainLock(SecKeychainRef keychainRef)
+{
+ BEGIN_SECAPI
+
+ Keychain keychain = Keychain::optional(keychainRef);
+ keychain->lock();
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainLockAll(void)
+{
+ BEGIN_SECAPI
+
+ globals().storageManager.lockAll();
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainCopyDefault(SecKeychainRef *keychainRef)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(keychainRef)=gTypes().keychain.handle(*globals().defaultKeychain.keychain());
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainSetDefault(SecKeychainRef keychainRef)
+{
+ BEGIN_SECAPI
+
+ globals().defaultKeychain.keychain(Keychain::optional(keychainRef));
+
+ END_SECAPI
+}
+
+OSStatus SecKeychainCopySearchList(CFArrayRef* searchList)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(searchList);
+ StorageManager &smr = globals().storageManager;
+ StorageManager::KeychainList keychainList;
+ smr.getSearchList(keychainList);
+ *searchList = smr.convertFromKeychainList(keychainList);
+
+ END_SECAPI
+}
+
+OSStatus SecKeychainSetSearchList(CFArrayRef searchList)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(searchList);
+ StorageManager &smr = globals().storageManager;
+ StorageManager::KeychainList keychainList;
+ smr.convertToKeychainList(searchList, keychainList);
+ smr.setSearchList(keychainList);
+
+ END_SECAPI
+}
+
+OSStatus
+SecKeychainGetStatus(SecKeychainRef keychainRef, SecKeychainStatus *keychainStatus)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(keychainStatus) = (SecKeychainStatus)Keychain::optional(keychainRef)->status();
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainGetPath(SecKeychainRef keychainRef, UInt32 * ioPathLength, char *pathName)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(pathName);
+
+ const char *name = Keychain::optional(keychainRef)->name();
+ UInt32 nameLen = strlen(name);
+ if (nameLen+1 > *ioPathLength) // if the client's buffer is too small (including null-termination), throw
+ CssmError::throwMe(CSSMERR_CSSM_BUFFER_TOO_SMALL);
+ strncpy(pathName, name, nameLen);
+ pathName[nameLen] = 0;
+ *ioPathLength = nameLen; // set the length.
+
+ END_SECAPI
+}
+
+
+// @@@ Depricated
+UInt16
+SecKeychainListGetCount(void)
+{
+ BEGIN_SECAPI
+
+ return globals().storageManager.size();
+
+ END_SECAPI1(0)
+}
+
+
+// @@@ Depricated
+OSStatus
+SecKeychainListCopyKeychainAtIndex(UInt16 index, SecKeychainRef *keychainRef)
+{
+ BEGIN_SECAPI
+
+ KeychainCore::StorageManager &smgr=KeychainCore::globals().storageManager;
+ RequiredParam(keychainRef)=gTypes().keychain.handle(*smgr[index]);
+
+ END_SECAPI
+}
+
+
+// @@@ Depricated
+OSStatus
+SecKeychainListRemoveKeychain(SecKeychainRef *keychainRef)
+{
+ BEGIN_SECAPI
+
+ Required(keychainRef);
+ Keychain keychain = Keychain::optional(*keychainRef);
+ StorageManager::KeychainList keychainList;
+ keychainList.push_back(keychain);
+ globals().storageManager.remove(keychainList);
+ *keychainRef = NULL;
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainAttributeInfoForItemID(SecKeychainRef keychainRef, UInt32 itemID, SecKeychainAttributeInfo **info)
+{
+ BEGIN_SECAPI
+
+ Keychain keychain = Keychain::optional(keychainRef);
+ keychain->getAttributeInfoForItemID(itemID, info);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainFreeAttributeInfo(SecKeychainAttributeInfo *info)
+{
+ BEGIN_SECAPI
+
+ KeychainImpl::freeAttributeInfo(info);
+
+ END_SECAPI
+}
+
+
+pascal OSStatus
+SecKeychainAddCallback(SecKeychainCallback callbackFunction, SecKeychainEventMask eventMask, void* userContext)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(callbackFunction);
+ CCallbackMgr::AddCallback(callbackFunction,eventMask,userContext);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainRemoveCallback(SecKeychainCallback callbackFunction)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(callbackFunction);
+ CCallbackMgr::RemoveCallback(callbackFunction);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainAddInternetPassword(SecKeychainRef keychainRef, UInt32 serverNameLength, const char *serverName, UInt32 securityDomainLength, const char *securityDomain, UInt32 accountNameLength, const char *accountName, UInt32 pathLength, const char *path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef)
+{
+ BEGIN_SECAPI
+
+ KCThrowParamErrIf_(passwordLength!=0 && passwordData==NULL);
+ // @@@ Get real itemClass
+ Item item(kSecInternetPasswordItemClass, 'aapl', passwordLength, passwordData);
+
+ if (serverName && serverNameLength)
+ item->setAttribute(Schema::attributeInfo(kSecServerItemAttr),
+ CssmData(const_cast<void *>(reinterpret_cast<const void *>(serverName)), serverNameLength));
+
+ if (accountName && accountNameLength)
+ {
+ CssmData account(const_cast<void *>(reinterpret_cast<const void *>(accountName)), accountNameLength);
+ item->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account);
+ // @@@ We should probably leave setting of label up to lower level code.
+ item->setAttribute(Schema::attributeInfo(kSecLabelItemAttr), account);
+ }
+
+ if (securityDomain && securityDomainLength)
+ item->setAttribute(Schema::attributeInfo(kSecSecurityDomainItemAttr),
+ CssmData(const_cast<void *>(reinterpret_cast<const void *>(securityDomain)), securityDomainLength));
+
+ item->setAttribute(Schema::attributeInfo(kSecPortItemAttr), UInt32(port));
+ item->setAttribute(Schema::attributeInfo(kSecProtocolItemAttr), protocol);
+ item->setAttribute(Schema::attributeInfo(kSecAuthenticationTypeItemAttr), authenticationType);
+
+ if (path && pathLength)
+ item->setAttribute(Schema::attributeInfo(kSecPathItemAttr),
+ CssmData(const_cast<void *>(reinterpret_cast<const void *>(path)), pathLength));
+
+ Keychain::optional(keychainRef)->add(item);
+ if (itemRef)
+ *itemRef = gTypes().item.handle(*item);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainFindInternetPassword(CFTypeRef keychainOrArray, UInt32 serverNameLength, const char *serverName, UInt32 securityDomainLength, const char *securityDomain, UInt32 accountNameLength, const char *accountName, UInt32 pathLength, const char *path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef)
+
+{
+ BEGIN_SECAPI
+
+ StorageManager::KeychainList keychains;
+ globals().storageManager.optionalSearchList(keychainOrArray, keychains);
+ KCCursor cursor(keychains, kSecInternetPasswordItemClass, NULL);
+
+ if (serverName && serverNameLength)
+ {
+ cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecServerItemAttr),
+ CssmData(const_cast<char *>(serverName), serverNameLength));
+ }
+
+ if (securityDomain && securityDomainLength)
+ {
+ cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecSecurityDomainItemAttr),
+ CssmData (const_cast<char*>(securityDomain), securityDomainLength));
+ }
+
+ if (accountName && accountNameLength)
+ {
+ cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecAccountItemAttr),
+ CssmData (const_cast<char*>(accountName), accountNameLength));
+ }
+
+ if (port)
+ {
+ cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecPortItemAttr),
+ UInt32(port));
+ }
+
+ if (protocol)
+ {
+ cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecProtocolItemAttr),
+ protocol);
+ }
+
+ if (authenticationType)
+ {
+ cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecAuthenticationTypeItemAttr),
+ authenticationType);
+ }
+
+ if (path && pathLength)
+ {
+ cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecPathItemAttr), path);
+ }
+
+ Item item;
+ if (!cursor->next(item))
+ return errSecItemNotFound;
+
+ // Get its data (only if necessary)
+ if (passwordData || passwordLength)
+ {
+ CssmDataContainer outData;
+ item->getData(outData);
+ *passwordLength=outData.length();
+ outData.Length=0;
+ *passwordData=outData.data();
+ outData.Data=NULL;
+ }
+
+ if (itemRef)
+ *itemRef=gTypes().item.handle(*item);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainAddGenericPassword(SecKeychainRef keychainRef, UInt32 serviceNameLength, const char *serviceName, UInt32 accountNameLength, const char *accountName, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef)
+
+{
+ BEGIN_SECAPI
+
+ KCThrowParamErrIf_(passwordLength!=0 && passwordData==NULL);
+ // @@@ Get real itemClass
+ Item item(kSecGenericPasswordItemClass, 'aapl', passwordLength, passwordData);
+
+ if (serviceName && serviceNameLength)
+ item->setAttribute(Schema::attributeInfo(kSecServiceItemAttr), CssmData(const_cast<void *>(reinterpret_cast<const void *>(serviceName)), serviceNameLength));
+
+ if (accountName && accountNameLength)
+ {
+ CssmData account(const_cast<void *>(reinterpret_cast<const void *>(accountName)), accountNameLength);
+ item->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account);
+ // @@@ We should probably leave setting of label up to lower level code.
+ item->setAttribute(Schema::attributeInfo(kSecLabelItemAttr), account);
+ }
+
+ Keychain::optional(keychainRef)->add(item);
+ if (itemRef)
+ *itemRef = gTypes().item.handle(*item);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainFindGenericPassword(CFTypeRef keychainOrArray, UInt32 serviceNameLength, const char *serviceName, UInt32 accountNameLength, const char *accountName, UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef)
+
+{
+ BEGIN_SECAPI
+
+ StorageManager::KeychainList keychains;
+ globals().storageManager.optionalSearchList(keychainOrArray, keychains);
+ KCCursor cursor(keychains, kSecGenericPasswordItemClass, NULL);
+
+ if (serviceName && serviceNameLength)
+ {
+ cursor->add (CSSM_DB_EQUAL, Schema::attributeInfo(kSecServiceItemAttr),
+ const_cast<char*>(serviceName));
+ }
+
+ if (accountName && accountNameLength)
+ {
+ cursor->add (CSSM_DB_EQUAL, Schema::attributeInfo(kSecAccountItemAttr),
+ const_cast<char*>(accountName));
+ }
+
+ Item item;
+ if (!cursor->next(item))
+ return errSecItemNotFound;
+
+ // Get its data (only if necessary)
+ if (passwordData || passwordLength)
+ {
+ CssmDataContainer outData;
+ item->getData(outData);
+ *passwordLength=outData.length();
+ outData.Length=0;
+ *passwordData=outData.data();
+ outData.Data=NULL;
+ }
+
+ if (itemRef)
+ *itemRef=gTypes().item.handle(*item);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainSetUserInteractionAllowed(Boolean state)
+{
+ BEGIN_SECAPI
+
+ globals().setUserInteractionAllowed(state);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainGetUserInteractionAllowed(Boolean *state)
+{
+ BEGIN_SECAPI
+
+ Required(state)=globals().getUserInteractionAllowed();
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainGetDLDBHandle(SecKeychainRef keychainRef, CSSM_DL_DB_HANDLE *dldbHandle)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(dldbHandle);
+
+ Keychain keychain = Keychain::optional(keychainRef);
+ *dldbHandle = keychain->database()->handle();
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainGetCSPHandle(SecKeychainRef keychainRef, CSSM_CSP_HANDLE *cspHandle)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(cspHandle);
+
+ Keychain keychain = Keychain::optional(keychainRef);
+ *cspHandle = keychain->csp()->handle();
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainCopyAccess(SecKeychainRef keychainRef, SecAccessRef *accessRef)
+{
+ BEGIN_SECAPI
+
+ MacOSError::throwMe(unimpErr);//%%%for now
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainSetAccess(SecKeychainRef keychainRef, SecAccessRef accessRef)
+{
+ BEGIN_SECAPI
+
+ MacOSError::throwMe(unimpErr);//%%%for now
+
+ END_SECAPI
+}
+
+
+#pragma mark ---- Private API ----
+
+
+OSStatus
+SecKeychainChangePassword(SecKeychainRef keychainRef, UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword)
+{
+ BEGIN_SECAPI
+
+ Keychain keychain = Keychain::optional(keychainRef);
+ keychain->changePassphrase (oldPasswordLength, oldPassword, newPasswordLength, newPassword);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainCopyLogin(SecKeychainRef *keychainRef)
+{
+ BEGIN_SECAPI
+
+ // NOTE: operates on default Keychain! It shouldn't... we want to
+ // have code that operates of a login keychain.
+ RequiredParam(keychainRef)=gTypes().keychain.handle(*globals().defaultKeychain.keychain());
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainLogin(UInt32 nameLength, void* name, UInt32 passwordLength, void* password)
+{
+ BEGIN_SECAPI
+
+ globals().storageManager.login(nameLength, name, passwordLength, password);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainLogout()
+{
+ BEGIN_SECAPI
+
+ globals().storageManager.logout();
+
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecKeychain
+ SecKeychain implements a repository for securely storing items with publicly visible attributes by which to find the items.
+*/
+
+#ifndef _SECURITY_SECKEYCHAIN_H_
+#define _SECURITY_SECKEYCHAIN_H_
+
+#include <Security/SecBase.h>
+#include <Security/cssmapple.h>
+#include <CoreFoundation/CFArray.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @enum KeychainStatus
+ @abstract Defines the current status of a keychain.
+ @constant kSecUnlockStateStatus Indicates the keychain is unlocked.
+ @constant kSecReadPermStatus Indicates the keychain is readable.
+ @constant kSecWritePermStatus Indicates the keychain is writable.
+*/
+enum
+{
+ kSecUnlockStateStatus = 1,
+ kSecReadPermStatus = 2,
+ kSecWritePermStatus = 4
+};
+
+#define SEC_KEYCHAIN_SETTINGS_VERS1 1
+
+/*!
+ @typedef SecKeychainSettings
+ @abstract Contains keychain settings.
+ @field version An unsigned 32-bit integer representing the keychain version.
+ @field lockOnSleep A boolean value indicating whether the keychain locks when the system sleeps.
+ @field useLockInterval A boolean value indicating whether the keychain automatically locks after a certain period of time.
+ @field lockInterval An unsigned 32-bit integer representing the number of seconds before the keychain locks.
+*/
+struct SecKeychainSettings
+{
+ UInt32 version;
+ Boolean lockOnSleep;
+ Boolean useLockInterval;
+ UInt32 lockInterval;
+};
+typedef struct SecKeychainSettings SecKeychainSettings;
+
+/*!
+ @typedef SecAuthenticationType
+ @abstract Represents the type of authentication to use for an Internet password.
+*/
+typedef FourCharCode SecAuthenticationType;
+
+/*!
+ @enum AuthenticationConstants
+ @abstract Defines constants you can use to identify the type of authentication to use for an Internet password.
+ @constant kSecAuthenticationTypeNTLM Specifies Windows NT LAN Manager authentication.
+ @constant kSecAuthenticationTypeMSN Specifies Microsoft Network default authentication.
+ @constant kSecAuthenticationTypeDPA Specifies Distributed Password authentication.
+ @constant kSecAuthenticationTypeRPA Specifies Remote Password authentication.
+ @constant kSecAuthenticationTypeHTTPDigest Specifies HTTP Digest Access authentication.
+ @constant kSecAuthenticationTypeDefault Specifies the default authentication type.
+*/
+enum
+{
+ kSecAuthenticationTypeNTLM = 'ntlm',
+ kSecAuthenticationTypeMSN = 'msna',
+ kSecAuthenticationTypeDPA = 'dpaa',
+ kSecAuthenticationTypeRPA = 'rpaa',
+ kSecAuthenticationTypeHTTPDigest = 'httd',
+ kSecAuthenticationTypeDefault = 'dflt'
+};
+
+/*!
+ @typedef SecProtocolType
+ @abstract Represents the protocol type associated with an AppleShare or Internet password.
+*/
+typedef FourCharCode SecProtocolType;
+
+/*!
+ @enum ProtocolTypeConstants
+ @abstract Defines the protocol type associated with an AppleShare or Internet password.
+ @constant kSecProtocolTypeFTP Indicates FTP.
+ @constant kSecProtocolTypeFTPAccount Indicates FTP Account.
+ @constant kSecProtocolTypeHTTP Indicates HTTP.
+ @constant kSecProtocolTypeIRC Indicates IRC.
+ @constant kSecProtocolTypeNNTP Indicates NNTP.
+ @constant kSecProtocolTypePOP3 Indicates POP3.
+ @constant kSecProtocolTypeSMTP Indicates SMTP.
+ @constant kSecProtocolTypeSOCKS Indicates SOCKS.
+ @constant kSecProtocolTypeIMAP Indicates IMAP.
+ @constant kSecProtocolTypeLDAP Indicates LDAP.
+ @constant kSecProtocolTypeAppleTalk Indicates AFP over AppleTalk.
+ @constant kSecProtocolTypeAFP Indicates AFP.
+ @constant kSecProtocolTypeTelnet Indicates Telnet.
+ @constant kSecProtocolTypeSSH Indicates SSH.
+*/
+enum
+{
+ kSecProtocolTypeFTP = 'ftp ',
+ kSecProtocolTypeFTPAccount = 'ftpa',
+ kSecProtocolTypeHTTP = 'http',
+ kSecProtocolTypeIRC = 'irc ',
+ kSecProtocolTypeNNTP = 'nntp',
+ kSecProtocolTypePOP3 = 'pop3',
+ kSecProtocolTypeSMTP = 'smtp',
+ kSecProtocolTypeSOCKS = 'sox ',
+ kSecProtocolTypeIMAP = 'imap',
+ kSecProtocolTypeLDAP = 'ldap',
+ kSecProtocolTypeAppleTalk = 'atlk',
+ kSecProtocolTypeAFP = 'afp ',
+ kSecProtocolTypeTelnet = 'teln',
+ kSecProtocolTypeSSH = 'ssh '
+};
+
+/*!
+ @typedef SecKeychainEvent
+ @abstract Represents an event in which the state of a keychain or one of its items changed.
+*/
+typedef UInt32 SecKeychainEvent;
+
+/*!
+ @enum KeychainEventConstants
+ @abstract Defines the keychain-related event.
+ @constant kSecLockEvent Indicates a keychain was locked.
+ @constant kSecUnlockEvent Indicates a keychain was unlocked.
+ @constant kSecAddEvent Indicates an item was added to a keychain.
+ @constant kSecDeleteEvent Indicates an item was deleted from a keychain.
+ @constant kSecUpdateEvent Indicates a keychain item was updated.
+ @constant kSecPasswordChangedEvent Indicates the keychain password was changed.
+ @constant kSecDefaultChangedEvent Indicates that a different keychain was specified as the default.
+ @constant kSecDataAccessEvent Indicates a process has accessed a keychain item's data.
+ @constant kSecKeychainListChangedEvent Indicates the list of keychains has changed.
+*/
+enum
+{
+ kSecLockEvent = 1,
+ kSecUnlockEvent = 2,
+ kSecAddEvent = 3,
+ kSecDeleteEvent = 4,
+ kSecUpdateEvent = 5,
+ kSecPasswordChangedEvent = 6,
+ kSecDefaultChangedEvent = 9,
+ kSecDataAccessEvent = 10,
+ kSecKeychainListChangedEvent = 11
+};
+
+/*!
+ @typedef SecKeychainEventMask
+ @abstract Represents a bit mask of keychain events
+*/
+typedef UInt32 SecKeychainEventMask;
+
+/*!
+ @enum KeychainEventConstants
+ @abstract Defines keychain event constants
+ @constant kSecLockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is locked.
+ @constant kSecUnlockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is unlocked.
+ @constant kSecAddEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is added to a keychain.
+ @constant kSecDeleteEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is deleted from a keychain.
+ @constant kSecUpdateEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain item is updated.
+ @constant kSecPasswordChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when the keychain password is changed.
+ @constant kSecDefaultChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when a different keychain is specified as the default.
+ @constant kSecDataAccessEventMask If the bit specified by this mask is set, your callback function will be invoked when a process accesses a keychain item's data.
+ @constant kSecEveryEventMask If all the bits are set, your callback function will be invoked whenever any event occurs.
+*/
+enum
+{
+ kSecLockEventMask = 1 << kSecLockEvent,
+ kSecUnlockEventMask = 1 << kSecUnlockEvent,
+ kSecAddEventMask = 1 << kSecAddEvent,
+ kSecDeleteEventMask = 1 << kSecDeleteEvent,
+ kSecUpdateEventMask = 1 << kSecUpdateEvent,
+ kSecPasswordChangedEventMask = 1 << kSecPasswordChangedEvent,
+ kSecDefaultChangedEventMask = 1 << kSecDefaultChangedEvent,
+ kSecDataAccessEventMask = 1 << kSecDataAccessEvent,
+ kSecKeychainListChangedMask = 1 << kSecKeychainListChangedEvent,
+ kSecEveryEventMask = 0xffffffff
+};
+
+/*!
+ @typedef SecKeychainCallbackInfo
+ @abstract Contains information about a keychain event.
+ @field version The version of this structure.
+ @field item A reference to the keychain item associated with this event, if any. Note that some events do not involve a particular keychain item.
+ @field keychain A reference to the keychain in which the event occurred.
+ @field pid The id of the process that generated this event.
+ @discussion The SecKeychainCallbackInfo type represents a structure that contains information about the keychain event for which your application is being notified. For information on how to write a keychain event callback function, see SecKeychainCallback.
+*/
+struct SecKeychainCallbackInfo
+{
+ UInt32 version;
+ SecKeychainItemRef item;
+ SecKeychainRef keychain;
+ pid_t pid;
+};
+typedef struct SecKeychainCallbackInfo SecKeychainCallbackInfo;
+
+/*!
+ @function SecKeychainGetTypeID
+ @abstract Returns the type identifier of SecKeychain instances.
+ @result The CFTypeID of SecKeychain instances.
+*/
+CFTypeID SecKeychainGetTypeID(void);
+
+/*!
+ @function SecKeychainGetVersion
+ @abstract Determines the version of the Keychain Manager installed on the userÕs system.
+ @param returnVers On return, a pointer to the version number of the Keychain Manager installed on the current system.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainGetVersion(UInt32 *returnVers);
+
+#pragma mark ÑÑÑÑ Keychain Management ÑÑÑÑ
+/*!
+ @function SecKeychainOpen
+ @abstract Opens a keychain.
+ @param pathName The POSIX path to a keychain.
+ @param keychain On return, a pointer to the keychain reference. The memory that keychain occupies must be released by calling CFRelease when finished with it.
+ @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain parameter is invalid (NULL).
+*/
+OSStatus SecKeychainOpen(const char *pathName, SecKeychainRef *keychain);
+
+/*!
+ @function SecKeychainCreateNew
+ @abstract Creates a new keychain.
+ @param pathName The POSIX path to a keychain file.
+ @param passwordLength An unsigned 32-bit integer representing the length of the password buffer.
+ @param password A pointer to the buffer containing the password. The password must be in canonical UTF8 encoding.
+ @param promptUser A boolean representing whether to display a password dialog to the user.
+ @param initialAccess An access reference.
+ @param keychain On return, a pointer to a keychain reference. The memory that keychain occupies must be released by calling CFRelease when finished with it.
+ @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain parameter is invalid (NULL).
+*/
+OSStatus SecKeychainCreate(const char *pathName, UInt32 passwordLength, const void *password, Boolean promptUser, SecAccessRef initialAccess, SecKeychainRef *keychain);
+
+/*!
+ @function SecKeychainDelete
+ @abstract Deletes a keychain from the default searchlist, and removes the keychain itself if it is a file.
+ @param keychain A pointer to a keychain reference.
+ @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain parameter is invalid (NULL).
+*/
+OSStatus SecKeychainDelete(SecKeychainRef keychain);
+
+/*!
+ @function SecKeychainSetSettings
+ @abstract Changes the settings of a keychain.
+ @param keychain A reference to a keychain.
+ @param newSettings A pointer to the new keychain settings.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainSetSettings(SecKeychainRef keychain, const SecKeychainSettings *newSettings);
+
+/*!
+ @function SecKeychainCopySettings
+ @abstract Copy the keychain settings.
+ @param keychain A reference to the keychain from which to copy its settings.
+ @param outSettings A pointer to a keychain settings structure. Since this structure is versioned, you must preallocate it and fill in the version of the structure.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainCopySettings(SecKeychainRef keychain, SecKeychainSettings *outSettings);
+
+/*!
+ @function SecKeychainUnlock
+ @abstract Unlocks the specified keychain.
+ @param keychain A reference to the keychain to unlock. Pass NULL to specify the default keychain. If you pass NULL and the default keychain is currently locked, the keychain will appear as the default choice. If you pass a locked keychain, SecKeychainUnlock will use the password provided to unlock it. If the default keychain is currently unlocked, SecKeychainUnlock returns noErr.
+ @param passwordLength An unsigned 32-bit integer representing the length of the password buffer.
+ @param password A buffer containing the password for the keychain. Pass NULL if the user password is unknown. In this case, SecKeychainUnlock displays the Unlock Keychain dialog box, and the authentication user interface associated with the keychain about to be unlocked.
+ @param usePassword A boolean indicating whether the password parameter is used. You should pass TRUE if it is used or FALSE if it is ignored.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion In most cases, your application does not need to call the SecKeychainUnlock function directly, since most Keychain Manager functions that require an unlocked keychain call SecKeychainUnlock automatically. If your application needs to verify that a keychain is unlocked, call the function SecKeychainGetStatus.
+*/
+OSStatus SecKeychainUnlock(SecKeychainRef keychain, UInt32 passwordLength, void *password, Boolean usePassword);
+
+/*!
+ @function SecKeychainLock
+ @abstract Locks the specified keychain.
+ @param keychain A reference to the keychain to lock.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainLock(SecKeychainRef keychain);
+
+/*!
+ @function SecKeychainLockAll
+ @abstract Locks all keychains belonging to the current user.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainLockAll(void);
+
+/*!
+ @function SecKeychainCopyDefault
+ @abstract Retrieves a reference to the default keychain.
+ @param keychain On return, a pointer to the default keychain reference.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainCopyDefault(SecKeychainRef *keychain);
+
+/*!
+ @function SecKeychainSetDefault
+ @abstract Sets the default keychain.
+ @param keychain A reference to the keychain to set as default.
+ @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain parameter is invalid (NULL).
+*/
+OSStatus SecKeychainSetDefault(SecKeychainRef keychain);
+
+/*!
+ @function SecKeychainCopySearchList
+ @abstract Retrieves a keychain search list.
+ @param searchList The returned list of keychains to search. When finished with the array, you must call CFRelease() to release the memory.
+ @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain list is not specified (NULL).
+*/
+OSStatus SecKeychainCopySearchList(CFArrayRef *searchList);
+
+/*!
+ @function SecKeychainSetSearchList
+ @abstract Specifies the list of keychains to use in a keychain search list.
+ @param searchList The list of keychains to use in a search list when the SecKeychainCopySearchList function is called.
+ @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if the keychain list is not specified (NULL).
+*/
+OSStatus SecKeychainSetSearchList(CFArrayRef searchList);
+
+/*!
+ @function SecKeychainGetStatus
+ @abstract Retrieves status information for the specified keychain.
+ @param keychain A keychain reference. Pass NULL to specify the default keychain.
+ @param keychainStatus On return, a pointer to the status of the specified keychain. See KeychainStatus for valid status constants.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainGetStatus(SecKeychainRef keychain, SecKeychainStatus *keychainStatus);
+
+/*!
+ @function SecKeychainGetPath
+ @abstract Get the path of the specified keychain.
+ @param keychain A reference to a keychain.
+ @param ioPathLength On input, a pointer to the size or the buffer pointed to by pathName. On return, the size of the buffer without the zero termination.
+ @param pathName On return, the POSIX path to the keychain.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainGetPath(SecKeychainRef keychain, UInt32 *ioPathLength, char *pathName);
+
+#pragma mark ÑÑÑÑ Keychain Item Attribute Information ÑÑÑÑ
+/*!
+ @function SecKeychainAttributeInfoForItemID
+ @abstract Obtains tags for all possible attributes for a given item class.
+ @param keychain A keychain reference.
+ @param itemID The relation identifier of the item tags.
+ @param info On return, a pointer to the keychain attribute information. User should call the SecKeychainFreeAttributeInfo function to release the structure when done with it.
+ @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters were supplied (NULL).
+ @discussion Warning, this call returns more attributes than are support by the old style Keychain API and passing them into older calls will yield an invalid attribute error. The recommended call to retrieve the attribute values is the SecKeychainItemCopyAttributesAndData function.
+*/
+OSStatus SecKeychainAttributeInfoForItemID(SecKeychainRef keychain, UInt32 itemID, SecKeychainAttributeInfo **info);
+
+/*!
+ @function SecKeychainFreeAttributeInfo
+ @abstract Releases the memory acquired by calling the SecKeychainAttributeInfoForItemID function.
+ @param info A pointer to the keychain attribute information to release.
+ @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters were supplied (NULL).
+*/
+OSStatus SecKeychainFreeAttributeInfo(SecKeychainAttributeInfo *info);
+
+#pragma mark ÑÑÑÑ Keychain Manager Callbacks ÑÑÑÑ
+
+/*!
+ @typedef SecKeychainCallback
+ @abstract Defines a pointer to a customized callback function. You supply the customized callback function to do a callback tailored to your application's needs.
+ @param keychainEvent The keychain event that your application wishes to be notified of. See SecKeychainEvent for a description of possible values. The type of event that can trigger your callback depends on the bit mask you passed in the eventMask parameter of the function SecKeychainAddCallback. For more information, see the discussion.
+ @param info A pointer to a structure of type SecKeychainCallbackInfo. On return, the structure contains information about the keychain event that occurred. The Keychain Manager passes this information to your callback function via the info parameter.
+ @param context A pointer to application-defined storage that your application previously passed to the function SecKeychainAddCallback. You can use this value to perform operations like track which instance of a function is operating.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion If you name your function MyKeychainEventCallback, you would declare it like this:
+ OSStatus MyKeychainEventCallback (
+ SecKeychainEvent keychainEvent,
+ SecKeychainCallbackInfo *info,
+ void *context);
+
+ To add your callback function, use the SecKeychainAddCallback function. To remove your callback function, use the SecKeychainRemoveCallback function.
+*/
+typedef OSStatus (*SecKeychainCallback)(SecKeychainEvent keychainEvent, SecKeychainCallbackInfo *info, void *context);
+
+/*!
+ @function SecKeychainAddCallback
+ @abstract Registers your keychain event callback function
+ @param callbackFunction A pointer to your keychain event callback function, described in SecKeychainCallback. You indicate the type of keychain events you want to receive by passing a bit mask of the desired events in the eventMask parameter.
+ @param eventMask A bit mask indicating the keychain events that your application wishes to be notified of. See SecKeychainEventMask for a description of this bit mask. The Keychain Manager tests this mask to determine the keychain events that you wish to receive, and passes these events in the keychainEvent parameter of your callback function. See SecKeychainEvent for a description of these events.
+ @param userContext A pointer to application-defined storage that will be passed to your callback function. Your application can use this to associate any particular call of SecKeychainAddCallback with any particular call of your keychain event callback function.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainAddCallback(SecKeychainCallback callbackFunction, SecKeychainEventMask eventMask, void* userContext);
+
+/*!
+ @function SecKeychainRemoveCallback
+ @abstract Unregisters your keychain event callback function. Once removed, keychain events won't be sent to the owner of the callback.
+ @param callbackFunction The callback function pointer to remove
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainRemoveCallback(SecKeychainCallback callbackFunction);
+
+#pragma mark ÑÑÑÑ High Level Keychain Manager Calls ÑÑÑÑ
+/*!
+ @function SecKeychainAddInternetPassword
+ @abstract Adds an internet password as a keychain item to the specified keychain.
+ @param keychain A reference to keychain in which to store an internet password.
+ @param serverNameLength The length of the buffer pointed to by server name.
+ @param serverName A pointer to a string containing the server name.
+ @param securityDomainLength The length of the buffer pointed to by security domain.
+ @param securityDomain A pointer to a string containing the security domain. This parameter is optional, as not all protocols will require it.
+ @param accountNameLength The length of the buffer pointed to by account name.
+ @param accountName A pointer to a string containing the account name.
+ @param pathLength The length of the buffer pointed to by path.
+ @param path A pointer to a string containing the path.
+ @param port The TCP/IP port number.
+ @param protocol The protocol associated with this password. See SecProtocolType for a description of possible values.
+ @param authenticationType The authentication scheme used. See SecAuthenticationType for a description of possible values. Pass the constant kSecAuthenticationTypeDefault, to specify the default authentication scheme.
+ @param passwordLength The length of the buffer pointed to by passwordData.
+ @param passwordData A pointer to a buffer which will hold the returned password data. Before calling SecKeychainAddInternetPassword, allocate enough memory for the buffer to hold the data you want to store.
+ @param itemRef On return, a pointer to the new keychain item.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion The SecKeychainAddInternetPassword function adds a new internet server password to the default keychain. Required parameters to identify the password are serverName and accountName (you cannot pass NULL for both parameters). In addition, some protocols may require an optional securityDomain when authentication is requested. SecKeychainAddInternetPassword optionally returns a reference to the newly added item.
+*/
+OSStatus SecKeychainAddInternetPassword(SecKeychainRef keychain, UInt32 serverNameLength, const char *serverName, UInt32 securityDomainLength, const char *securityDomain, UInt32 accountNameLength, const char *accountName, UInt32 pathLength, const char *path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef);
+
+/*!
+ @function SecKeychainFindInternetPassword
+ @abstract Finds an internet password based on the attributes passed.
+ @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list.
+ @param serverNameLength The length of the buffer pointed to by server name.
+ @param serverName A pointer to a string containing the server name.
+ @param securityDomainLength The length of the buffer pointed to by security domain.
+ @param securityDomain A pointer to a string containing the security domain. This parameter is optional, as not all protocols will require it.
+ @param accountNameLength The length of the buffer pointed to by account name.
+ @param accountName A pointer to a string containing the account name.
+ @param pathLength The length of the buffer pointed to by path.
+ @param path A pointer to a string containing the path.
+ @param port The TCP/IP port number.
+ @param protocol The protocol associated with this password. See SecProtocolType for a description of possible values.
+ @param authenticationType The authentication scheme used. See SecAuthenticationType for a description of possible values. Pass the constant kSecAuthenticationTypeDefault, to specify the default authentication scheme.
+ @param passwordLength The length of the buffer pointed to by passwordData.
+ @param passwordData A pointer to a buffer which will hold the returned password data. Before calling SecKeychainFindInternetPassword, allocate enough memory for the buffer to hold the data you want to store.
+ @param itemRef The item reference of the internet password.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion The SecKeychainFindInternetPassword function finds the first internet password item which matches the attributes you provide. The buffer specified in the passwordData parameter must be large enough to hold the password data, otherwise SecKeychainFindInternetPassword returns the result code errSecBufferTooSmall. In this case, your application must allocate a new buffer of sufficient size before calling SecKeychainFindInternetPassword again. SecKeychainFindInternetPassword optionally returns a reference to the found item.
+
+*/
+OSStatus SecKeychainFindInternetPassword(CFTypeRef keychainOrArray, UInt32 serverNameLength, const char *serverName, UInt32 securityDomainLength, const char *securityDomain, UInt32 accountNameLength, const char *accountName, UInt32 pathLength, const char *path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef);
+
+/*!
+ @function SecKeychainAddGenericPassword
+ @abstract Adds a generic password to the specified keychain.
+ @param keychain A reference to keychain in which to store a generic password.
+ @param serviceNameLength The length of the buffer pointed to by service name.
+ @param serviceName A pointer to a string containing the service name.
+ @param accountNameLength The length of the buffer pointed to by account name.
+ @param accountName A pointer to a string containing the account name.
+ @param passwordLength The length of the buffer pointed to by passwordData.
+ @param passwordData A pointer to a buffer which will hold the returned password data. Before calling SecKeychainAddInternetPassword, allocate enough memory for the buffer to hold the data you want to store.
+ @param itemRef On return, a pointer to the new keychain item reference.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion The SecKeychainAddGenericPassword function adds a new generic password to the default keychain. Required parameters to identify the password are serviceName and accountName, which are application-defined strings. SecKeychainAddGenericPassword optionally returns a reference to the newly added item.
+
+ You can use SecKeychainAddGenericPassword to add passwords for accounts other than Internet or Appleshare. For example, you might add passwords for your database or scheduling programs.
+*/
+OSStatus SecKeychainAddGenericPassword(SecKeychainRef keychain, UInt32 serviceNameLength, const char *serviceName, UInt32 accountNameLength, const char *accountName, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef);
+
+/*!
+ @function SecKeychainFindGenericPassword
+ @abstract Find a generic password based on the attributes passed.
+ @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list.
+ @param serviceNameLength The length of the buffer pointed to by service name.
+ @param serviceName A pointer to a string containing the service name.
+ @param accountNameLength The length of the buffer pointed to by account name.
+ @param accountName A pointer to a string containing the account name.
+ @param passwordLength The length of the buffer pointed to by passwordData.
+ @param passwordData A pointer to a buffer which will hold the returned password data. Before calling SecKeychainAddInternetPassword, allocate enough memory for the buffer to hold the data you want to store.
+ @param itemRef On return, a pointer to the new keychain item reference.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion The SecKeychainFindGenericPassword function finds the first generic password item which matches the attributes you provide. The buffer specified in the passwordData parameter must be large enough to hold the password data, otherwise SecKeychainFindGenericPassword returns the result code errSecBufferTooSmall. In this case, your application must allocate a new buffer of sufficient size before calling SecKeychainFindGenericPassword again. SecKeychainFindGenericPassword optionally returns a reference to the found item.
+*/
+OSStatus SecKeychainFindGenericPassword(CFTypeRef keychainOrArray, UInt32 serviceNameLength, const char *serviceName, UInt32 accountNameLength, const char *accountName, UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef);
+
+#pragma mark ÑÑÑÑ Managing User Interaction ÑÑÑÑ
+/*!
+ @function SecKeychainSetUserInteractionAllowed
+ @abstract Turns on or off any optional user interaction
+ @param state A boolean representing the state of user interaction. You should pass TRUE to allow user interaction, and FALSE to disallow user interaction
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainSetUserInteractionAllowed(Boolean state);
+
+/*!
+ @function SecKeychainGetUserInteractionAllowed
+ @abstract Retrieves the current state of user interaction.
+ @param state On return, a pointer to the current state of user interaction. If this is TRUE then user interaction is allowed, if it is FALSE, then user interaction is not allowed.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainGetUserInteractionAllowed(Boolean *state);
+
+#pragma mark ÑÑÑÑ CSSM Bridge Functions ÑÑÑÑ
+/*!
+ @function SecKeychainGetCSPHandle
+ @abstract Returns the CSSM_CSP_HANDLE attachment for the given keychain reference. The handle is valid until the keychain reference is released.
+ @param keychain A keychain reference.
+ @param cspHandle On return, a pointer to the CSSM_CSP_HANDLE for the given keychain.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainGetCSPHandle(SecKeychainRef keychain, CSSM_CSP_HANDLE *cspHandle);
+
+/*!
+ @function SecKeychainGetDLDBHandle
+ @abstract Returns the CSSM_DL_DB_HANDLE for a given keychain reference. The handle is valid until the keychain reference is released.
+ @param keychain A keychain reference.
+ @param dldbHandle On return, a pointer to the CSSM_DL_DB_HANDLE for the given keychain.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainGetDLDBHandle(SecKeychainRef keychain, CSSM_DL_DB_HANDLE *dldbHandle);
+
+#pragma mark ÑÑÑÑ Keychain Access Management ÑÑÑÑ
+/*!
+ @function SecKeychainCopyAccess
+ @abstract Retrieves the access for a keychain.
+ @param keychain A reference to the keychain from which to copy the access.
+ @param accessRef On return, a pointer to the access reference.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainCopyAccess(SecKeychainRef keychain, SecAccessRef *access);
+
+/*!
+ @function SecKeychainSetAccess
+ @abstract Sets the access for a keychain.
+ @param keychain A reference to the keychain for which to set the access.
+ @param accessRef An access reference.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainSetAccess(SecKeychainRef keychain, SecAccessRef access);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECKEYCHAIN_H_ */
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
* specific language governing rights and limitations under the License.
*/
-
/*
- * SecKeychainAPI.cpp
+ * SecKeychainAPI.h
* SecurityCore
*
- * Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved
+ * Copyright: (c) 2000-2002 by Apple Computer, Inc., all rights reserved
*
*/
+/*!
+ @header SecKeychainAPI The Security Keychain API contains all the APIs need to create a client and Keychain management application. It also contains a certificate, policy, identity and trust management API.
+
+ NOTE: Any function with Create or Copy in the name returns an object that must be released.
+*/
#include <Security/SecKeychainAPI.h>
-#include "SecKeychainAPIPriv.h"
-#include "Keychains.h"
-#include "Globals.h"
-#include "KCUtilities.h"
-#include "KCEventNotifier.h"
-#include "KCCursor.h"
-#include "CCallbackMgr.h"
-#include "KCExceptions.h"
-#include "Schema.h"
-#include <Security/globalizer.h>
-
-using namespace Security;
-
-using namespace KeychainCore;
-
-//
-// API boilerplate macros. These provide a frame for C++ code that is impermeable to exceptions.
-// Usage:
-// BEGIN_API
-// ... your C++ code here ...
-// END_API // returns CSSM_RETURN on exception
-// END_API0 // returns nothing (void) on exception
-// END_API1(bad) // return (bad) on exception
-//
-#define BEGIN_SECAPI \
- try { \
- StLock<Mutex> _(globals().apiLock);
-#define END_SECAPI \
- } \
- catch (const MacOSError &err) { return err.osStatus(); } \
- catch (const CssmCommonError &err) { return GetKeychainErrFromCSSMErr(err.cssmError())/*err.cssmError(CSSM_CSSM_BASE_ERROR)*/; } \
- catch (::std::bad_alloc) { return memFullErr; } \
- catch (...) { return internalComponentErr; } \
- return noErr;
-#define END_SECAPI0 } catch (...) { return; }
-#define END_SECAPI1(bad) } catch (...) { return bad; }
-
-
-OSStatus SecKeychainGetVersion(UInt32 *returnVers)
-{
- if (!returnVers) return noErr;
-
- *returnVers=0x02028000;
- return noErr;
-}
-
-
-OSStatus SecKeychainOpen(const char *pathName, SecKeychainRef *keychainRef)
-{
- BEGIN_SECAPI
- RequiredParam(keychainRef)=KeychainRef::handle(globals().storageManager.make(pathName));
- END_SECAPI
-}
-
-OSStatus SecKeychainCreateNew(const char *pathName, SecKeychainRef *keychainRef, UInt32 passwordLength, const void *password, Boolean promptUser)
-{
- BEGIN_SECAPI
-
- KCThrowParamErrIf_(!pathName);
-
- Keychain keychain = globals().storageManager.make(pathName);
-
- if(promptUser)
- {
- keychain->create();
- }
- else
- {
- KCThrowParamErrIf_(!password);
-
- keychain->create(passwordLength, password);
- }
- RequiredParam(keychainRef)=KeychainRef::handle(keychain);
-
- END_SECAPI
-}
-
-OSStatus SecKeychainDelete(SecKeychainRef keychainRef)
-{
- BEGIN_SECAPI
-
- Keychain keychain = Keychain::optional(keychainRef);
- keychain->database()->deleteDb();
-
- list<SecKeychainRef> SecKeychainRefToRemove;
- SecKeychainRefToRemove.push_back(keychainRef);
- KeychainCore::StorageManager &smgr=KeychainCore::globals().storageManager;
- smgr.remove(SecKeychainRefToRemove);
- return noErr;
-
- END_SECAPI
-
-
-}
-OSStatus SecKeychainSetSettings(SecKeychainRef keychainRef, const SecKeychainSettings *newSettings)
-{
- BEGIN_SECAPI
- Keychain keychain = Keychain::optional(keychainRef);
- if(newSettings->version==SEC_KEYCHAIN_SETTINGS_VERS1)
- {
- UInt32 lockInterval=newSettings->lockInterval;
- bool lockOnSleep=newSettings->lockOnSleep;
-
- keychain->setSettings(lockInterval, lockOnSleep);
- }
- END_SECAPI
-}
-
-
-OSStatus SecKeychainCopySettings(SecKeychainRef keychainRef, SecKeychainSettings *outSettings)
-{
- BEGIN_SECAPI
- Keychain keychain = Keychain::optional(keychainRef);
- if(outSettings->version==SEC_KEYCHAIN_SETTINGS_VERS1)
- {
- UInt32 lockInterval;
- bool lockOnSleep;
-
- keychain->getSettings(lockInterval, lockOnSleep);
- outSettings->lockInterval=lockInterval;
- outSettings->lockOnSleep=lockOnSleep;
- }
- END_SECAPI
-}
-
-
-OSStatus SecKeychainUnlock(SecKeychainRef keychainRef, UInt32 passwordLength, void *password, Boolean usePassword)
-{
- BEGIN_SECAPI
- Keychain keychain = Keychain::optional(keychainRef);
-
- if(usePassword)
- keychain->unlock(CssmData(password,passwordLength));
- else
- keychain->unlock();
- END_SECAPI
-}
-
-
-OSStatus SecKeychainLock(SecKeychainRef keychainRef)
-{
- BEGIN_SECAPI
- Keychain keychain = Keychain::optional(keychainRef);
- keychain->lock();
- END_SECAPI
-}
-
-
-OSStatus SecKeychainLockAll()
-{
- BEGIN_SECAPI
- globals().storageManager.lockAll();
- END_SECAPI
-}
-
+#include <Security/SecKeychainSearch.h>
+#include <Security/logging.h>
OSStatus SecKeychainRelease(SecKeychainRef keychainRef)
{
- BEGIN_SECAPI
- KeychainRef::release(keychainRef);
- END_SECAPI
-}
-
-
-OSStatus SecKeychainCopyDefault(SecKeychainRef *keychainRef)
-{
- BEGIN_SECAPI
- RequiredParam(keychainRef)=KeychainRef::handle(globals().defaultKeychain.keychain());
- END_SECAPI
-}
-
-
-OSStatus SecKeychainSetDefault(SecKeychainRef keychainRef)
-{
- BEGIN_SECAPI
- globals().defaultKeychain.keychain(Keychain::optional(keychainRef));
- END_SECAPI
-}
-
-
-OSStatus SecKeychainGetStatus(SecKeychainRef keychainRef, SecKeychainStatus *keychainStatus)
-{
- BEGIN_SECAPI
- RequiredParam(keychainStatus) = (SecKeychainStatus)Keychain::optional(keychainRef)->status();
- END_SECAPI
-}
-
-
-OSStatus SecKeychainGetPath(SecKeychainRef keychainRef, UInt32 * ioPathLength, char *pathName)
-{
- BEGIN_SECAPI
- RequiredParam(pathName);
- const char *name = Keychain::optional(keychainRef)->name();
- UInt32 nameLen = strlen(name);
- memcpy(pathName, name, *ioPathLength);
- if(nameLen < *ioPathLength) // if the size is smaller then the buffer
- *ioPathLength=nameLen; // set the length. otherwise the size is clipped because
- // the buffer is too small.
-
- END_SECAPI
-}
-
-
-UInt16 SecKeychainListGetCount(void)
-{
- BEGIN_SECAPI
- return globals().storageManager.size();
- END_SECAPI
-}
-
-
-OSStatus SecKeychainListCopyKeychainAtIndex(UInt16 index, SecKeychainRef *keychainRef)
-{
- BEGIN_SECAPI
- KeychainCore::StorageManager &smgr=KeychainCore::globals().storageManager;
- RequiredParam(keychainRef)=KeychainRef::handle(smgr[index]);
- END_SECAPI
-}
-
-OSStatus SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void *data, SecKeychainRef keychainRef, SecKeychainItemRef *itemRef)
-{
- BEGIN_SECAPI
- KCThrowParamErrIf_(length!=0 && data==NULL);
- Item item(itemClass, attrList, length, data);
- Keychain::optional(keychainRef)->add(item);
- if (itemRef)
- *itemRef = ItemRef::handle(item);
- END_SECAPI
-}
-
-OSStatus SecKeychainItemModifyContent(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data)
-{
- BEGIN_SECAPI
- Item item = ItemRef::required(itemRef);
- item->modifyContent(attrList, length, data);
- END_SECAPI
-}
-
-
-OSStatus SecKeychainItemCopyContent(SecKeychainItemRef itemRef, SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData)
-{
- BEGIN_SECAPI
- Item item = ItemRef::required(itemRef);
- item->getContent(itemClass, attrList, length, outData);
- END_SECAPI
-}
-
-OSStatus SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data)
-{
- BEGIN_SECAPI
- ItemImpl::freeContent(attrList, data);
- END_SECAPI
-}
-
-
-OSStatus SecKeychainAttributeInfoForItemID(SecKeychainRef keychainRef, UInt32 itemID, SecKeychainAttributeInfo **info)
-{
- BEGIN_SECAPI
- Keychain keychain = Keychain::optional(keychainRef);
- keychain->getAttributeInfoForItemID(itemID, info);
- END_SECAPI
-}
-
-OSStatus SecKeychainFreeAttributeInfo(SecKeychainAttributeInfo *info)
-{
- BEGIN_SECAPI
- KeychainImpl::freeAttributeInfo(info);
- END_SECAPI
-}
-
-OSStatus SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data)
-{
- BEGIN_SECAPI
- Item item = ItemRef::required(itemRef);
- item->modifyAttributesAndData(attrList, length, data);
- END_SECAPI
-}
+ if (!keychainRef)
+ return errSecInvalidKeychain;
-OSStatus SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData)
-{
- BEGIN_SECAPI
- Item item = ItemRef::required(itemRef);
- item->getAttributesAndData(info, itemClass, attrList, length, outData);
- END_SECAPI
-}
-
-OSStatus SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *data)
-{
- BEGIN_SECAPI
- ItemImpl::freeAttributesAndData(attrList, data);
- END_SECAPI
-}
-
-OSStatus SecKeychainItemDelete(SecKeychainItemRef itemRef)
-{
- BEGIN_SECAPI
- Item item = ItemRef::required( itemRef );
- Keychain keychain = item->keychain();
- KCThrowIf_( !keychain, errSecInvalidItemRef );
-
- keychain->deleteItem( item ); // item must be persistant.
- END_SECAPI
-}
-
-
-OSStatus SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef* keychainRef)
-{
- BEGIN_SECAPI
- Required(keychainRef) = KeychainRef::handle(ItemRef::required(itemRef)->keychain());
- END_SECAPI
-}
-
-
-OSStatus SecKeychainItemCreateCopy(SecKeychainItemRef itemRef, SecKeychainItemRef *itemCopy, SecKeychainRef destKeychainRef)
-{
- BEGIN_SECAPI
- Item copy = ItemRef::required(itemRef)->copyTo(Keychain::optional(destKeychainRef));
- if (itemCopy)
- *itemCopy = ItemRef::handle(copy);
- END_SECAPI
+ CFRelease(keychainRef);
+ return noErr;
}
-
OSStatus SecKeychainItemRelease(SecKeychainItemRef itemRef)
{
- BEGIN_SECAPI
- ItemRef::release(itemRef);
- END_SECAPI
-}
-
-OSStatus SecKeychainSearchCreateFromAttributes(SecKeychainRef keychainRef, SecItemClass itemClass, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef)
-{
- BEGIN_SECAPI
-
- Required(searchRef); // Make sure that searchRef is an invalid SearchRef
-
- KCCursor cursor;
- if (keychainRef)
- cursor = Keychain::optional(keychainRef)->createCursor(itemClass, attrList);
- else
- cursor = globals().storageManager.createCursor(itemClass, attrList);
-
- *searchRef = KCCursorRef::handle(cursor);
+ if (!itemRef)
+ return errSecInvalidItemRef;
- END_SECAPI
+ CFRelease(itemRef);
+ return noErr;
}
-
-
-OSStatus SecKeychainCopySearchNextItem(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef)
-{
- BEGIN_SECAPI
- RequiredParam(itemRef);
- Item item;
- if (!KCCursorRef::required(searchRef)->next(item))
- return errSecItemNotFound;
- *itemRef=ItemRef::handle(item);
- END_SECAPI
-}
-
OSStatus SecKeychainSearchRelease(SecKeychainSearchRef searchRef)
{
- BEGIN_SECAPI
- KCCursorRef::release(searchRef);
- END_SECAPI
-}
+ if (!searchRef)
+ return errSecInvalidSearchRef;
-
-OSStatus SecKeychainListRemoveKeychain(SecKeychainRef *keychainRef)
-{
- BEGIN_SECAPI
- list<SecKeychainRef> SecKeychainRefToRemove;
- SecKeychainRefToRemove.push_back(RequiredParam(keychainRef));
- StorageManager &smgr = globals().storageManager;
- smgr.remove(SecKeychainRefToRemove);
- return noErr;
- END_SECAPI
-}
-
-
-pascal OSStatus SecKeychainAddCallback(SecKeychainCallbackProcPtr callbackFunction, SecKeychainEventMask eventMask, void* userContext)
-{
- BEGIN_SECAPI
- RequiredParam(callbackFunction);
- CCallbackMgr::AddCallback(callbackFunction,eventMask,userContext);
- END_SECAPI
-}
-
-OSStatus SecKeychainRemoveCallback(SecKeychainCallbackProcPtr callbackFunction)
-{
- BEGIN_SECAPI
- RequiredParam(callbackFunction);
- CCallbackMgr::RemoveCallback(callbackFunction);
- END_SECAPI
-}
-
-
-// --- Private API
-
-OSStatus SecKeychainChangePassword(SecKeychainRef keychainRef, UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword)
-{
- BEGIN_SECAPI
- globals().storageManager.changeLoginPassword(oldPasswordLength, oldPassword, newPasswordLength, newPassword);
- END_SECAPI
-}
-
-OSStatus SecKeychainCopyLogin(SecKeychainRef *keychainRef)
-{
- BEGIN_SECAPI
- // NOTE: operates on default Keychain! It shouldn't... we want to
- // have code that operates of a login keychain.
- RequiredParam(keychainRef)=KeychainRef::handle(globals().defaultKeychain.keychain());
- END_SECAPI
-}
-
-
-OSStatus SecKeychainAddInternetPassword(SecKeychainRef keychainRef, UInt32 serverNameLength, char *serverName,
- UInt32 securityDomainLength, char *securityDomain, UInt32 accountNameLength, char *accountName,
- UInt32 pathLength, char *path, UInt16 port, OSType protocol, OSType authType,
- UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef)
-{
- BEGIN_SECAPI
- KCThrowParamErrIf_(passwordLength!=0 && passwordData==NULL);
- // @@@ Get real itemClass
- Item item(kSecInternetPasswordItemClass, 'aapl', passwordLength, passwordData);
-
- if (serverName && serverNameLength)
- item->setAttribute(Schema::attributeInfo(kSecServerItemAttr),
- CssmData(serverName, serverNameLength));
-
- if (accountName && accountNameLength)
- {
- CssmData account(accountName, accountNameLength);
- item->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account);
- // @@@ We should probably leave setting of label up to lower level code.
- item->setAttribute(Schema::attributeInfo(kSecLabelItemAttr), account);
- }
-
- if (securityDomain && securityDomainLength)
- item->setAttribute(Schema::attributeInfo(kSecSecurityDomainItemAttr),
- CssmData(securityDomain, securityDomainLength));
-
- item->setAttribute(Schema::attributeInfo(kSecPortItemAttr), UInt32(port));
- item->setAttribute(Schema::attributeInfo(kSecProtocolItemAttr), protocol);
- item->setAttribute(Schema::attributeInfo(kSecAuthTypeItemAttr), authType);
-
- if (path && pathLength)
- item->setAttribute(Schema::attributeInfo(kSecPathItemAttr),
- CssmData(path, pathLength));
-
- Keychain::optional(keychainRef)->add(item);
- if (itemRef)
- *itemRef = ItemRef::handle(item);
-
- END_SECAPI
-}
-
-OSStatus SecKeychainFindInternetPassword(SecKeychainRef keychainRef, UInt32 serverNameLength, char *serverName,
- UInt32 securityDomainLength, char *securityDomain, UInt32 accountNameLength, char *accountName,
- UInt32 pathLength, char *path, UInt16 port, OSType protocol, OSType authType,
- UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef)
-
-{
- BEGIN_SECAPI
-
-
- UInt32 attrCount = 0;
-
- // The number of attributes to search on depends on what was passed in
- if ( serverName && serverNameLength)
- attrCount++;
-
- if ( securityDomain && securityDomainLength )
- attrCount++;
-
- if ( accountName && accountNameLength)
- attrCount++;
-
- if ( port )
- attrCount++;
-
- if ( protocol )
- attrCount++;
-
- if ( authType )
- attrCount++;
-
- if ( path && pathLength )
- attrCount++;
-
- auto_array<SecKeychainAttribute> attrs(attrCount);
- attrCount = 0;
-
- if ( serverName && serverNameLength )
- {
- attrs[attrCount].tag = kSecServerItemAttr;
- attrs[attrCount].length = serverNameLength;
- attrs[attrCount].data = serverName;
- attrCount++;
- }
- if ( securityDomain && securityDomainLength )
- {
- attrs[attrCount].tag = kSecSecurityDomainItemAttr;
- attrs[attrCount].length = securityDomainLength;
- attrs[attrCount].data = securityDomain;
- attrCount++;
- }
- if ( accountName && accountNameLength )
- {
- attrs[attrCount].tag = kSecAccountItemAttr;
- attrs[attrCount].length = accountNameLength;
- attrs[attrCount].data = accountName;
- attrCount++;
- }
-
- if ( port )
- {
- attrs[attrCount].tag = kSecPortItemAttr;
- attrs[attrCount].length = sizeof( port );
- attrs[attrCount].data = &port;
- attrCount++;
- }
- if ( protocol )
- {
- attrs[attrCount].tag = kSecProtocolItemAttr;
- attrs[attrCount].length = sizeof( protocol );
- attrs[attrCount].data = &protocol;
- attrCount++;
- }
- if ( authType )
- {
- attrs[attrCount].tag = kSecAuthTypeItemAttr;
- attrs[attrCount].length = sizeof( authType );
- attrs[attrCount].data = &authType;
- attrCount++;
- }
-
- if ( path && pathLength )
- {
- attrs[attrCount].tag = kSecPathItemAttr;
- attrs[attrCount].length = pathLength;
- attrs[attrCount].data = path;
- attrCount++;
- }
-
- SecKeychainAttributeList attrList;
- attrList.count = attrCount;
- attrList.attr = attrs.get();
-
- Item item;
-
- KCCursor cursor;
- if (keychainRef)
- cursor = Keychain::optional(keychainRef)->createCursor(kSecInternetPasswordItemClass, &attrList);
- else
- cursor = globals().storageManager.createCursor(kSecInternetPasswordItemClass, &attrList);
-
- if (!cursor->next(item))
- return errSecItemNotFound;
-
-
- // Get its data (only if necessary)
- if ( passwordData || passwordLength )
- {
- CssmDataContainer outData;
- item->getData(outData);
- *passwordLength=outData.length();
- outData.Length=NULL;
- *passwordData=outData.data();
- outData.Data=NULL;
- }
-
- if (itemRef)
- *itemRef=ItemRef::handle(item);
-
-
- END_SECAPI
-
-
-
-}
-
-OSStatus SecKeychainAddGenericPassword(SecKeychainRef keychainRef, UInt32 serviceNameLength, char *serviceName,
- UInt32 accountNameLength, char *accountName,
- UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef)
-
-{
- BEGIN_SECAPI
-
- KCThrowParamErrIf_(passwordLength!=0 && passwordData==NULL);
- // @@@ Get real itemClass
- Item item(kSecGenericPasswordItemClass, 'aapl', passwordLength, passwordData);
-
- if (serviceName && serviceNameLength)
- item->setAttribute(Schema::attributeInfo(kSecServiceItemAttr), CssmData(serviceName, serviceNameLength));
-
- if (accountName && accountNameLength)
- {
- CssmData account(accountName, accountNameLength);
- item->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account);
- // @@@ We should probably leave setting of label up to lower level code.
- item->setAttribute(Schema::attributeInfo(kSecLabelItemAttr), account);
- }
-
- Keychain::optional(keychainRef)->add(item);
- if (itemRef)
- *itemRef = ItemRef::handle(item);
-
- END_SECAPI
-}
-
-OSStatus SecKeychainFindGenericPassword(SecKeychainRef keychainRef, UInt32 serviceNameLength, char *serviceName,
- UInt32 accountNameLength, char *accountName,
- UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef)
-
-{
- BEGIN_SECAPI
- UInt32 attrCount = 0;
-
- // The number of attributes to search on depends on what was passed in
- if (serviceName && serviceNameLength)
- attrCount++;
-
- if (accountName && accountNameLength)
- attrCount++;
-
- auto_array<SecKeychainAttribute> attrs(attrCount);
- attrCount = 0;
-
- if (serviceName && serviceNameLength)
- {
- attrs[attrCount].tag = kSecServiceItemAttr;
- attrs[attrCount].length = serviceNameLength;
- attrs[attrCount].data = serviceName;
- attrCount++;
- }
- if (accountName && accountNameLength)
- {
- attrs[attrCount].tag = kSecAccountItemAttr;
- attrs[attrCount].length = accountNameLength;
- attrs[attrCount].data = accountName;
- attrCount++;
- }
-
- SecKeychainAttributeList attrList;
- attrList.count = attrCount;
- attrList.attr = attrs.get();
-
- Item item;
-
- KCCursor cursor;
- if (keychainRef)
- cursor = Keychain::optional(keychainRef)->createCursor(kSecGenericPasswordItemClass, &attrList);
- else
- cursor = globals().storageManager.createCursor(kSecGenericPasswordItemClass, &attrList);
-
- if (!cursor->next(item))
- return errSecItemNotFound;
-
-
- // Get its data (only if necessary)
- if ( passwordData || passwordLength )
- {
- CssmDataContainer outData;
- item->getData(outData);
- *passwordLength=outData.length();
- outData.Length=NULL;
- *passwordData=outData.data();
- outData.Data=NULL;
- }
-
- if (itemRef)
- *itemRef=ItemRef::handle(item);
-
-
- END_SECAPI
-}
-
-OSStatus SecKeychainLogin(UInt32 nameLength, void* name, UInt32 passwordLength, void* password)
-{
- BEGIN_SECAPI
- globals().storageManager.login(nameLength, name, passwordLength, password);
- END_SECAPI
-}
-
-OSStatus SecKeychainLogout()
-{
- BEGIN_SECAPI
- globals().storageManager.logout();
- END_SECAPI
+ CFRelease(searchRef);
+ return noErr;
}
-OSStatus SecKeychainSetUserInteractionAllowed(Boolean state)
+OSStatus SecKeychainCopySearchNextItem(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef)
{
- BEGIN_SECAPI
- globals().setUserInteractionAllowed(state);
- END_SECAPI
-
-}
+ static bool warnonce;
+ if (!warnonce)
+ {
+ warnonce = true;
+ Syslog::warning("Calling OBSOLETE SecKeychainCopySearchNextItem please use SecKeychainSearchCopyNext instead");
+ }
-OSStatus SecKeychainGetUserInteractionAllowed(Boolean *state)
-{
- BEGIN_SECAPI
- Required(state)=globals().getUserInteractionAllowed();
- END_SECAPI
-
+ return SecKeychainSearchCopyNext(searchRef, itemRef);
}
-
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
* specific language governing rights and limitations under the License.
*/
-
-/*
- * SecKeychainAPI.h
- * SecurityCore
- *
- * Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved
- *
- */
-
/*!
- @header SecKeychainAPI The Security Core API contains all the APIs need to create a Keychain management application, minus the HI.
-
- NOTE: Any function with Create or Copy in the name returns an object that must be released.
-*/
+ @header SecKeychainAPI
+ The Security Keychain API contains all the APIs need to create a client and
+ Keychain management application. It also contains a certificate, policy,
+ identity and trust management API.
-#if !defined(__SECKEYCHAINAPI__)
-#define __SECKEYCHAINAPI__ 1
+ NOTE: Any function with Create or Copy in the name returns an object that
+ must be released.
+*/
+#ifndef _SECURITY_SECKEYCHAINAPI_H_
+#define _SECURITY_SECKEYCHAINAPI_H_
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
-#include <Security/cssmapple.h>
+#warning including obsolete header file SecKeychainAPI.h Use #include <Security/Security.h> instead
+#include <Security/SecKeychain.h>
+#include <Security/SecKeychainItem.h>
+#include <Security/SecKeychainSearch.h>
#if defined(__cplusplus)
extern "C" {
#endif
-#ifndef __SEC_TYPES__
-#define __SEC_TYPES__
-
-/*!
-@typedef SecKeychainRef
-Opaque Structure to a Keychain reference.
-*/
-typedef struct OpaqueSecKeychainRef *SecKeychainRef;
-/*!
-@typedef SecKeychainItemRef
-Opaque Structure to a Keychain item reference.
-*/
-typedef struct OpaqueSecKeychainItemRef *SecKeychainItemRef;
-/*!
-@typedef SecKeychainSearchRef
-Opaque Structure to a Keychain search reference.
-*/
-typedef struct OpaqueSecKeychainSearchRef *SecKeychainSearchRef;
-
-typedef OSType SecKeychainAttrType;
-/*!
-@struct SecKeychainAttribute
-Security Item attributes.
-*/
-struct SecKeychainAttribute {
- SecKeychainAttrType tag; /* 4-byte attribute tag */
- UInt32 length; /* Length of attribute data */
- void * data; /* Pointer to attribute data */
-};
-typedef struct SecKeychainAttribute SecKeychainAttribute;
-typedef SecKeychainAttribute * SecKeychainAttributePtr;
-
-/*!
-@struct SecKeychainAttributeList
-Security attribute list.
-*/
-struct SecKeychainAttributeList {
- UInt32 count; /* How many attributes in the array */
- SecKeychainAttribute * attr; /* Pointer to first attribute in array */
-};
-typedef struct SecKeychainAttributeList SecKeychainAttributeList;
-
-typedef UInt32 SecKeychainStatus;
-
-#endif
-
-/*!
-@enum TableIDs
-*/
-enum {
- kSecGenericPasswordItemTableID = CSSM_DL_DB_RECORD_GENERIC_PASSWORD, /* Generic password */
- kSecInternetPasswordItemTableID = CSSM_DL_DB_RECORD_INTERNET_PASSWORD, /* Internet password */
- kSecAppleSharePasswordItemTableID = CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD /* AppleShare password */
-};
-
-/*!
-@struct SecKeychainAttributeInfo
-Security attribute tag list.
-*/
-struct SecKeychainAttributeInfo {
- UInt32 count; /* How many items in the array */
- UInt32 * tag; /* Pointer to first attribute tag in array */
- UInt32 * format; /* Pointer to first attribute format in array */
-};
-typedef struct SecKeychainAttributeInfo SecKeychainAttributeInfo;
-
-
-
-/*!
-@typedef SecTypeRef
-Opaque pointer to one a pointer to a security referece.
-Such as SecKeychainSearchRef, SecKeychainItemRef and SecKeychainItemRef.
-*/
-typedef void *SecTypeRef;
-
-/*!
-@enum KeychainErrors
-*/
-enum {
- errSecNotAvailable = -25291,
- errSecReadOnly = -25292,
- errSecAuthFailed = -25293,
- errSecNoSuchKeychain = -25294,
- errSecInvalidKeychain = -25295,
- errSecDuplicateKeychain = -25296,
- errSecDuplicateCallback = -25297,
- errSecInvalidCallback = -25298,
- errSecDuplicateItem = -25299,
- errSecItemNotFound = -25300,
- errSecBufferTooSmall = -25301,
- errSecDataTooLarge = -25302,
- errSecNoSuchAttr = -25303,
- errSecInvalidItemRef = -25304,
- errSecInvalidSearchRef = -25305,
- errSecNoSuchClass = -25306,
- errSecNoDefaultKeychain = -25307,
- errSecInteractionNotAllowed = -25308,
- errSecReadOnlyAttr = -25309,
- errSecWrongSecVersion = -25310,
- errSecKeySizeNotAllowed = -25311,
- errSecNoStorageModule = -25312,
- errSecNoCertificateModule = -25313,
- errSecNoPolicyModule = -25314,
- errSecInteractionRequired = -25315,
- errSecDataNotAvailable = -25316,
- errSecDataNotModifiable = -25317,
- errSecCreateChainFailed = -25318
-};
-
-/*!
-@enum KeychainEvents
-Events relating to the state of the default Keychain.
-*/
-typedef UInt16 SecKeychainEvent;
-enum {
- kSecLockEvent = 1, /* a keychain was locked */
- kSecUnlockEvent = 2, /* a keychain was unlocked */
- kSecAddEvent = 3, /* an item was added to a keychain */
- kSecDeleteEvent = 4, /* an item was deleted from a keychain */
- kSecUpdateEvent = 5, /* an item was updated */
- kSecPasswordChangedEvent = 6, /* the keychain password was changed */
- kSecSystemEvent = 8, /* the keychain client can process events */
- kSecDefaultChangedEvent = 9, /* the default keychain was changed */
- kSecDataAccessEvent = 10, /* a process has accessed a keychain item's data */
- kSecKeychainListChangedEvent = 11 /* the list of keychains has changed */
-};
-
-
-typedef UInt16 SecKeychainEventMask;
-enum {
- kSecLockEventMask = 1 << kSecLockEvent,
- kSecUnlockEventMask = 1 << kSecUnlockEvent,
- kSecAddEventMask = 1 << kSecAddEvent,
- kSecDeleteEventMask = 1 << kSecDeleteEvent,
- kSecUpdateEventMask = 1 << kSecUpdateEvent,
- kSecPasswordChangedEventMask = 1 << kSecPasswordChangedEvent,
- kSecSystemEventEventMask = 1 << kSecSystemEvent,
- kSecDefaultChangedEventMask = 1 << kSecDefaultChangedEvent,
- kSecDataAccessEventMask = 1 << kSecDataAccessEvent,
- kSecEveryEventMask = 0xFFFF /* all of the above*/
-};
-
-typedef UInt8 SecAFPServerSignature[16];
-typedef UInt8 SecPublicKeyHash[20];
-
-/*!
-@enum KeychainStatus
-The current status of the Keychain.
-*/
-enum {
- kSecUnlockStateStatus = 1,
- kSecRdPermStatus = 2,
- kSecWrPermStatus = 4
-};
-
-typedef FourCharCode SecItemClass;
-/*!
-@enum KeychainItemClasses
-Keychain item classes
-*/
-
-enum {
- kSecInternetPasswordItemClass = 'inet', /* Internet password */
- kSecGenericPasswordItemClass = 'genp', /* Generic password */
- kSecAppleSharePasswordItemClass = 'ashp' /* AppleShare password */
-};
-
-
-/*!
-@enum FourCharacterCodes
-*/
-enum {
- /* Common attributes */
- kSecCreationDateItemAttr = 'cdat', /* Date the item was created (UInt32) */
- kSecModDateItemAttr = 'mdat', /* Last time the item was updated (UInt32) */
- kSecDescriptionItemAttr = 'desc', /* User-visible description string (string) */
- kSecCommentItemAttr = 'icmt', /* User's comment about the item (string) */
- kSecCreatorItemAttr = 'crtr', /* Item's creator (OSType) */
- kSecTypeItemAttr = 'type', /* Item's type (OSType) */
- kSecScriptCodeItemAttr = 'scrp', /* Script code for all strings (ScriptCode) */
- kSecLabelItemAttr = 'labl', /* Item label (string) */
- kSecInvisibleItemAttr = 'invi', /* Invisible (boolean) */
- kSecNegativeItemAttr = 'nega', /* Negative (boolean) */
- kSecCustomIconItemAttr = 'cusi', /* Custom icon (boolean) */
- /* Unique Generic password attributes */
- kSecAccountItemAttr = 'acct', /* User account (string) - also applies to Appleshare and Generic */
- kSecServiceItemAttr = 'svce', /* Service (string) */
- kSecGenericItemAttr = 'gena', /* User-defined attribute (untyped bytes) */
- /* Unique Internet password attributes */
- kSecSecurityDomainItemAttr = 'sdmn', /* urity domain (string) */
- kSecServerItemAttr = 'srvr', /* Server's domain name or IP address (string) */
- kSecAuthTypeItemAttr = 'atyp', /* Authentication Type (AuthType) */
- kSecPortItemAttr = 'port', /* Port (UInt32) */
- kSecPathItemAttr = 'path', /* Path (string) */
- /* Unique Appleshare password attributes */
- kSecVolumeItemAttr = 'vlme', /* Volume (string) */
- kSecAddressItemAttr = 'addr', /* Server address (IP or domain name) or zone name (string) */
- kSecSignatureItemAttr = 'ssig', /* Server signature block (AFPServerSignature) */
- /* Unique AppleShare and Internet attributes */
- kSecProtocolItemAttr = 'ptcl', /* Protocol (ProtocolType) */
-
-};
-
-typedef FourCharCode SecItemAttr;
-
-
-/*!
-@enum SecurityAuthTypeCodes
-*/
-enum {
- kSecAuthTypeNTLM = 'ntlm',
- kSecAuthTypeMSN = 'msna',
- kSecAuthTypeDPA = 'dpaa',
- kSecAuthTypeRPA = 'rpaa',
- kSecAuthTypeHTTPDigest = 'httd',
- kSecAuthTypeDefault = 'dflt'
-};
-typedef FourCharCode SecAuthType;
-
-/*!
-@enum SecurityProtocolTypeCodes
-*/
-enum {
- kSecProtocolTypeFTP = 'ftp ',
- kSecProtocolTypeFTPAccount = 'ftpa',
- kSecProtocolTypeHTTP = 'http',
- kSecProtocolTypeIRC = 'irc ',
- kSecProtocolTypeNNTP = 'nntp',
- kSecProtocolTypePOP3 = 'pop3',
- kSecProtocolTypeSMTP = 'smtp',
- kSecProtocolTypeSOCKS = 'sox ',
- kSecProtocolTypeIMAP = 'imap',
- kSecProtocolTypeLDAP = 'ldap',
- kSecProtocolTypeAppleTalk = 'atlk',
- kSecProtocolTypeAFP = 'afp ',
- kSecProtocolTypeTelnet = 'teln'
-};
-typedef FourCharCode SecProtocolType;
-
-/*!
-@typedef KCChangeSettingsInfo
-Keychain Settings
-*/
-struct SecKeychainSettings
-{
- UInt32 version;
- Boolean lockOnSleep;
- Boolean useLockInterval;
- UInt32 lockInterval;
-};
-typedef struct SecKeychainSettings SecKeychainSettings;
-
-#define SEC_KEYCHAIN_SETTINGS_VERS1 1
-
-struct SecKeychainCallbackInfo
-{
- UInt32 version;
- SecKeychainItemRef item;
- long processID[2];
- long event[4];
- SecKeychainRef keychain;
-};
-typedef struct SecKeychainCallbackInfo SecKeychainCallbackInfo;
-
-
-/*!
- @function SecKeychainGetVersion
- Returns the version of the Keychain Manager (an unsigned 32-bit integer) in version.
-
- @param returnVers Pointer to a UNInt32 to receive the version number.
- @result noErr 0 No error.
- errSecNotAvailable -25291 Keychain Manager was not loaded.
-*/
-OSStatus SecKeychainGetVersion(UInt32 *returnVers);
-
-/*!
- @function SecKeychainOpen
- Returns a referenece to the keychain specified by keychainFile.
- The memory that keychain occupies must be released by calling SecKeychainRelease when finished
- with it.
-
- @param pathName A posix path to the keychain file.
- @param keychainRef Returned keychain reference.
- @result noErr 0 No error.
- paramErr -50 The keychain parameter is invalid (NULL).
-*/
-OSStatus SecKeychainOpen(const char *pathName, SecKeychainRef *keychainRef);
-
-/*!
- @function SecKeychainCreateNew
- Returns a referenece to the keychain specified by keychainFile.
- The memory that keychain occupies must be released by calling SecKeychainRelease when finished
- with it.
-
- @param pathName A posix path to the keychain file.
- @param promptUser Display a password dialog to the user.
- @param keychainRef Returned keychain reference.
- @param passwordLength Max length of the password buffer.
- @param password A pointer to buffer with the password. Must be in canonical UTF8 encoding.
- @result noErr 0 No error.
- paramErr -50 The keychain parameter is invalid (NULL).
-*/
-OSStatus SecKeychainCreateNew(const char *pathName, SecKeychainRef *keychainRef, UInt32 passwordLength, const void *password, Boolean promptUser);
-
-/*!
- @function SecKeychainDelete
- Deletes a the keychain specified by keychainRef.
-
- @param keychainRef keychain to delete reference.
- @result noErr 0 No error.
- paramErr -50 The keychain parameter is invalid (NULL).
-*/
-OSStatus SecKeychainDelete(SecKeychainRef keychainRef);
-
-/*!
- @function SecKeychainSetSettings
- Changes the settings of keychain including the lockOnSleep, useLockInterval and lockInterval.
-
- @param keychainRef keychain reference of the keychain to set.
- @param newSettings A SecKeychainSettings structure pointer.
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainSetSettings(SecKeychainRef keychainRef, const SecKeychainSettings *newSettings);
-
-/*!
- @function SecKeychainCopySettings
- Copy the settings of keychain including the lockOnSleep, useLockInterval and lockInterval. Because this structure is versioned
- the caller is required to preallocate it and fill in the version of the structure.
-
- @param keychainRef keychain reference of the keychain settings to copy.
- @param outSettings A SecKeychainSettings structure pointer.
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainCopySettings(SecKeychainRef keychainRef, SecKeychainSettings *outSettings);
-
-/*!
- @function SecKeychainUnlock
- Unlocks the specified keychain.
-
- @param keychainRef A reference to the keychain to be unlocked.
- @param passwordLength The length of the password buffer.
- @param password A buffer with the password for the keychain.
- @param usePassword By setting this flag the password parameter is either used or ignored.
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainUnlock(SecKeychainRef keychainRef, UInt32 passwordLength, void *password, Boolean usePassword);
-
-/*!
- @function SecKeychainLock
- Locks the specified keychain.
-
- @param keychainRef A reference to the keychain to be Locked.
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainLock(SecKeychainRef keychainRef);
-
-/*!
- @function SecKeychainLockAll
- Locks all keychains.
-
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainLockAll();
-
-/*!
- @function SecKeychainCopyDefault
- This routine returns a SecKeychainRef which specifies the default keychain. Your application
- might call this routine to obtain the name and location of the default keychain.
-
- @param SecKeychainRef A pointer to a reference of the default keychain.
- @result noErr 0 No error.
- errSecNoDefaultKeychain -25307 There is no currently default keychain.
-*/
-OSStatus SecKeychainCopyDefault(SecKeychainRef *keychainRef);
-
-/*!
- @function SecKeychainSetDefault
- This routine sets the default keychain to the keychain specified by keychain.
-
- @param SecKeychainRef A pointer to a reference of the default keychain.
- @result noErr 0 No error.
- paramErr -50 The input specification parameter was NULL.
- errSecNoSuchKeychain -25294 The specified keychain could not be found.
- errSecInvalidKeychain -25295 The specified keychain is invalid
-*/
-OSStatus SecKeychainSetDefault(SecKeychainRef keychainRef);
-
-/*!
- @function SecKeychainGetStatus
-
- Returns status information for the specified keychain in the supplied parameter. If keychain is NULL,
- the status of the default keychain is returned.
-
- The value returned in keychainStatus is a 32-bit field, the meaning of which must be determined
- by comparison with a list of predefined constants.
-
- Currently defined bitmask values are:
- kSecUnlockStateStatus 1 The specified keychain is unlocked if bit 0 is set.
- kSecRdPermStatus 2 The specified keychain is unlocked with read permission if bit 1 is set.
- kSecWrPermStatus 4 The specified keychain is unlocked with write permission if bit 2 is set.
-
- @param keychainRef Pointer to a keychain reference (NULL specifies the default keychain).
- @param keychainRefStatus Returned status of the specified keychain.
-
- @result noErr 0 No error.
- errSecNoSuchKeychain -25294 The specified keychain could not be found.
- errSecInvalidKeychain -25295 The specified keychain is invalid.
-*/
-OSStatus SecKeychainGetStatus(SecKeychainRef keychainRef, SecKeychainStatus* keychainStatus);
-
-/*!
- @function SecKeychainRelease
- Releases keychain item references
-
- @param keychainRef A keychain reference to release.
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainRelease(SecKeychainRef itemRef);
-
-/*!
- @function SecKeychainGetPath
- Get the path location of the specified keychain.
- @param keychainRef A reference to a keychain.
- @param ioPathLength On input specifies the size or the buffer pointed to by path and on output the length of the buffer
- (without the zero termination which is added)
- @param pathName A posix path to the receive keychain filename.
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainGetPath(SecKeychainRef keychainRef, UInt32 *ioPathLength, char *pathName);
-
-/*!
- @function SecKeychainListGetCount
- This function returns the number of available keychains. This number includes all keychains within
- the "Keychains" folder, as well as any other keychains known to the Keychain Manager.
- @result the number of keychains.
-*/
-UInt16 SecKeychainListGetCount(void);
-
-/*!
- @function SecKeychainListCopyKeychainAtIndex
- This routine to copies a keychain item from the default keychain to another.
- @param index The index of the item to copy.
- @param keychainRef A keychain reference of the destination keychain.
- @result noErr 0 No error.
- errSecInvalidKeychain -25295 The specified destination keychain was invalid.
- errSecReadOnly -25292 The destination keychain is read only.
- errSecNoSuchClass -25306 item has an invalid keychain item class.
-*/
-OSStatus SecKeychainListCopyKeychainAtIndex(UInt16 index, SecKeychainRef *keychainRef);
-
-/*!
- @function SecKeychainItemCreateFromContent
- Creates a new keychain item from the supplied parameters. A reference to the newly-created
- item is returned in item. A copy of the data buffer pointed to by data is stored in the item.
- When the item reference is no longer required, call SecKeychainRelease to deallocate memory occupied
- by the item.
-
- @param itemRefClass A constant identifying the class of item to be created.
- @param attrList The list of attributes of the item to be created.
- @param length Length of the data to be stored in this item.
- @param data Pointer to a buffer containing the data to be stored in this item.
- @param keychain to add the item to.
- @param itemRef A reference to the newly created keychain item (optional).
- @result noErr 0 No error.
- paramErr -50 Not enough valid parameters were supplied.
- memFullErr -108 Not enough memory in current heap zone to create the object.
-*/
-OSStatus SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void *data, SecKeychainRef keychainRef, SecKeychainItemRef *itemRef);
-
-/*!
- @function SecKeychainItemModifyContent
- This routine to update an existing keychain item after changing its attributes or data. The item is
- written to the keychain's permanent data store. If item has not previously been added to a keychain,
- SecKeychainItemModifyContent does nothing and returns noErr.
-
- @param itemRef A reference of the keychain item to be modified.
- @param attrList The list of attributes to be set in this item.
- @param length Length of the data to be stored in this item.
- @param data Pointer to a buffer containing the data to be stored in this item.
- @result noErr 0 No error.
- errSecNoDefaultKeychain -25307 No default keychain could be found.
- errSecInvalidItemRef -25304 The specified keychain item reference was invalid.
-*/
-OSStatus SecKeychainItemModifyContent(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data);
-
-/*!
- @function SecKeychainItemCopyContent
- Use this function to retrieve the data and/or attributes stored in the given keychain item.
-
- You must call SecKeychainItemFreeContent when you no longer need the attributes and data.
-
- @param itemRef A reference of the keychain item to be modified.
- @param itemClass The items class. Pass NULL if not required.
- @param attrList The list of attributes to get in this item on input, on output the attributes are filled in.
- @param length on output the actual length of the data.
- @param outData Pointer to a buffer containing the data in this item. Pass NULL if not required.
-
- @result noErr 0 No error.
- paramErr -50 Not enough valid parameters were supplied.
- errSecInvalidItemRef -25304 The specified keychain item reference was invalid.
- errSecBufferTooSmall -25301 The data was too large for the supplied buffer.
- errSecDataNotAvailable -25316 The data is not available for this item.
-*/
-OSStatus SecKeychainItemCopyContent(SecKeychainItemRef itemRef, SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData);
-
-/*!
- @function SecKeychainItemFreeContent
-*/
-OSStatus SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data);
-
-/*!
- @function SecKeychainAttributeInfoForItemID
- This will allow clients to obtain the tags for all possible attrs for that item class. User should call SecKeychainFreeAttributeInfo to
- release the structure when done with it.
-
- Warning, this call returns more attributes than are support by the old style Keychain API and passing them inro older calls will
- yield an invalid attribute error. The recommended call to retrieve the attribtute values is SecKeychainItemCopyAttributesAndData.
-
- @param keychainRef A reference to the keychain.
- @param itemID the relation ID of the item tags
- @param info a pointer to a SecKeychainAttributeInfo structure
-
- @result noErr 0 No error.
- paramErr -50 Not enough valid parameters were supplied.
-*/
-OSStatus SecKeychainAttributeInfoForItemID(SecKeychainRef keychainRef, UInt32 itemID, SecKeychainAttributeInfo **info);
-
-/*!
- @function SecKeychainFreeAttributeInfo
- This function free the memory aquired during the SecKeychainAttributeInfoForItemID call.
-
- @param Info a pointer to a SecKeychainAttributeInfo structure
-
- @result noErr 0 No error.
- paramErr -50 Not enough valid parameters were supplied.
-*/
-OSStatus SecKeychainFreeAttributeInfo(SecKeychainAttributeInfo *info);
-
-/*!
- @function SecKeychainItemModifyContent
- This routine to update an existing keychain item after changing its attributes or data. The item is
- written to the keychain's permanent data store. If item has not previously been added to a keychain,
- SecKeychainItemModifyContent does nothing and returns noErr.
-
- @param itemRef A reference of the keychain item to be modified.
- @param attrList The list of attributes to be set in this item.
- @param length Length of the data to be stored in this item.
- @param data Pointer to a buffer containing the data to be stored in this item.
- @result noErr 0 No error.
- errSecNoDefaultKeychain -25307 No default keychain could be found.
- errSecInvalidItemRef -25304 The specified keychain item reference was invalid.
-*/
-OSStatus SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data);
-
-
-/*!
- @function SecKeychainItemCopyAttributesAndData
- Use this function to retrieve the data and/or attributes stored in the given keychain item.
-
- You must call SecKeychainItemFreeAttributesAndData when you no longer need the attributes and data.
-
- @param itemRef A reference of the keychain item to be modified.
- @param info List of tags of attributes to retrieve.
- @param itemClass The items class. Pass NULL if not required.
- @param attrList The list of attributes to get in this item on input, on output the attributes are filled in.
- @param length on output the actual length of the data.
- @param outData Pointer to a buffer containing the data in this item. Pass NULL if not required.
-
- @result noErr 0 No error.
- paramErr -50 Not enough valid parameters were supplied.
- errSecInvalidItemRef -25304 The specified keychain item reference was invalid.
- errSecBufferTooSmall -25301 The data was too large for the supplied buffer.
- errSecDataNotAvailable -25316 The data is not available for this item.
-*/
-OSStatus SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData);
-
-/*!
- @function SecKeychainItemFreeAttributesAndData
- Use this function to release the data and/or attributes returned by the SecKeychainItemCopyAttributesAndData function.
-
- @param info List of tags of attributes to retrieve.
-
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *data);
-
-/*!
- @function SecKeychainItemDelete
- Use this routine to delete a keychain item from the default keychain's permanent data store. If itemRef
- has not previously been added to the keychain, SecKeychainItemDelete does nothing and returns noErr.
- IMPORTANT: SecKeychainItemDelete does not dispose the memory occupied by the item reference itself;
- use SecKeychainItemRelease when you are completely finished with an item.
-
- @param itemRef A keychain item reference of the item to be deleted.
- @result noErr 0 No error.
- errSecNoDefaultKeychain -25307 No default keychain could be found.
- errSecInvalidItemRef -25304 The specified keychain item reference was invalid.
-*/
-OSStatus SecKeychainItemDelete(SecKeychainItemRef itemRef);
-
-/*!
- @function SecKeychainItemCopyKeychain
- Use this routine to copy an existing keychain reference from a keychain item.
-
- @param itemRef A keychain item reference of the item to be updated.
- @param keychainRef A pointer to a keychain reference returned. Release this by calling
- SecKeychainRelease().
- @result noErr 0 No error.
- errSecInvalidItemRef -25304 The specified keychain item reference was invalid.
-*/
-OSStatus SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef* keychainRef);
-
-
-/*!
- @function SecKeychainItemCreateCopy
- Use this routine to copy a keychain item. The copy will be returned in itemCopy.
-
- @param itemRef A keychain item reference to copy.
- @param itemCopy The new copied item.
- @result noErr 0 No error.
- errSecInvalidKeychain -25295 The specified destKeychain was invalid.
- errSecReadOnly -25292 The destKeychain is read only.
- errSecNoSuchClass -25306 item has an invalid keychain item class.
-*/
-OSStatus SecKeychainItemCreateCopy(SecKeychainItemRef itemRef, SecKeychainItemRef *itemCopy, SecKeychainRef destKeychainRef);
-
-/*!
- @function SecKeychainItemRelease
- Releases keychain item references
-
- @param itemRef A keychain item reference to release.
- @result noErr 0 No error.
-*/
+OSStatus SecKeychainRelease(SecKeychainRef keychainRef);
OSStatus SecKeychainItemRelease(SecKeychainItemRef itemRef);
-
-/*!
- @function SecKeychainSearchCreateFromAttributes
- Creates a search reference matching a list of zero or more specified attributes in the specified keychain
- and returns a reference to the item. Pass NULL for keychain if you wish to search all unlocked
- keychains. The caller is responsible for calling SecKeychainSearchRelease to release this reference
- when finished with it. A reference to the current search criteria is also returned, for subsequent calls to
- SecKeychainCopySearchNextItem. This reference must be released by the caller when completely finished with a
- search by calling SecKeychainSearchRelease.
-
- @param keychainRef The keychain to search (NULL means search all unlocked keychains)
- @param attrList A list of zero or more SecKeychainAttribute records to be matched
- (NULL matches any keychain item).
- @param searchRef A reference to the current search is returned here.
-
- @result noErr 0 No error.
- errSecNoDefaultKeychain -25307 No default keychain could be found.
- errSecItemNotFound -25300 No matching keychain item was found.
- errSecNoSuchAttr -25303 Specified an attribute which is undefined for this item class.
-*/
-OSStatus SecKeychainSearchCreateFromAttributes(SecKeychainRef keychainRef, SecItemClass itemClass, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef);
-
-/*!
- @function SecKeychainCopySearchNextItem
- Finds the next keychain item matching the given search criteria, as previously specified by a call to
- SecKeychainSearchCreateFromAttributes, and returns a reference to the item. The caller is responsible for releasing
- this reference when finished with it.
-
- @param searchRef A reference to the current search criteria.
- @param itemRef A reference to the next matching keychain item, if any, is returned here.
- @result noErr 0 No error.
- errSecNoDefaultKeychain -25307 No default keychain could be found.
- errSecInvalidSearchRef -25305 The specified search reference was invalid.
- errSecItemNotFound -25300 No more matching keychain items were found.
-*/
-OSStatus SecKeychainCopySearchNextItem(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef);
-
-/*!
- @function SecKeychainSearchRelease
- Releases a keychain search reference.
-
- @param searchRef A reference to the search reference.
- @result noErr 0 No error.
-*/
OSStatus SecKeychainSearchRelease(SecKeychainSearchRef searchRef);
-
-/*!
- @function SecKeychainListRemoveKeychain
- Removed the specified keychain from the list of availible keychains.
-
- @param keychainRef A reference to the keychain to be removed.
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainListRemoveKeychain(SecKeychainRef *keychainRef);
-
-// Keychain Callback mgr stuff
-typedef OSStatus (*SecKeychainCallbackProcPtr)(SecKeychainEvent keychainEvent, SecKeychainCallbackInfo* info, void *context);
-
-
-/*!
- @function SecKeychainAddCallback
- Add a callback.
-
- @param callbackFunction The callback function pointer to add
- @param eventMask
- @param userContext
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainAddCallback(SecKeychainCallbackProcPtr callbackFunction, SecKeychainEventMask eventMask, void* userContext);
-
-
-/*!
- @function SecKeychainRemoveCallback
- Remove a callback.
-
- @param callbackFunction The callback function pointer to remove
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainRemoveCallback(SecKeychainCallbackProcPtr callbackFunction);
-
-
-/*!
- @function SecKeychainAddInternetPassword
- Add an internet password to the specified keychain.
-
- @param keychainRef
- @param serverNameLength
- @param serverName
- @param securityDomainLength
- @param securityDomain
- @param accountNameLength
- @param accountName
- @param pathLength
- @param path
- @param port
- @param protocol
- @param authType
- @param passwordLength
- @param passwordData
- @param itemRef
-
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainAddInternetPassword(SecKeychainRef keychainRef, UInt32 serverNameLength, char *serverName,
- UInt32 securityDomainLength, char *securityDomain, UInt32 accountNameLength, char *accountName,
- UInt32 pathLength, char *path, UInt16 port, OSType protocol, OSType authType,
- UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef);
-
-
-/*!
- @function SecKeychainFindInternetPassword
- Find an internet password
-
- @param keychainRef
- @param serverNameLength
- @param serverName
- @param securityDomainLength
- @param securityDomain
- @param accountNameLength
- @param accountName
- @param pathLength
- @param path
- @param port
- @param protocol
- @param authType
- @param passwordLength
- @param passwordData
- @param itemRef
-
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainFindInternetPassword(SecKeychainRef keychainRef, UInt32 serverNameLength, char *serverName,
- UInt32 securityDomainLength, char *securityDomain, UInt32 accountNameLength, char *accountName,
- UInt32 pathLength, char *path, UInt16 port, OSType protocol, OSType authType,
- UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef);
-
-
-/*!
- @function SecKeychainAddGenericPassword
- Add an generic password to the specified keychain.
-
- @param keychainRef
- @param serviceNameLength
- @param serviceName
- @param accountNameLength
- @param accountName
- @param passwordData
- @param passwordLength
- @param itemRef
-
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainAddGenericPassword(SecKeychainRef keychainRef, UInt32 serviceNameLength, char *serviceName,
- UInt32 accountNameLength, char *accountName,
- UInt32 passwordLength, const void *passwordData, SecKeychainItemRef *itemRef);
-
-
-/*!
- @function SecKeychainFindGenericPassword
- Find a generic password
-
- @param keychainRef
- @param serverNameLength
- @param serverName
- @param accountNameLength
- @param accountName
- @param passwordLength
- @param passwordData
- @param itemRef
-
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainFindGenericPassword(SecKeychainRef keychainRef, UInt32 serviceNameLength, char *serviceName,
- UInt32 accountNameLength, char *accountName,
- UInt32 *passwordLength, void **passwordData, SecKeychainItemRef *itemRef);
-
-
-
-/*!
- @function SecKeychainSetUserInteractionAllowed
- Turn on/off any optional user interface
-
- @param state true = allow user interface, false = disallow user interface
-
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainSetUserInteractionAllowed(Boolean state);
-
-/*!
- @function SecKeychainGetUserInteractionAllowed
- Get the current setting for SecKeychainSetUserInteractionAllowed
-
- @param *state true = allow user interface, false = disallow user interface
-
- @result noErr 0 No error.
-*/
-OSStatus SecKeychainGetUserInteractionAllowed(Boolean *state);
+/* OBSOLETE Please use SecKeychainSearchCopyNext instead. */
+OSStatus SecKeychainCopySearchNextItem(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef);
#if defined(__cplusplus)
}
#endif
-#endif /* ! __SECKEYCHAINAPI__ */
-
-
+#endif /* !_SECURITY_SECKEYCHAINAPI_H_ */
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
/*
* SecKeychainAPIPriv.h
- * SecurityCore
- *
- * Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved
- *
*/
-#ifndef __KEYCHAINAPIPRIV__
-#define __KEYCHAINAPIPRIV__
+#ifndef _SECURITY_KEYCHAINAPIPRIV_H_
+#define _SECURITY_KEYCHAINAPIPRIV_H_
-#include <Security/SecKeychainAPI.h>
+#include <Security/SecBase.h>
#if defined(__cplusplus)
extern "C" {
kSecClassItemAttr = 'clas', /* Item class (KCItemClass) */
kSecAliasItemAttr = 'alis', /* Alias attribute (required by CDSA). */
kSecProtectedDataItemAttr = 'prot', /* Item's data is protected (encrypted) (Boolean) */
-
- /* Certificate attributes */
- kSecSubjectItemAttr = 'subj', /* Subject distinguished name (DER-encoded data) */
- kSecCommonNameItemAttr = 'cn ', /* Common Name (UTF8-encoded string) */
- kSecIssuerItemAttr = 'issu', /* Issuer distinguished name (DER-encoded data) */
- kSecSerialNumberItemAttr = 'snbr', /* Certificate serial number (DER-encoded data) */
- kSecEMailItemAttr = 'mail', /* E-mail address (ASCII-encoded string) */
- kSecPublicKeyHashItemAttr = 'hpky', /* Hash of public key (PublicKeyHash), 20 bytes max. */
- kSecIssuerURLItemAttr = 'iurl', /* URL of the certificate issuer (ASCII-encoded string) */
- /* Shared by keys and certificates */
- kSecEncryptItemAttr = 'encr', /* Encrypt (Boolean) */
- kSecDecryptItemAttr = 'decr', /* Decrypt (Boolean) */
- kSecSignItemAttr = 'sign', /* Sign (Boolean) */
- kSecVerifyItemAttr = 'veri', /* Verify (Boolean) */
- kSecWrapItemAttr = 'wrap', /* Wrap (Boolean) */
- kSecUnwrapItemAttr = 'unwr', /* Unwrap (Boolean) */
- kSecStartDateItemAttr = 'sdat', /* Start Date (UInt32) */
- kSecEndDateItemAttr = 'edat' /* End Date (UInt32) */
};
+UInt16
+SecKeychainListGetCount(void);
+
+OSStatus
+SecKeychainListCopyKeychainAtIndex(UInt16 index, SecKeychainRef *keychainRef);
+
+OSStatus
+SecKeychainListRemoveKeychain(SecKeychainRef *keychainRef);
+
OSStatus SecKeychainChangePassword(SecKeychainRef keychainRef, UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword);
OSStatus SecKeychainCopyLogin(SecKeychainRef *keychainRef);
}
#endif
-#endif // __KEYCHAINAPIPRIV__
+#endif /* !_SECURITY_KEYCHAINAPIPRIV_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecKeychainItem.h>
+
+#include "SecBridge.h"
+#include "KCExceptions.h"
+#include "Access.h"
+
+
+//
+// Given a polymorphic Sec type object, return
+// its AclBearer component.
+// Note: Login ACLs are not hooked into this layer;
+// modules or attachments have no Sec* layer representation.
+//
+RefPointer<AclBearer> aclBearer(CFTypeRef itemRef)
+{
+ // well, exactly what kind of something are you?
+ CFTypeID id = CFGetTypeID(itemRef);
+ if (id == gTypes().item.typeId) {
+ // keychain item. If it's in a protected group, return the group key
+ if (SSGroup group = gTypes().item.required(SecKeychainItemRef(itemRef))->group())
+ return &*group;
+ } else if (id == gTypes().keyItem.typeId) {
+ // key item
+ //@@@ not hooked up yet
+ } else if (id == gTypes().keychain.typeId) {
+ // keychain (this yields the database ACL)
+ //@@@ not hooked up yet
+ }
+ // Guess not. Bummer
+ MacOSError::throwMe(errSecNoAccessForItem);
+}
+
+
+CFTypeID
+SecKeychainItemGetTypeID(void)
+{
+ BEGIN_SECAPI
+
+ return gTypes().item.typeId;
+
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+OSStatus
+SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeList *attrList,
+ UInt32 length, const void *data, SecKeychainRef keychainRef,
+ SecAccessRef initialAccess, SecKeychainItemRef *itemRef)
+{
+ BEGIN_SECAPI
+ KCThrowParamErrIf_(length!=0 && data==NULL);
+ Item item(itemClass, attrList, length, data);
+ if (initialAccess)
+ item->setAccess(gTypes().access.required(initialAccess));
+ Keychain::optional(keychainRef)->add(item);
+ if (itemRef)
+ *itemRef = gTypes().item.handle(*item);
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainItemModifyContent(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data)
+{
+ BEGIN_SECAPI
+ Item item = gTypes().item.required(itemRef);
+ item->modifyContent(attrList, length, data);
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainItemCopyContent(SecKeychainItemRef itemRef, SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData)
+{
+ BEGIN_SECAPI
+ Item item = gTypes().item.required(itemRef);
+ item->getContent(itemClass, attrList, length, outData);
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data)
+{
+ BEGIN_SECAPI
+ ItemImpl::freeContent(attrList, data);
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data)
+{
+ BEGIN_SECAPI
+ Item item = gTypes().item.required(itemRef);
+ item->modifyAttributesAndData(attrList, length, data);
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData)
+{
+ BEGIN_SECAPI
+ Item item = gTypes().item.required(itemRef);
+ item->getAttributesAndData(info, itemClass, attrList, length, outData);
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *data)
+{
+ BEGIN_SECAPI
+ ItemImpl::freeAttributesAndData(attrList, data);
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainItemDelete(SecKeychainItemRef itemRef)
+{
+ BEGIN_SECAPI
+ Item item = gTypes().item.required( itemRef );
+ Keychain keychain = item->keychain();
+ KCThrowIf_( !keychain, errSecInvalidItemRef );
+
+ keychain->deleteItem( item ); // item must be persistant.
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef* keychainRef)
+{
+ BEGIN_SECAPI
+ Required(keychainRef) = gTypes().keychain.handle(*gTypes().item.required(itemRef)->keychain());
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainItemCreateCopy(SecKeychainItemRef itemRef, SecKeychainRef destKeychainRef,
+ SecAccessRef initialAccess, SecKeychainItemRef *itemCopy)
+{
+ BEGIN_SECAPI
+ Item copy = gTypes().item.required(itemRef)->copyTo(Keychain::optional(destKeychainRef));
+ if (itemCopy)
+ *itemCopy = gTypes().item.handle(*copy);
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainItemGetUniqueRecordID(SecKeychainItemRef keyItemRef, CSSM_DB_UNIQUE_RECORD* uniqueRecordID)
+{
+ BEGIN_SECAPI
+ uniqueRecordID = gTypes().item.required(keyItemRef)->dbUniqueRecord();
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainItemGetDLDBHandle(SecKeychainItemRef itemRef, CSSM_DL_DB_HANDLE* dldbHandle)
+{
+ BEGIN_SECAPI
+ *dldbHandle = gTypes().item.required(itemRef)->keychain()->database()->handle();
+ END_SECAPI
+}
+
+
+OSStatus SecAccessCreateFromObject(CFTypeRef sourceRef,
+ SecAccessRef *accessRef)
+{
+ BEGIN_SECAPI
+ Required(accessRef); // preflight
+ RefPointer<Access> access = new Access(*aclBearer(sourceRef));
+ *accessRef = gTypes().access.handle(*access);
+ END_SECAPI
+}
+
+
+/*!
+ */
+OSStatus SecAccessModifyObject(SecAccessRef accessRef, CFTypeRef sourceRef)
+{
+ BEGIN_SECAPI
+ gTypes().access.required(accessRef)->setAccess(*aclBearer(sourceRef), true);
+ END_SECAPI
+}
+
+OSStatus
+SecKeychainItemCopyAccess(SecKeychainItemRef itemRef, SecAccessRef* accessRef)
+{
+ BEGIN_SECAPI
+
+ Required(accessRef); // preflight
+ RefPointer<Access> access = new Access(*aclBearer(reinterpret_cast<CFTypeRef>(itemRef)));
+ *accessRef = gTypes().access.handle(*access);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainItemSetAccess(SecKeychainItemRef itemRef, SecAccessRef accessRef)
+{
+ BEGIN_SECAPI
+
+ gTypes().access.required(accessRef)->setAccess(*aclBearer(reinterpret_cast<CFTypeRef>(itemRef)), true);
+
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecKeychainItem
+ SecKeychainItem implements an item which may be stored in a SecKeychain, with publicly
+ visible attributes and encrypted data. The access to the data of an item is protected
+ using strong cryptographic algorithms.
+*/
+
+#ifndef _SECURITY_SECKEYCHAINITEM_H_
+#define _SECURITY_SECKEYCHAINITEM_H_
+
+#include <Security/SecBase.h>
+#include <Security/cssmapple.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @typedef SecItemClass
+ @abstract Represents a keychain item's class.
+*/
+typedef FourCharCode SecItemClass;
+
+/*!
+ @enum ItemClassConstants
+ @abstract Specifies a keychain item's class code.
+ @constant kSecInternetPasswordItemClass Indicates that the item is an internet password.
+ @constant kSecGenericPasswordItemClass Indicates that the item is a generic password.
+ @constant kSecAppleSharePasswordItemClass Indicates that the item is an AppleShare password.
+ @constant kSecCertificateItemClass Indicates that the item is a digital certificate.
+ @discussion The SecItemClass enumeration defines constants your application can use to specify the type of the keychain item you wish to create, dispose, add, delete, update, copy, or locate. You can also use these constants with the tag constant SecItemAttr.
+*/
+enum
+{
+ kSecInternetPasswordItemClass = 'inet',
+ kSecGenericPasswordItemClass = 'genp',
+ kSecAppleSharePasswordItemClass = 'ashp',
+ kSecCertificateItemClass = CSSM_DL_DB_RECORD_X509_CERTIFICATE,
+};
+
+/*!
+ @typedef SecItemAttr
+ @abstract Represents a keychain item's attributes.
+
+*/
+typedef FourCharCode SecItemAttr;
+
+/*!
+ @enum ItemAttributeConstants
+ @abstract Specifies keychain item attributes.
+ @constant kSecCreationDateItemAttr Identifies the creation date attribute. You use this tag to set or get a value of type UInt32 that indicates the date the item was created.
+ @constant kSecModDateItemAttr Identifies the modification date attribute. You use this tag to set or get a value of type UInt32 that indicates the last time the item was updated.
+ @constant kSecDescriptionItemAttr Identifies the description attribute. You use this tag to set or get a value of type string that represents a user-visible string describing this particular kind of item (e.g. "disk image password").
+ @constant kSecCommentItemAttr Identifies the comment attribute. You use this tag to set or get a value of type string that represents a user-editable string containing comments for this item.
+ @constant kSecCreatorItemAttr Identifies the creator attribute. You use this tag to set or get a value that represents the itemÕs creator.
+ @constant kSecTypeItemAttr Identifies the type attribute. You use this tag to set or get a value that represents the itemÕs type.
+ @constant kSecScriptCodeItemAttr Identifies the script code attribute. You use this tag to set or get a value of type ScriptCode that represents the script code for all strings. (Note: use of this attribute is deprecated; string attributes should be stored in UTF-8 encoding.)
+ @constant kSecLabelItemAttr Identifies the label attribute. You use this tag to set or get a value of type string that represents a user-editable string containing the label for this item.
+ @constant kSecInvisibleItemAttr Identifies the invisible attribute. You use this tag to set or get a value of type Boolean that indicates whether the item is invisible.
+ @constant kSecNegativeItemAttr Identifies the negative attribute. You use this tag to set or get a value of type Boolean that indicates whether there is a valid password associated with this keychain item. This is useful if your application doesn't want a password for some particular service to be stored in the keychain, but prefers that it always be entered by the user. The item (typically invisible and with zero-length data) acts as a placeholder to say Òdon't use me.Ó
+ @constant kSecCustomIconItemAttr Identifies the custom icon attribute. You use this tag to set or get a value of type Boolean that indicates whether the item has an application-specific icon. To do this, you must also set the attribute value identified by the tag kSecTypeItemAttr to a file type for which there is a corresponding icon in the desktop database, and set the attribute value identified by the tag kSecCreatorItemAttr to an appropriate application creator type. If a custom icon corresponding to the item's type and creator can be found in the desktop database, it will be displayed by Keychain Access. Otherwise, default icons are used.
+ @constant kSecAccountItemAttr Identifies the account attribute. You use this tag to set or get a string that represents the user account. It also applies to generic and AppleShare passwords.
+ @constant kSecServiceItemAttr Identifies the service attribute. You use this tag to set or get a string that represents the service associated with this item (e.g. "iTools"). This is unique to generic password attributes.
+ @constant kSecGenericItemAttr Identifies the generic attribute. You use this tag to set or get a value of untyped bytes that represents a user-defined attribute. This is unique to generic password attributes.
+ @constant kSecSecurityDomainItemAttr Identifies the security domain attribute. You use this tag to set or get a value that represents the Internet security domain. This is unique to Internet password attributes.
+ @constant kSecServerItemAttr Identifies the server attribute. You use this tag to set or get a value of type string that represents the Internet serverÕs domain name or IP address. This is unique to Internet password attributes.
+ @constant kSecAuthenticationTypeItemAttr Identifies the authentication type attribute. You use this tag to set or get a value of type SecAuthenticationType that represents the Internet authentication scheme. This is unique to Internet password attributes.
+ @constant kSecPortItemAttr Identifies the port attribute. You use this tag to set or get a value of type UInt32 that represents the Internet port number. This is unique to Internet password attributes.
+ @constant kSecPathItemAttr Identifies the path attribute. You use this tag to set or get a value that represents the path. This is unique to Internet password attributes.
+ @constant kSecVolumeItemAttr Identifies the volume attribute. You use this tag to set or get a value that represents the AppleShare volume. This is unique to AppleShare password attributes.
+ @constant kSecAddressItemAttr Identifies the address attribute. You use this tag to set or get a value of type string that represents the AppleTalk zone name, or the IP or domain name that represents the server address. This is unique to AppleShare password attributes.
+ @constant kSecSignatureItemAttr Identifies the server signature attribute. You use this tag to set or get a value of type SecAFPServerSignature that represents the server signature block. This is unique to AppleShare password attributes.
+ @constant kSecProtocolItemAttr Identifies the protocol attribute. You use this tag to set or get a value of type SecProtocolType that represents the Internet protocol. This is unique to AppleShare and Internet password attributes.
+ @constant kSecCertificateType Indicates a CSSM_CERT_TYPE type.
+ @constant kSecCertificateEncoding Indicates a CSSM_CERT_ENCODING type.
+ @constant kSecCrlType Indicates a CSSM_CRL_TYPE type.
+ @constant kSecCrlEncoding Indicates a CSSM_CRL_ENCODING type.
+ @constant kSecAlias Indicates an alias.
+ @discussion To obtain information about a certificate, use the CDSA Certificate Library (CL) API. To obtain information about a key, use the SecKeyGetCSSMKey function and the CDSA Cryptographic Service Provider (CSP) API.
+*/
+enum
+{
+ kSecCreationDateItemAttr = 'cdat',
+ kSecModDateItemAttr = 'mdat',
+ kSecDescriptionItemAttr = 'desc',
+ kSecCommentItemAttr = 'icmt',
+ kSecCreatorItemAttr = 'crtr',
+ kSecTypeItemAttr = 'type',
+ kSecScriptCodeItemAttr = 'scrp',
+ kSecLabelItemAttr = 'labl',
+ kSecInvisibleItemAttr = 'invi',
+ kSecNegativeItemAttr = 'nega',
+ kSecCustomIconItemAttr = 'cusi',
+ kSecAccountItemAttr = 'acct',
+ kSecServiceItemAttr = 'svce',
+ kSecGenericItemAttr = 'gena',
+ kSecSecurityDomainItemAttr = 'sdmn',
+ kSecServerItemAttr = 'srvr',
+ kSecAuthenticationTypeItemAttr = 'atyp',
+ kSecPortItemAttr = 'port',
+ kSecPathItemAttr = 'path',
+ kSecVolumeItemAttr = 'vlme',
+ kSecAddressItemAttr = 'addr',
+ kSecSignatureItemAttr = 'ssig',
+ kSecProtocolItemAttr = 'ptcl',
+ kSecCertificateType = 'ctyp',
+ kSecCertificateEncoding = 'cenc',
+ kSecCrlType = 'crtp',
+ kSecCrlEncoding = 'crnc',
+ kSecAlias = 'alis'
+};
+
+/*!
+ @typedef SecAFPServerSignature
+ @abstract Represents a 16-byte Apple File Protocol server signature block.
+*/
+typedef UInt8 SecAFPServerSignature[16];
+
+/*!
+ @typedef SecPublicKeyHash
+ @abstract Represents a 20-byte public key hash.
+*/
+typedef UInt8 SecPublicKeyHash[20];
+
+/*!
+ @function SecKeychainItemGetTypeID
+ @abstract Returns the type identifier of SecKeychainItem instances.
+ @result The CFTypeID of SecKeychainItem instances.
+*/
+CFTypeID SecKeychainItemGetTypeID(void);
+
+/*!
+ @function SecKeychainItemModifyAttributesAndData
+ @abstract Updates an existing keychain item after changing its attributes or data.
+ @param itemRef A reference of the keychain item to modify.
+ @param attrList The list of attributes to set.
+ @param length The length of the buffer pointed to by data.
+ @param data Pointer to a buffer containing the data to store.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion The keychain item is written to the keychain's permanent data store. If the keychain item has not previously been added to a keychain, a call to the SecKeychainItemModifyContent function does nothing and returns noErr.
+*/
+OSStatus SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data);
+
+#pragma mark ÑÑÑÑ Keychain Item Management ÑÑÑÑ
+/*!
+ @function SecKeychainItemCreateFromContent
+ @abstract Creates a new keychain item from the supplied parameters.
+ @param itemClass A constant identifying the class of item to create.
+ @param attrList The list of attributes of the item to create.
+ @param length The length of the buffer pointed to by data.
+ @param data A pointer to a buffer containing the data to store.
+ @param initialAccess A reference to the access for this keychain item.
+ @param keychainRef A reference to the keychain in which to add the item.
+ @param itemRef On return, a pointer to a reference to the newly created keychain item (optional). When the item reference is no longer required, call CFRelease to deallocate memory occupied by the item.
+ @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters are supplied, or memFullErr (-108) if there is not enough memory in the current heap zone to create the object.
+*/
+OSStatus SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeList *attrList,
+ UInt32 length, const void *data, SecKeychainRef keychainRef,
+ SecAccessRef initialAccess, SecKeychainItemRef *itemRef);
+
+/*!
+ @function SecKeychainItemModifyContent
+ @abstract Updates an existing keychain item after changing its attributes or data.
+ @param itemRef A reference to the keychain item to modify.
+ @param attrList The list of attributes to set.
+ @param length The length of the buffer pointed to by data.
+ @param data A pointer to a buffer containing the data to store.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainItemModifyContent(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data);
+
+/*!
+ @function SecKeychainItemCopyContent
+ @abstract Copies the data and/or attributes stored in the given keychain item.
+ @param itemRef A reference to the keychain item to modify.
+ @param itemClass The item's class. You should pass NULL if it is not required.
+ @param attrList The list of attributes to get in this item on input, on output the attributes are filled in. You must call SecKeychainItemFreeContent when you no longer need the attributes and data.
+ @param length On return, the length of the buffer pointed to by outData.
+ @param outData On return, a pointer to a buffer containing the data in this item. You must call SecKeychainItemFreeContent when you no longer need the attributes and data.
+ @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters are supplied.
+*/
+OSStatus SecKeychainItemCopyContent(SecKeychainItemRef itemRef, SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData);
+
+/*!
+ @function SecKeychainItemFreeContent
+ @abstract Releases the memory used by the keychain attribute list and the keychain data retrieved in a call to SecKeychainItemCopyContent.
+ @param attrList A pointer to the attribute list to release.
+ @param data A pointer to the data buffer to release.
+*/
+OSStatus SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data);
+
+/*!
+ @function SecKeychainItemCopyAttributesAndData
+ @abstract Copies the data and/or attributes stored in the given keychain item. You must call SecKeychainItemFreeAttributesAndData() when you no longer need the attributes and data.
+ @param itemRef A reference of the keychain item to modify.
+ @param info List of tags of attributes to retrieve.
+ @param itemClass The item's class. You should pass NULL if not required.
+ @param attrList The list of attributes to get in this item on input, on output the attributes are filled in. You must call SecKeychainItemFreeAttributesAndData() when you no longer need the attributes and data.
+ @param length on output the actual length of the data.
+ @param outData Pointer to a buffer containing the data in this item. Pass NULL if not required. You must call SecKeychainItemFreeAttributesAndData() when you no longer need the attributes and data.
+ @result A result code. See "Security Error Codes" (SecBase.h). In addition, paramErr (-50) may be returned if not enough valid parameters are supplied.
+*/
+OSStatus SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData);
+
+/*!
+ @function SecKeychainItemFreeAttributesAndData
+ @abstract Releases the memory used by the keychain attribute list and the keychain data retrieved in a call to SecKeychainItemCopyAttributesAndData.
+ @param attrList A pointer to the attribute list to release.
+ @param data A pointer to the data buffer to release.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *data);
+
+/*!
+ @function SecKeychainItemDelete
+ @abstract Deletes a keychain item from the default keychain's permanent data store.
+ @param itemRef A keychain item reference of the item to delete.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion If itemRef has not previously been added to the keychain, SecKeychainItemDelete does nothing and returns noErr. IMPORTANT: SecKeychainItemDelete does not dispose the memory occupied by the item reference itself; use the CFRelease function when you are completely finished with an item.
+*/
+OSStatus SecKeychainItemDelete(SecKeychainItemRef itemRef);
+
+/*!
+ @function SecKeychainItemCopyKeychain
+ @abstract Copies an existing keychain reference from a keychain item.
+ @param itemRef A keychain item reference of the item to update.
+ @param keychainRef On return, a pointer to a keychain reference. Release this by calling CFRelease function.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef *keychainRef);
+
+/*!
+ @function SecKeychainItemCreateCopy
+ @abstract Copies a keychain item.
+ @param itemRef A reference to the keychain item to copy.
+ @param destKeychainRef A reference to the keychain in which to insert the copied keychain item.
+ @param initialAccess The initial access for the copied keychain item.
+ @param itemCopy On return, a pointer to a copy of the keychain item referenced by itemRef.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainItemCreateCopy(SecKeychainItemRef itemRef, SecKeychainRef destKeychainRef,
+ SecAccessRef initialAccess, SecKeychainItemRef *itemCopy);
+
+
+#pragma mark ÑÑÑÑ CSSM Bridge Functions ÑÑÑÑ
+/*!
+ @function SecKeychainItemGetDLDBHandle
+ @abstract Returns the CSSM_DL_DB_HANDLE for a given key reference.
+ @param keyItemRef A keychain item key reference. The key item must be of class type kSecAppleKeyItemClass.
+ @param dldbHandle keychainRef On return, a CSSM_DL_DB_HANDLE for the given key. The handle is valid until the keychain reference is released.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainItemGetDLDBHandle(SecKeychainItemRef keyItemRef, CSSM_DL_DB_HANDLE *dldbHandle);
+
+/*!
+ @function SecKeychainItemGetUniqueRecordID
+ @abstract Returns a CSSM_DB_UNIQUE_RECORD for the given keychain item reference.
+ @param itemRef A keychain item reference.
+ @param uniqueRecordID On return, a pointer to a CSSM_DB_UNIQUE_RECORD structure for the given item. The unique record is valid until the item reference is released.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainItemGetUniqueRecordID(SecKeychainItemRef itemRef, CSSM_DB_UNIQUE_RECORD *uniqueRecordID);
+
+#pragma mark ÑÑÑÑ Keychain Item Access Management ÑÑÑÑ
+/*!
+ @function SecKeychainItemCopyAccess
+ @abstract Copies the access of a given keychain item.
+ @param itemRef A reference to a keychain item.
+ @param access On return, a pointer to the keychain item's access.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainItemCopyAccess(SecKeychainItemRef itemRef, SecAccessRef *access);
+
+/*!
+ @function SecKeychainItemSetAccess
+ @abstract Sets the access of a given keychain item.
+ @param itemRef A reference to a keychain item.
+ @param access A reference to an access to replace the keychain item's current access.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainItemSetAccess(SecKeychainItemRef itemRef, SecAccessRef access);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECKEYCHAINITEM_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecKeychainSearch.h>
+
+#include "SecBridge.h"
+
+CFTypeID
+SecKeychainSearchGetTypeID(void)
+{
+ BEGIN_SECAPI
+
+ return gTypes().cursor.typeId;
+
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+OSStatus
+SecKeychainSearchCreateFromAttributes(CFTypeRef keychainOrArray, SecItemClass itemClass, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef)
+{
+ BEGIN_SECAPI
+
+ Required(searchRef); // Make sure that searchRef is an invalid SearchRef
+
+ StorageManager::KeychainList keychains;
+ globals().storageManager.optionalSearchList(keychainOrArray, keychains);
+ KCCursor cursor(keychains, itemClass, attrList);
+ *searchRef = gTypes().cursor.handle(*cursor);
+
+ END_SECAPI
+}
+
+
+OSStatus
+SecKeychainSearchCopyNext(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(itemRef);
+ Item item;
+ if (!gTypes().cursor.required(searchRef)->next(item))
+ return errSecItemNotFound;
+
+ *itemRef=gTypes().item.handle(*item);
+
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecKeychainSearch
+ The functions provided in SecKeychainSearch implement a query of one or more keychains to search for a particular SecKeychainItem.
+*/
+
+#ifndef _SECURITY_SECKEYCHAINSEARCH_H_
+#define _SECURITY_SECKEYCHAINSEARCH_H_
+
+#include <Security/SecKeychainItem.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @function SecKeychainSearchGetTypeID
+ @abstract Returns the type identifier of SecKeychainSearch instances.
+ @result The CFTypeID of SecKeychainSearch instances.
+*/
+CFTypeID SecKeychainSearchGetTypeID(void);
+
+/*!
+ @function SecKeychainSearchCreateFromAttributes
+ @abstract Creates a search reference matching a list of zero or more specified attributes in the specified keychain.
+ @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list.
+ @param itemClass The keychain item class.
+ @param attrList A pointer to a list of zero or more keychain attribute records to match. Pass NULL to match any keychain attribute.
+ @param searchRef On return, a pointer to the current search reference. You are responsible for calling the CFRelease function to release this reference when finished with it.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainSearchCreateFromAttributes(CFTypeRef keychainOrArray, SecItemClass itemClass, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef);
+
+/*!
+ @function SecKeychainSearchCopyNext
+ @abstract Finds the next keychain item matching the given search criteria.
+ @param searchRef A reference to the current search criteria. The search reference is created in the SecKeychainSearchCreateFromAttributes function and must be released by calling the CFRelease function when you are done with it.
+ @param itemRef On return, a pointer to a keychain item reference of the next matching keychain item, if any.
+ @result A result code. When there are no more items that match the parameters specified to SecPolicySearchCreate, errSecItemNotFound is returned. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecKeychainSearchCopyNext(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECKEYCHAINSEARCH_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecPolicy.h>
+#include "SecBridge.h"
+
+
+static inline Policy *Required(SecPolicyRef policyRef)
+{
+ return gTypes().policy.required(policyRef);
+}
+
+
+//
+// CF boilerplate
+//
+CFTypeID
+SecPolicyGetTypeID(void)
+{
+ BEGIN_SECAPI
+ return gTypes().policy.typeId;
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+//
+// Sec API bridge functions
+//
+OSStatus
+SecPolicyGetOID(SecPolicyRef policyRef, CSSM_OID* oid)
+{
+ BEGIN_SECAPI
+ Required(oid) = Required(policyRef)->oid();
+ END_SECAPI
+}
+
+
+OSStatus
+SecPolicyGetValue(SecPolicyRef policyRef, CSSM_DATA* value)
+{
+ BEGIN_SECAPI
+ Required(value) = Required(policyRef)->value();
+ END_SECAPI
+}
+
+
+OSStatus
+SecPolicyGetTPHandle(SecPolicyRef policyRef, CSSM_TP_HANDLE* tpHandle)
+{
+ BEGIN_SECAPI
+ Required(tpHandle) = Required(policyRef)->tp()->handle();
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecPolicy
+ The functions provided in SecPolicy implement a representation of a particular trust policy.
+*/
+
+#ifndef _SECURITY_SECPOLICY_H_
+#define _SECURITY_SECPOLICY_H_
+
+#include <Security/SecBase.h>
+#include <Security/cssmtype.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @function SecPolicyGetTypeID
+ @abstract Returns the type identifier of SecPolicy instances.
+ @result The CFTypeID of SecPolicy instances.
+*/
+CFTypeID SecPolicyGetTypeID(void);
+
+/*!
+ @function SecPolicyGetOID
+ @abstract Returns a policy's object identifier.
+ @param policyRef A policy reference.
+ @param oid On return, a pointer to the policy's object identifier.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecPolicyGetOID(SecPolicyRef policyRef, CSSM_OID *oid);
+
+/*!
+ @function SecPolicyGetValue
+ @abstract Returns a policy's value.
+ @param policyRef A policy reference.
+ @param value On return, a pointer to the policy's value.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecPolicyGetValue(SecPolicyRef policyRef, CSSM_DATA *value);
+
+/*!
+ @function SecPolicyGetTPHandle
+ @abstract Returns the CSSM trust policy handle for the given policy.
+ @param policyRef A policy reference.
+ @param tpHandle On return, a pointer to a value of type CSSM_TP_HANDLE.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecPolicyGetTPHandle(SecPolicyRef policyRef, CSSM_TP_HANDLE *tpHandle);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECPOLICY_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecPolicySearch.h>
+#include "SecBridge.h"
+
+
+//
+// CF Boilerplate
+CFTypeID
+SecPolicySearchGetTypeID(void)
+{
+ BEGIN_SECAPI
+
+ return gTypes().policyCursor.typeId;
+
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+OSStatus
+SecPolicySearchCreate(
+ CSSM_CERT_TYPE certType,
+ const CSSM_OID* oid,
+ const CSSM_DATA* value,
+ SecPolicySearchRef* searchRef)
+{
+ BEGIN_SECAPI
+ Required(searchRef); // preflight
+ RefPointer<PolicyCursor> cursor(new PolicyCursor(oid, value));
+ *searchRef = gTypes().policyCursor.handle(*cursor);
+ END_SECAPI
+}
+
+
+OSStatus
+SecPolicySearchCopyNext(
+ SecPolicySearchRef searchRef,
+ SecPolicyRef* policyRef)
+{
+ BEGIN_SECAPI
+
+ RequiredParam(policyRef);
+ RefPointer<Policy> policy;
+ if (!gTypes().policyCursor.required(searchRef)->next(policy))
+ return errSecPolicyNotFound;
+ *policyRef = gTypes().policy.handle(*policy);
+ END_SECAPI
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecPolicySearch
+ The functions provided in SecPolicySearch implement a query for SecPolicy objects.
+*/
+
+#ifndef _SECURITY_SECPOLICYSEARCH_H_
+#define _SECURITY_SECPOLICYSEARCH_H_
+
+#include <Security/SecBase.h>
+#include <Security/cssmtype.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @typedef SecPolicySearchRef
+ @abstract A reference to an opaque policy search structure.
+*/
+typedef struct OpaquePolicySearchRef *SecPolicySearchRef;
+
+/*!
+ @function SecPolicySearchGetTypeID
+ @abstract Returns the type identifier of SecPolicySearch instances.
+ @result The CFTypeID of SecPolicySearch instances.
+*/
+CFTypeID SecPolicySearchGetTypeID(void);
+
+/*!
+ @function SecPolicySearchCreate
+ @abstract Creates a search reference for finding a policy by specifying its object identifier.
+ @param certType The type of certificates a policy uses.
+ @param policyOID A pointer to a BER-encoded policy object identifier that uniquely specifies the policy.
+ @param value A pointer to an optional policy-defined value. The contents of this value depend on the policy object identifier defined.
+ @param searchRef On return, a pointer to a policy search reference. The policy search reference is used for subsequent calls to the SecCopyNextPolicy function to obtain the remaining trust policies. You are responsible for releasing the search reference by calling the CFRelease function when finished with it.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecPolicySearchCreate(CSSM_CERT_TYPE certType, const CSSM_OID *policyOID, const CSSM_DATA *value, SecPolicySearchRef *searchRef);
+
+/*!
+ @function SecPolicySearchCopyNext
+ @abstract Finds the next policy matching the given search criteria
+ @param searchRef A reference to the current policy search criteria. You create the policy search reference by a calling the SecPolicySearchCreate function. You are responsible for releasing the policy by calling the CFRelease function when finished with it.
+ @param policyRef On return, a pointer to a policy reference.
+ @result A result code. When there are no more policies that match the parameters specified to SecPolicySearchCreate, errSecPolicyNotFound is returned. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecPolicySearchCopyNext(SecPolicySearchRef searchRef, SecPolicyRef *policyRef);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECPOLICY_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// SecRuntime.cpp - CF runtime interface
+//
+
+#include <Security/SecRuntime.h>
+#include <Security/SecCFTypes.h>
+
+using namespace KeychainCore;
+
+//
+// SecCFObject
+//
+SecCFObject::~SecCFObject()
+{
+}
+
+bool
+SecCFObject::equal(SecCFObject &other)
+{
+ return this == &other;
+}
+
+CFHashCode
+SecCFObject::hash()
+{
+ return CFHashCode(this);
+}
+
+
+//
+// SecCFType
+//
+SecCFType::SecCFType(SecCFObject *obj) :
+ mObject(obj)
+{
+}
+
+SecCFType::~SecCFType()
+{
+ mObject = NULL;
+}
+
+//
+// CFClassBase
+//
+CFClassBase::CFClassBase(const char *name)
+{
+ // initialize the CFRuntimeClass structure
+ version = 0;
+ className = name;
+ init = NULL;
+ copy = NULL;
+ finalize = finalizeType;
+ equal = equalType;
+ hash = hashType;
+ copyFormattingDesc = NULL;
+ copyDebugDesc = NULL;
+
+ // register
+ typeId = _CFRuntimeRegisterClass(this);
+ assert(typeId != _kCFRuntimeNotATypeID);
+}
+
+void
+CFClassBase::finalizeType(CFTypeRef cf)
+{
+ const SecCFType *type = reinterpret_cast<const SecCFType *>(cf);
+ StLock<Mutex> _(gTypes().mapLock);
+ gTypes().map.erase(type->mObject.get());
+ type->~SecCFType();
+}
+
+Boolean
+CFClassBase::equalType(CFTypeRef cf1, CFTypeRef cf2)
+{
+ const SecCFType *t1 = reinterpret_cast<const SecCFType *>(cf1);
+ const SecCFType *t2 = reinterpret_cast<const SecCFType *>(cf2);
+ // CF checks for pointer equality and ensures type equality already
+ return t1->mObject->equal(*t2->mObject);
+}
+
+CFHashCode
+CFClassBase::hashType(CFTypeRef cf)
+{
+ return reinterpret_cast<const SecCFType *>(cf)->mObject->hash();
+}
+
+const SecCFType *
+CFClassBase::makeNew(SecCFObject *obj)
+{
+ void *p = const_cast<void *>(_CFRuntimeCreateInstance(NULL, typeId,
+ sizeof(SecCFType) - sizeof(CFRuntimeBase), NULL));
+ new (p) SecCFType(obj);
+ return reinterpret_cast<const SecCFType *>(p);
+}
+
+const SecCFType *
+CFClassBase::handle(SecCFObject *obj)
+{
+ SecCFTypes::Map &map = gTypes().map;
+ StLock<Mutex> _(gTypes().mapLock);
+ SecCFTypes::Map::const_iterator it = map.find(obj);
+ if (it == map.end())
+ {
+ const SecCFType *p = makeNew(obj);
+ map[obj] = p;
+ return p;
+ }
+ else
+ {
+ CFRetain(it->second);
+ return it->second;
+ }
+}
+
+SecCFObject *
+CFClassBase::required(const SecCFType *type, OSStatus errorCode)
+{
+ if (!type)
+ MacOSError::throwMe(errorCode);
+
+ return type->mObject.get();
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// SecRuntime.h - CF runtime interface
+//
+#ifndef _SECURITY_SECRUNTIME_H_
+#define _SECURITY_SECRUNTIME_H_
+
+#include <CoreFoundation/CFRuntime.h>
+#include <Security/refcount.h>
+
+
+namespace Security
+{
+
+namespace KeychainCore
+{
+
+class SecCFObject : public RefCount
+{
+public:
+ virtual ~SecCFObject();
+ virtual bool equal(SecCFObject &other);
+ virtual CFHashCode hash();
+};
+
+
+class SecCFType : public CFRuntimeBase
+{
+public:
+ SecCFType(SecCFObject *obj);
+ ~SecCFType();
+
+ RefPointer<SecCFObject> mObject;
+};
+
+
+class CFClassBase : protected CFRuntimeClass
+{
+protected:
+ CFClassBase(const char *name);
+
+ const SecCFType *makeNew(SecCFObject *obj);
+ const SecCFType *handle(SecCFObject *obj);
+ SecCFObject *required(const SecCFType *type, OSStatus errorCode);
+
+private:
+ static void finalizeType(CFTypeRef cf);
+ static Boolean equalType(CFTypeRef cf1, CFTypeRef cf2);
+ static CFHashCode hashType(CFTypeRef cf);
+
+public:
+ CFTypeID typeId;
+};
+
+
+template <class Object, class APITypePtr, OSStatus ErrorCode>
+class CFClass : public CFClassBase
+{
+public:
+ CFClass(const char *name) : CFClassBase(name) {}
+
+ APITypePtr handle(Object &obj)
+ {
+ return APITypePtr(CFClassBase::handle(&obj));
+ }
+
+ Object *required(APITypePtr type)
+ {
+ Object *object = dynamic_cast<Object *>(CFClassBase::required
+ (reinterpret_cast<const SecCFType *>(type), ErrorCode));
+ if (!object)
+ MacOSError::throwMe(ErrorCode);
+
+ return object;
+ }
+
+ // CF generator functions
+ APITypePtr operator () (Object *obj)
+ { return handle(*obj); }
+
+ APITypePtr operator () (const RefPointer<Object> &obj)
+ { return handle(*obj); }
+
+ Object * operator () (APITypePtr ref)
+ { return required(ref); }
+};
+
+
+} // end namespace KeychainCore
+
+} // end namespace Security
+
+
+#endif // !_SECURITY_SECRUNTIME_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecTrust.h>
+#include <Security/Trust.h>
+
+#include "SecBridge.h"
+
+
+static inline Trust *Required(SecTrustRef trustRef)
+{
+ return gTypes().trust.required(trustRef);
+}
+
+
+//
+// CF boilerplate
+//
+CFTypeID SecTrustGetTypeID(void)
+{
+ BEGIN_SECAPI
+
+ return gTypes().trust.typeId;
+
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+//
+// Sec* API bridge functions
+//
+OSStatus SecTrustCreateWithCertificates(
+ CFArrayRef certificates,
+ CFTypeRef policies,
+ SecTrustRef *trustRef)
+{
+ BEGIN_SECAPI
+ Required(trustRef); // preflight
+ RefPointer<Trust> trust(new Trust(certificates, policies));
+ *trustRef = gTypes().trust.handle(*trust);
+ END_SECAPI
+}
+
+
+OSStatus SecTrustSetParameters(
+ SecTrustRef trustRef,
+ CSSM_TP_ACTION action,
+ CFDataRef actionData)
+{
+ BEGIN_SECAPI
+ Trust *trust = gTypes().trust.required(trustRef);
+ trust->action(action);
+ trust->actionData(actionData);
+ END_SECAPI
+}
+
+
+OSStatus SecTrustSetAnchorCertificates(SecTrustRef trust, CFArrayRef anchorCertificates)
+{
+ BEGIN_SECAPI
+ Required(trust)->anchors(anchorCertificates);
+ END_SECAPI
+}
+
+
+OSStatus SecTrustSetKeychains(SecTrustRef trust, CFTypeRef keychainOrArray)
+{
+ BEGIN_SECAPI
+ StorageManager::KeychainList keychains;
+ globals().storageManager.optionalSearchList(keychainOrArray, keychains);
+ Required(trust)->searchLibs() = keychains;
+ END_SECAPI
+}
+
+
+OSStatus SecTrustSetVerifyDate(SecTrustRef trust, CFDateRef verifyDate)
+{
+ BEGIN_SECAPI
+ Required(trust)->time(verifyDate);
+ END_SECAPI
+}
+
+
+OSStatus SecTrustEvaluate(SecTrustRef trustRef, SecTrustResultType *resultP)
+{
+ BEGIN_SECAPI
+ Trust *trust = Required(trustRef);
+ trust->evaluate();
+ if (resultP)
+ *resultP = trust->result();
+ END_SECAPI
+}
+
+
+//
+// Construct the "official" result evidence and return it
+//
+OSStatus SecTrustGetResult(
+ SecTrustRef trustRef,
+ SecTrustResultType *result,
+ CFArrayRef *certChain, CSSM_TP_APPLE_EVIDENCE_INFO **statusChain)
+{
+ BEGIN_SECAPI
+ Trust *trust = Required(trustRef);
+ if (result)
+ *result = trust->result();
+ if (certChain && statusChain)
+ trust->buildEvidence(*certChain, TPEvidenceInfo::overlayVar(*statusChain));
+ END_SECAPI
+}
+
+
+//
+// Retrieve CSSM-level information for those who want to dig down
+//
+OSStatus SecTrustGetCssmResult(SecTrustRef trust, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR *result)
+{
+ BEGIN_SECAPI
+ Required(result) = Required(trust)->cssmResult();
+ END_SECAPI
+}
+
+OSStatus SecTrustGetTPHandle(SecTrustRef trust, CSSM_TP_HANDLE *handle)
+{
+ BEGIN_SECAPI
+ Required(handle) = Required(trust)->getTPHandle();
+ END_SECAPI
+}
+
+
+//
+// Get the user's default anchor certificate set
+//
+OSStatus SecTrustCopyAnchorCertificates(CFArrayRef* anchorCertificates)
+{
+ BEGIN_SECAPI
+ Required(anchorCertificates) = Trust::gStore().copyRootCertificates();
+ END_SECAPI
+}
+
+OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors,
+ uint32 *cssmAnchorCount)
+{
+ BEGIN_SECAPI
+ CertGroup certs;
+ Trust::gStore().getCssmRootCertificates(certs);
+ Required(cssmAnchors) = certs.blobCerts();
+ Required(cssmAnchorCount) = certs.count();
+ END_SECAPI
+}
+
+
+//
+// Get and set user trust settings
+//
+OSStatus SecTrustGetUserTrust(SecCertificateRef certificate,
+ SecPolicyRef policy, SecTrustUserSetting *trustSetting)
+{
+ BEGIN_SECAPI
+ Required(trustSetting) = Trust::gStore().find(
+ gTypes().certificate.required(certificate),
+ gTypes().policy.required(policy));
+ END_SECAPI
+}
+
+OSStatus SecTrustSetUserTrust(SecCertificateRef certificate,
+ SecPolicyRef policy, SecTrustUserSetting trustSetting)
+{
+ BEGIN_SECAPI
+ switch (trustSetting) {
+ case kSecTrustResultProceed:
+ case kSecTrustResultConfirm:
+ case kSecTrustResultDeny:
+ case kSecTrustResultUnspecified:
+ break;
+ default:
+ MacOSError::throwMe(errSecInvalidTrustSetting);
+ }
+ Trust::gStore().assign(
+ gTypes().certificate.required(certificate),
+ gTypes().policy.required(policy),
+ trustSetting);
+ END_SECAPI
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecTrust
+ The functions and data types in SecTrust implement trust computation and allows the user to apply trust decisions to the trust configuration.
+*/
+
+#ifndef _SECURITY_SECTRUST_H_
+#define _SECURITY_SECTRUST_H_
+
+#include <Security/SecBase.h>
+#include <Security/cssmtype.h>
+#include <Security/cssmapple.h>
+#include <CoreFoundation/CoreFoundation.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @typedef SecTrustResultType
+ @abstract Specifies the trust result type.
+ @constant kSecTrustResultInvalid Indicates an invalid setting or result.
+ @constant kSecTrustResultProceed Indicates you may proceed. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings.
+ @constant kSecTrustResultConfirm Indicates confirmation with the user is required before proceeding. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings.
+ @constant kSecTrustResultDeny Indicates a user-configured deny; do not proceed. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings.
+ @constant kSecTrustResultUnspecified Indicates user intent is unknown. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings.
+ @constant kSecTrustResultRecoverableTrustFailure Indicates a trust framework failure; retry after fixing inputs. This value may be returned by the SecTrustEvaluate function but not stored as part of the user trust settings.
+ @constant kSecTrustResultFatalTrustFailure Indicates a trust framework failure; no "easy" fix. This value may be returned by the SecTrustEvaluate function but not stored as part of the user trust settings.
+ @constant kSecTrustResultOtherError Indicates a failure other than that of trust evaluation. This value may be returned by the SecTrustEvaluate function but not stored as part of the user trust settings.
+ */
+typedef enum {
+ kSecTrustResultInvalid,
+ kSecTrustResultProceed,
+ kSecTrustResultConfirm,
+ kSecTrustResultDeny,
+ kSecTrustResultUnspecified,
+ kSecTrustResultRecoverableTrustFailure,
+ kSecTrustResultFatalTrustFailure,
+ kSecTrustResultOtherError
+} SecTrustResultType;
+
+/*!
+ @typedef SecTrustUserSetting
+ @abstract Specifies user-specified trust settings.
+*/
+typedef SecTrustResultType SecTrustUserSetting;
+
+/*!
+ @typedef SecTrustRef
+ @abstract A pointer to an opaque trust management structure.
+*/
+typedef struct OpaqueSecTrustRef *SecTrustRef;
+
+/*!
+ @function SecTrustGetTypeID
+ @abstract Returns the type identifier of SecTrust instances.
+ @result The CFTypeID of SecTrust instances.
+*/
+CFTypeID SecTrustGetTypeID(void);
+
+/*!
+ @function SecTrustCreateWithCertificates
+ @abstract Creates a trust based on the given certificates and policies.
+ @param certificates The group of certificates to verify.
+ @param policies An array of one or more policies.
+ @param trustRef On return, a pointer to the trust management reference.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustCreateWithCertificates(CFArrayRef certificates, CFTypeRef policies, SecTrustRef *trustRef);
+
+/*!
+ @function SecTrustSetParameters
+ @abstract Sets the action and action data for a trust.
+ @param trustRef The reference to the trust to change.
+ @param action A CSSM trust action.
+ @param actionData A reference to action data.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ */
+OSStatus SecTrustSetParameters(SecTrustRef trustRef, CSSM_TP_ACTION action, CFDataRef actionData);
+
+/*!
+ @function SecTrustSetAnchorCertificates
+ @abstract Sets the anchor certificates for a given trust.
+ @param trust A reference to a trust.
+ @param anchorCertificates An array of anchor certificates.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustSetAnchorCertificates(SecTrustRef trust, CFArrayRef anchorCertificates);
+
+/*!
+ @function SecTrustSetKeychains
+ @abstract Sets the keychains for a given trust.
+ @param trust A reference to a trust.
+ @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustSetKeychains(SecTrustRef trust, CFTypeRef keychainOrArray);
+
+/*!
+ @function SecTrustSetVerifyDate
+ @abstract Verifies the date of a given trust.
+ @param trust A reference to the trust to verify.
+ @param verifyDate The date to verify.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustSetVerifyDate(SecTrustRef trust, CFDateRef verifyDate);
+
+/*!
+ @function SecTrustEvaluate
+ @abstract Evaluates a trust.
+ @param trust A reference to the trust to evaluate.
+ @param result A pointer to a result type.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustEvaluate(SecTrustRef trust, SecTrustResultType *result);
+
+/*!
+ @function SecTrustGetResult
+ @abstract Returns detail information on the outcome of a call to SecTrustEvaluate.
+ @param trustRef A reference to a trust.
+ @param result A pointer to the result from the call to SecTrustEvaluate.
+ @param certChain On return, a pointer to the certificate chain used to validate the input certificate.
+ @param statusChain On return, a pointer to the status of the certificate chain. Do not attempt to free this pointer; it remains valid until the trust is destroyed or the next call to SecTrustEvaluate.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustGetResult(SecTrustRef trustRef, SecTrustResultType *result, CFArrayRef *certChain, CSSM_TP_APPLE_EVIDENCE_INFO **statusChain);
+
+/*!
+ @function SecTrustGetCssmResult
+ @abstract Gets the CSSM trust result.
+ @param trust A reference to a trust.
+ @param result On return, a pointer to the CSSM trust result.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustGetCssmResult(SecTrustRef trust, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR *result);
+
+/*!
+ @function SecTrustGetTPHandle
+ @abstract Gets the CSSM trust handle
+ @param trust A reference to a trust.
+ @param handle On return, a pointer to a CSSM trust handle.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustGetTPHandle(SecTrustRef trust, CSSM_TP_HANDLE *handle);
+
+/*!
+ @function SecTrustCopyAnchorCertificates
+ @abstract Returns the anchor (root) certificates.
+ @param anchors On return, a pointer to the anchors (roots). This may be used with the function SecCertificateGroupVerify. Call the CFRelease function to release this pointer.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustCopyAnchorCertificates(CFArrayRef* anchors);
+
+/*!
+ @function SecTrustGetCSSMAnchorCertificates
+ @abstract Retrieves the CSSM anchor certificates.
+ @param cssmAnchors A pointer to an array of anchor certificates.
+ @param cssmAnchorCount A pointer to the number of certificates in anchors.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors, uint32 *cssmAnchorCount);
+
+/*!
+ @function SecTrustGetUserTrust
+ @abstract Gets the user-specified trust settings of a certificate and policy.
+ @param certificate A reference to a certificate.
+ @param policy A reference to a policy.
+ @param trustSetting On return, a pointer to the user specified trust settings.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustGetUserTrust(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting *trustSetting);
+
+/*!
+ @function SecTrustSetUserTrust
+ @abstract Sets the user-specified trust settings of a certificate and policy.
+ @param certificate A reference to a certificate.
+ @param policy A reference to a policy.
+ @param trustSetting The user-specified trust settings.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustSetUserTrust(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting trustSetting);
+
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECTRUST_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/SecTrustedApplication.h>
+
+#include "SecBridge.h"
+
+
+CFTypeID
+SecTrustedApplicationGetTypeID(void)
+{
+ BEGIN_SECAPI
+
+ return gTypes().trustedApplication.typeId;
+
+ END_SECAPI1(_kCFRuntimeNotATypeID)
+}
+
+
+OSStatus
+SecTrustedApplicationCreateFromPath(const char *path, SecTrustedApplicationRef *appRef)
+{
+ BEGIN_SECAPI
+ RefPointer<TrustedApplication> app =
+ path ? new TrustedApplication(path) : new TrustedApplication;
+ Required(appRef) = gTypes().trustedApplication.handle(*app);
+ END_SECAPI
+}
+
+/*!
+ */
+OSStatus SecTrustedApplicationCopyData(SecTrustedApplicationRef appRef,
+ CFDataRef *dataRef)
+{
+ BEGIN_SECAPI
+ const CssmData &data = gTypes().trustedApplication.required(appRef)->data();
+ Required(dataRef) = CFDataCreate(NULL, (const UInt8 *)data.data(), data.length());
+ END_SECAPI
+}
+
+OSStatus SecTrustedApplicationSetData(SecTrustedApplicationRef appRef,
+ CFDataRef dataRef)
+{
+ BEGIN_SECAPI
+ gTypes().trustedApplication.required(appRef)->data(cfData(dataRef));
+ END_SECAPI
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*!
+ @header SecTrustedApplication
+ The functions provided in SecTrustedApplication implement an object representing an application in a
+ SecAccess object.
+*/
+
+#ifndef _SECURITY_SECTRUSTEDAPPLICATION_H_
+#define _SECURITY_SECTRUSTEDAPPLICATION_H_
+
+#include <Security/SecBase.h>
+#include <CoreFoundation/CoreFoundation.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @function SecTrustedApplicationGetTypeID
+ @abstract Returns the type identifier of SecTrustedApplication instances.
+ @result The CFTypeID of SecTrustedApplication instances.
+*/
+CFTypeID SecTrustedApplicationGetTypeID(void);
+
+/*!
+ @function SecTrustedApplicationCreateFromPath
+ @abstract Creates a trusted application reference based on the trusted application specified by path.
+ @param path The path to the application or tool to trust. For application bundles, use the
+ path to the bundle directory. Pass NULL to refer to yourself, i.e. the application or tool
+ making this call.
+ @param app On return, a pointer to the trusted application reference.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustedApplicationCreateFromPath(const char *path, SecTrustedApplicationRef *app);
+
+/*!
+ @function SecTrustedApplicationCopyData
+ @abstract Retrieves the data of a given trusted application reference
+ @param appRef A trusted application reference to retrieve data from
+ @param data On return, a pointer to a data reference of the trusted application.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustedApplicationCopyData(SecTrustedApplicationRef appRef, CFDataRef *data);
+
+/*!
+ @function SecTrustedApplicationSetData
+ @abstract Sets the data of a given trusted application reference
+ @param appRef A trusted application reference.
+ @param data A reference to the data to set in the trusted application.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+*/
+OSStatus SecTrustedApplicationSetData(SecTrustedApplicationRef appRef, CFDataRef data);
+
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECTRUSTEDAPPLICATION_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+#include <Security/cssmconfig.h>
+#include <Security/cssmapple.h>
+#include <Security/certextensions.h>
+#include <Security/cssm.h>
+#include <Security/cssmaci.h>
+#include <Security/cssmapi.h>
+#include <Security/cssmcli.h>
+#include <Security/cssmcspi.h>
+#include <Security/cssmdli.h>
+#include <Security/cssmerr.h>
+#include <Security/cssmkrapi.h>
+#include <Security/cssmkrspi.h>
+#include <Security/cssmspi.h>
+#include <Security/cssmtpi.h>
+#include <Security/cssmtype.h>
+#include <Security/emmspi.h>
+#include <Security/emmtype.h>
+#include <Security/mds.h>
+#include <Security/mds_schema.h>
+#include <Security/oidsalg.h>
+#include <Security/oidsattr.h>
+#include <Security/oidsbase.h>
+#include <Security/oidscert.h>
+#include <Security/oidscrl.h>
+#include <Security/x509defs.h>
+
+#include <Security/SecBase.h>
+#include <Security/SecAccess.h>
+#include <Security/SecCertificate.h>
+#include <Security/SecIdentity.h>
+#include <Security/SecIdentitySearch.h>
+#include <Security/SecKey.h>
+#include <Security/SecKeychain.h>
+#include <Security/SecKeychainItem.h>
+#include <Security/SecKeychainSearch.h>
+#include <Security/SecPolicy.h>
+#include <Security/SecPolicySearch.h>
+#include <Security/SecTrust.h>
+#include <Security/SecTrustedApplication.h>
+
+#include <Security/Authorization.h>
+#include <Security/AuthorizationTags.h>
+
+#include <Security/CipherSuite.h>
+#include <Security/SecureTransport.h>
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
Contains: Working with multiple keychains
- Copyright: 2000 by Apple Computer, Inc., all rights reserved.
-
- To Do:
*/
#include "StorageManager.h"
#include <Security/AuthorizationTags.h>
#include <Security/AuthSession.h>
#include <Security/debugging.h>
+#include <Security/SecCFTypes.h>
#include "KCCursor.h"
#include "Globals.h"
StorageManager::StorageManager() :
mSavedList(),
mKeychains(),
- mMultiDLDb(mSavedList.list(), true) // Passinng true enables use of Secure Storage
+ mSearchList()
{
+ _doReload();
}
// Create KC if it doesn't exist
Keychain
StorageManager::keychain(const DLDbIdentifier &dLDbIdentifier)
{
- //StLock<Mutex> _(mKeychainsLock);
+ StLock<Mutex> _(mLock);
+ return _keychain(dLDbIdentifier);
+}
+
+Keychain
+StorageManager::_keychain(const DLDbIdentifier &dLDbIdentifier)
+{
KeychainMap::iterator it = mKeychains.find(dLDbIdentifier);
if (it != mKeychains.end())
return it->second;
// The keychain is not in our cache. Create it.
- Keychain keychain(mMultiDLDb->database(dLDbIdentifier));
+ Module module(dLDbIdentifier.ssuid().guid());
+ DL dl;
+ if (dLDbIdentifier.ssuid().subserviceType() & CSSM_SERVICE_CSP)
+ dl = SSCSPDL(module);
+ else
+ dl = DL(module);
+
+ dl->subserviceId(dLDbIdentifier.ssuid().subserviceId());
+ dl->version(dLDbIdentifier.ssuid().version());
+ Db db(dl, dLDbIdentifier.dbName());
+ Keychain keychain(db);
// Add the keychain to the cache.
mKeychains.insert(KeychainMap::value_type(dLDbIdentifier, keychain));
return keychain;
}
-// Create KC if it doesn't exist
+// Create KC if it doesn't exist, add it to the search list if it exists and is not already on it.
Keychain
StorageManager::makeKeychain(const DLDbIdentifier &dLDbIdentifier)
{
Keychain keychain(keychain(dLDbIdentifier));
- const vector<DLDbIdentifier> &list = mMultiDLDb->list();
- if (find(list.begin(), list.end(), dLDbIdentifier) != list.end())
{
- // The dLDbIdentifier for this keychain is already on our search list.
- return keychain;
+ StLock<Mutex> _(mLock);
+ if (find(mSearchList.begin(), mSearchList.end(), keychain) != mSearchList.end())
+ {
+ // This keychain is already on our search list.
+ return keychain;
+ }
+
+ // If the keychain doesn't exist don't bother adding it to the search list yet.
+ if (!keychain->exists())
+ return keychain;
+
+ // The keychain exists and is not in our search list add it to the search
+ // list and the cache. Then inform mMultiDLDb.
+ mSavedList.revert(true);
+ mSavedList.add(dLDbIdentifier);
+ mSavedList.save();
+
+ // @@@ Will happen again when kSecKeychainListChangedEvent notification is received.
+ _doReload();
}
- // If the keychain doesn't exist don't bother adding it to the search list yet.
- if (!keychain->exists())
- return keychain;
-
- // The keychain exists and is not in our search list add it to the search
- // list and the cache. Then inform mMultiDLDb.
- mSavedList.revert(true);
- mSavedList.add(dLDbIdentifier);
- mSavedList.save();
-
- // @@@ Will happen again when kSecKeychainListChangedEvent notification is received.
- mMultiDLDb->list(mSavedList.list());
-
+ // Make sure we are not holding mLock when we post this event.
KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent);
return keychain;
StorageManager::created(const Keychain &keychain) // Be notified a Keychain just got created.
{
DLDbIdentifier dLDbIdentifier = keychain->dLDbIdentifier();
-
- // If we don't have a default Keychain yet. Make the newly created keychain the default.
- DefaultKeychain &defaultKeychain = globals().defaultKeychain;
- if (!defaultKeychain.isSet())
- defaultKeychain.dLDbIdentifier(dLDbIdentifier);
- // Add the keychain to the search list and the cache. Then inform mMultiDLDb.
- mSavedList.revert(true);
- mSavedList.add(dLDbIdentifier);
- mSavedList.save();
+ {
+ StLock<Mutex> _(mLock);
- // @@@ Will happen again when kSecKeychainListChangedEvent notification is received.
- mMultiDLDb->list(mSavedList.list());
+ // If we don't have a default Keychain yet. Make the newly created keychain the default.
+ DefaultKeychain &defaultKeychain = globals().defaultKeychain;
+ if (!defaultKeychain.isSet())
+ defaultKeychain.dLDbIdentifier(dLDbIdentifier);
+
+ // Add the keychain to the search list and the cache. Then inform mMultiDLDb.
+ mSavedList.revert(true);
+ mSavedList.add(dLDbIdentifier);
+ mSavedList.save();
+
+ // @@@ Will happen again when kSecKeychainListChangedEvent notification is received.
+ _doReload();
+ }
+ // Make sure we are not holding mLock when we post this event.
KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent);
}
-
KCCursor
StorageManager::createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList)
{
- return KCCursor(DbCursor(mMultiDLDb), itemClass, attrList);
+ StLock<Mutex> _(mLock);
+ return KCCursor(mSearchList, itemClass, attrList);
}
KCCursor
StorageManager::createCursor(const SecKeychainAttributeList *attrList)
{
- return KCCursor(DbCursor(mMultiDLDb), attrList);
+ StLock<Mutex> _(mLock);
+ return KCCursor(mSearchList, attrList);
}
void
StorageManager::lockAll()
{
- for (KeychainMap::iterator ix = mKeychains.begin(); ix != mKeychains.end(); ix++)
+ // Make a snapshot of all known keychains while holding mLock.
+ KeychainList keychainList;
{
- Keychain keychain(ix->second);
+ StLock<Mutex> _(mLock);
+ for (KeychainMap::iterator ix = mKeychains.begin(); ix != mKeychains.end(); ix++)
+ keychainList.push_back(ix->second);
+ }
+
+ // Lock each active keychain after having released mLock since locking keychains
+ // will send notifications.
+ for (KeychainList::iterator ix = keychainList.begin(); ix != keychainList.end(); ++ix)
+ {
+ Keychain keychain = *ix;
if (keychain->isActive())
keychain->lock();
}
}
+void
+StorageManager::_doReload()
+{
+ KeychainList newList;
+ newList.reserve(mSavedList.size());
+ for (CssmClient::DLDbList::iterator ix = mSavedList.begin(); ix != mSavedList.end(); ++ix)
+ {
+ Keychain keychain(_keychain(*ix));
+ newList.push_back(keychain);
+ }
+ mSearchList.swap(newList);
+}
+
void
StorageManager::reload(bool force)
+{
+ StLock<Mutex> _(mLock);
+ _reload(force);
+}
+
+void
+StorageManager::_reload(bool force)
{
// Reinitialize list from CFPrefs if changed. When force is true force a prefs revert now.
if (mSavedList.revert(force))
- mMultiDLDb->list(mSavedList.list());
+ _doReload();
}
size_t
StorageManager::size()
{
- reload();
- return mMultiDLDb->list().size();
+ StLock<Mutex> _(mLock);
+ _reload();
+ return mSearchList.size();
}
Keychain
StorageManager::at(unsigned int ix)
{
- reload();
- if (ix >= mMultiDLDb->list().size())
+ StLock<Mutex> _(mLock);
+ _reload();
+ if (ix >= mSearchList.size())
MacOSError::throwMe(errSecInvalidKeychain);
- return keychain(mMultiDLDb->list().at(ix));
+ return mSearchList.at(ix);
}
Keychain
return at(ix);
}
-void StorageManager::remove(const list<SecKeychainRef>& kcsToRemove)
+void StorageManager::remove(const KeychainList &kcsToRemove, bool deleteDb)
{
- //StLock<Mutex> _(mKeychainsLock);
- mSavedList.revert(true);
- DLDbIdentifier defaultId = globals().defaultKeychain.dLDbIdentifier();
- bool unsetDefault=false;
- for (list<SecKeychainRef>::const_iterator ix = kcsToRemove.begin();ix!=kcsToRemove.end();ix++)
+ bool unsetDefault = false;
{
- // Find the keychain object for the given ref
- Keychain keychainToRemove;
- try
- {
- keychainToRemove = KeychainRef::required(*ix);
- }
- catch (const MacOSError& err)
+ StLock<Mutex> _(mLock);
+ mSavedList.revert(true);
+ DLDbIdentifier defaultId = globals().defaultKeychain.dLDbIdentifier();
+ for (KeychainList::const_iterator ix = kcsToRemove.begin(); ix != kcsToRemove.end(); ++ix)
{
- if (err.osStatus() == errSecInvalidKeychain)
- continue;
- throw;
+ // Find the keychain object for the given ref
+ Keychain keychainToRemove = *ix;
+ DLDbIdentifier dLDbIdentifier = keychainToRemove->dLDbIdentifier();
+
+ // Remove it from the saved list
+ mSavedList.remove(dLDbIdentifier);
+ if (dLDbIdentifier == defaultId)
+ unsetDefault=true;
+
+ if (deleteDb)
+ {
+ keychainToRemove->database()->deleteDb();
+ // Now remove it from the map
+ KeychainMap::iterator it = mKeychains.find(dLDbIdentifier);
+ if (it == mKeychains.end())
+ continue;
+ mKeychains.erase(it);
+ }
}
-
- // Remove it from the saved list
- mSavedList.remove(keychainToRemove->dLDbIdentifier());
- if (keychainToRemove->dLDbIdentifier() == defaultId)
- unsetDefault=true;
- // Now remove it from the map
- KeychainMap::iterator it = mKeychains.find(keychainToRemove->dLDbIdentifier());
- if (it==mKeychains.end())
- continue;
- mKeychains.erase(it);
+ mSavedList.save();
+ _doReload();
}
- mSavedList.save();
- mMultiDLDb->list(mSavedList.list());
+
+ // Make sure we are not holding mLock when we post this event.
KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent);
+
if (unsetDefault)
+ {
+ // Make sure we are not holding mLock when we call this since it posts an event.
globals().defaultKeychain.unset();
+ }
+}
+
+void
+StorageManager::getSearchList(KeychainList &keychainList)
+{
+ // Make a copy of the searchList
+ StLock<Mutex> _(mLock);
+ StorageManager::KeychainList searchList(mSearchList);
+
+ // Return the copy of the list.
+ keychainList.swap(searchList);
}
-void StorageManager::replace(const list<SecKeychainRef>& newKCList)
+void
+StorageManager::setSearchList(const KeychainList &keychainList)
{
- // replace keychains list with new list
- CssmClient::DLDbList dldbList;
- convert(newKCList,dldbList);
+ // Make a copy of the passed in searchList
+ StorageManager::KeychainList keychains(keychainList);
+
+ // Set the current searchlist to be what was passed in, the old list will be freed
+ // upon exit of this stackframe.
+ StLock<Mutex> _(mLock);
+ mSearchList.swap(keychains);
}
-void StorageManager::convert(const list<SecKeychainRef>& SecKeychainRefList,CssmClient::DLDbList& dldbList)
+void
+StorageManager::optionalSearchList(CFTypeRef keychainOrArray, KeychainList &keychainList)
{
- // Convert a list of SecKeychainRefs to a DLDbList
- dldbList.clear(); // If we don't clear list, we should use "add" instead of push_back
- for (list<SecKeychainRef>::const_iterator ix = SecKeychainRefList.begin();ix!=SecKeychainRefList.end();ix++)
+ if (!keychainOrArray)
+ getSearchList(keychainList);
+ else
{
- // Find the keychain object for the given ref
- Keychain keychain;
- try
- {
- keychain = KeychainRef::required(*ix);
- }
- catch (const MacOSError& err)
- {
- if (err.osStatus() == errSecInvalidKeychain)
- continue;
- throw;
- }
-
- // Add it to the list
- dldbList.push_back(keychain->dLDbIdentifier());
+ CFTypeID typeID = CFGetTypeID(keychainOrArray);
+ if (typeID == CFArrayGetTypeID())
+ convertToKeychainList(CFArrayRef(keychainOrArray), keychainList);
+ else if (typeID == gTypes().keychain.typeId)
+ keychainList.push_back(gTypes().keychain.required(SecKeychainRef(keychainOrArray)));
+ else
+ MacOSError::throwMe(paramErr);
+ }
+}
+
+// static methods.
+void
+StorageManager::convertToKeychainList(CFArrayRef keychainArray, KeychainList &keychainList)
+{
+ assert(keychainArray);
+ CFIndex count = CFArrayGetCount(keychainArray);
+ KeychainList keychains(count);
+ CFClass<KeychainImpl, SecKeychainRef, errSecInvalidKeychain> &kcClass = gTypes().keychain;
+ for (CFIndex ix = 0; ix < count; ++ix)
+ {
+ keychains[ix] = kcClass.required(SecKeychainRef(CFArrayGetValueAtIndex(keychainArray, ix)));
+ }
+
+ keychainList.swap(keychains);
+}
+
+CFArrayRef
+StorageManager::convertFromKeychainList(const KeychainList &keychainList)
+{
+ CFRef<CFMutableArrayRef> keychainArray(CFArrayCreateMutable(NULL, keychainList.size(), &kCFTypeArrayCallBacks));
+
+ CFClass<KeychainImpl, SecKeychainRef, errSecInvalidKeychain> &kcClass = gTypes().keychain;
+ for (KeychainList::const_iterator ix = keychainList.begin(); ix != keychainList.end(); ++ix)
+ {
+ SecKeychainRef keychainRef = kcClass.handle(**ix);
+ CFArrayAppendValue(keychainArray, keychainRef);
+ CFRelease(keychainRef);
}
+
+ // Counter the CFRelease that CFRef<> is about to do when keychainArray goes out of scope.
+ CFRetain(keychainArray);
+ return keychainArray;
}
+
#pragma mark ÑÑÑÑ Login Functions ÑÑÑÑ
void StorageManager::login(ConstStringPtr name, ConstStringPtr password)
{
// @@@ set up the login session on behalf of loginwindow
// @@@ (this code should migrate into loginwindow)
+#if 0
debug("KClogin", "setting up login session");
if (OSStatus ssnErr = SessionCreate(sessionKeepCurrentBootstrap,
sessionHasGraphicAccess | sessionHasTTY))
- debug("KClogin", "session setup failed status=%ld", ssnErr);
+ debug("KClogin", "session setup failed status=%ld", ssnErr);
+#endif
if (name == NULL || (passwordLength != 0 && password == NULL))
MacOSError::throwMe(paramErr);
// Login Keychain does not lock on sleep nor lock after timeout by default.
keychain->setSettings(INT_MAX, false);
}
-
+#if 0
// @@@ Create a authorization credential for the current user.
debug("KClogin", "creating login authorization");
const AuthorizationItem envList[] =
if (OSStatus authErr = AuthorizationCreate(NULL, &environment,
kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize, NULL))
debug("KClogin", "failed to create login auth, status=%ld", authErr);
+#endif
}
void StorageManager::logout()
const CSSM_VERSION *version = NULL;
uint32 subserviceId = 0;
CSSM_SERVICE_TYPE subserviceType = CSSM_SERVICE_DL | CSSM_SERVICE_CSP;
- const CssmSubserviceUid ssuid( gGuidAppleCSPDL, version,
- subserviceId, subserviceType );
- DLDbIdentifier dLDbIdentifier( ssuid, fullPathName.c_str(), DbLocation );
- return makeKeychain( dLDbIdentifier );
+ const CssmSubserviceUid ssuid(gGuidAppleCSPDL, version,
+ subserviceId, subserviceType);
+ DLDbIdentifier dLDbIdentifier(ssuid, fullPathName.c_str(), DbLocation);
+ return makeKeychain(dLDbIdentifier);
}
KeychainSchema
StorageManager::keychainSchemaFor(const CssmClient::Db &db)
{
+ // @@@ Locking
KeychainSchema schema(db);
pair<KeychainSchemaSet::iterator, bool> result = mKeychainSchemaSet.insert(db);
if (result.second)
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
*/
-/*
- File: StorageManager.h
-
- Contains: Working with multiple keychains
-
- Copyright: 2000 by Apple Computer, Inc., all rights reserved.
-
- To Do:
-*/
-
-#ifndef _H_STORAGEMANAGER_
-#define _H_STORAGEMANAGER_
+//
+// StorageManager.h -- Working with multiple keychains
+//
+#ifndef _SECURITY_STORAGEMANAGER_H_
+#define _SECURITY_STORAGEMANAGER_H_
#include <list>
#include <Security/multidldb.h>
{
NOCOPY(StorageManager)
public:
+ typedef vector<Keychain> KeychainList;
+
StorageManager();
~StorageManager() {}
// Misc
void lockAll();
- void reload(bool force = false);
void add(const Keychain& keychainToAdd); // Only add if not there yet. Doesn't write out CFPref
Keychain at(unsigned int ix);
Keychain operator[](unsigned int ix);
- void erase(const Keychain& keychainToRemove);
-
KCCursor createCursor(const SecKeychainAttributeList *attrList);
KCCursor createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList);
- // Create KC if it doesn't exist, add to cache, but don't modify search list.
- Keychain keychain(const DLDbIdentifier &dlDbIdentifier);
+ // Create KC if it doesn't exist, add to cache, but don't modify search list.
+ Keychain keychain(const DLDbIdentifier &dLDbIdentifier);
- // Create KC if it doesn't exist, add it to the search list if it is not already on it.
- Keychain makeKeychain(const DLDbIdentifier &dlDbIdentifier);
+ // Same as keychain(const DLDbIdentifier &) but assumes mLock is already held.
+ Keychain _keychain(const DLDbIdentifier &dLDbIdentifier);
+
+ // Create KC if it doesn't exist, add it to the search list if it exists and is not already on it.
+ Keychain makeKeychain(const DLDbIdentifier &dLDbIdentifier);
// Keychain list maintenance
- void remove(const list<SecKeychainRef>& kcsToRemove); // remove keychains from list
- void replace(const list<SecKeychainRef>& newKCList); // replace keychains list with new list
- void convert(const list<SecKeychainRef>& SecKeychainRefList,CssmClient::DLDbList& dldbList); // maybe should be private
+
+ // remove kcsToRemove from the search list
+ void remove(const KeychainList &kcsToRemove, bool deleteDb = false);
+
+ void getSearchList(KeychainList &keychainList);
+ void setSearchList(const KeychainList &keychainList);
+
+ // Iff keychainOrArray is NULL return the default KeychainList in keychainList otherwise
+ // if keychainOrArray is a CFArrayRef containing SecKeychainRef's convernt it to KeychainList,
+ // if keychainOrArray is a SecKeychainRef return a KeychainList with one element.
+ void optionalSearchList(CFTypeRef keychainOrArray, KeychainList &keychainList);
+
+ // Convert CFArrayRef of SecKeychainRef's a KeychainList. The array must not be NULL
+ static void convertToKeychainList(CFArrayRef keychainArray, KeychainList &keychainList);
+
+ // Convert KeychainList to a CFArrayRef of SecKeychainRef's.
+ static CFArrayRef convertFromKeychainList(const KeychainList &keychainList);
// Login keychain support
void login(ConstStringPtr name, ConstStringPtr password);
void changeLoginPassword(ConstStringPtr oldPassword, ConstStringPtr newPassword);
void changeLoginPassword(UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword);
+ // Reload mSearchList from mList if the searchList on disk has changed.
+ void reload(bool force = false);
+
private:
typedef map<DLDbIdentifier, Keychain> KeychainMap;
typedef set<KeychainSchema> KeychainSchemaSet;
+ // Reload mSearchList from mList and add new keychains to mKeychains if not already there
+ // Assumes mLock is already locked.
+ void _doReload();
+
+ // Reload mSearchList from mList if the searchList on disk has changed.
+ // Assumes mLock is already locked.
+ void _reload(bool force = false);
+
// Only add if not there yet. Writes out CFPref and broadcasts KCPrefListChanged notification
void addAndNotify(const Keychain& keychainToAdd);
KeychainSchema keychainSchemaFor(const CssmClient::Db &db);
- //Mutex mKeychainsLock;
DLDbListCFPref mSavedList;
- KeychainMap mKeychains; // the array of Keychains
- CssmClient::MultiDLDb mMultiDLDb;
+ KeychainMap mKeychains; // the cache of Keychains
+ KeychainList mSearchList;
KeychainSchemaSet mKeychainSchemaSet;
+ Mutex mLock;
};
} // end namespace KeychainCore
} // end namespace Security
-#endif /* _H_STORAGEMANAGER_ */
-
+#endif // !_SECURITY_STORAGEMANAGER_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// Trust.cpp
+//
+#include <Security/Trust.h>
+#include <Security/cssmdates.h>
+#include <Security/cfutilities.h>
+#include <CoreFoundation/CFData.h>
+#include <Security/SecCertificate.h>
+#include "SecBridge.h"
+
+using namespace KeychainCore;
+
+
+//
+// For now, we use a global TrustStore
+//
+ModuleNexus<TrustStore> Trust::gStore;
+
+
+//
+// Construct a Trust object with suitable defaults.
+// Use setters for additional arguments before calling evaluate().
+//
+Trust::Trust(CFTypeRef certificates, CFTypeRef policies)
+ : mTP(gGuidAppleX509TP), mAction(CSSM_TP_ACTION_DEFAULT),
+ mVerifyTime(NULL),
+ mCerts(cfArrayize(certificates)), mPolicies(cfArrayize(policies)),
+ mResult(kSecTrustResultInvalid)
+{
+ // set default search list from user's default
+ globals().storageManager.getSearchList(mSearchLibs);
+}
+
+
+//
+// Clean up a Trust object
+//
+Trust::~Trust()
+{
+ clearResults();
+}
+
+
+//
+// Retrieve the last TP evaluation result, if any
+//
+CSSM_TP_VERIFY_CONTEXT_RESULT_PTR Trust::cssmResult()
+{
+ if (mResult == kSecTrustResultInvalid)
+ MacOSError::throwMe(errSecNotAvailable);
+ return &mTpResult;
+}
+
+
+// SecCertificateRef -> CssmData
+CssmData cfCertificateData(SecCertificateRef certificate)
+{
+ return gTypes().certificate.required(certificate)->data();
+}
+
+// SecPolicyRef -> CssmField (CFDataRef/NULL or oid/value of a SecPolicy)
+CssmField cfField(SecPolicyRef item)
+{
+ RefPointer<Policy> policy = gTypes().policy.required(SecPolicyRef(item));
+ return CssmField(policy->oid(), policy->value());
+}
+
+// SecKeychain -> CssmDlDbHandle
+CSSM_DL_DB_HANDLE cfKeychain(SecKeychainRef ref)
+{
+ Keychain keychain = gTypes().keychain.required(ref);
+ return keychain->database()->handle();
+}
+
+
+//
+// Here's the big "E" - evaluation.
+// We build most of the CSSM-layer input structures dynamically right here;
+// they will auto-destruct when we're done. The output structures are kept
+// around (in our data members) for later analysis.
+// Note that evaluate() can be called repeatedly, so we must be careful to
+// dispose of prior results.
+//
+void Trust::evaluate()
+{
+ // if we have evaluated before, release prior result
+ clearResults();
+
+ // build the target cert group
+ CFToVector<CssmData, SecCertificateRef, cfCertificateData> subjects(mCerts);
+ CertGroup subjectCertGroup(CSSM_CERT_X_509v3,
+ CSSM_CERT_ENCODING_BER, CSSM_CERTGROUP_DATA);
+ subjectCertGroup.count() = subjects;
+ subjectCertGroup.blobCerts() = subjects;
+
+ // build a TP_VERIFY_CONTEXT, a veritable nightmare of a data structure
+ TPBuildVerifyContext context(mAction);
+ if (mActionData)
+ context.actionData() = cfData(mActionData);
+
+ // policies (one at least, please)
+ CFToVector<CssmField, SecPolicyRef, cfField> policies(mPolicies);
+ if (policies.empty())
+ MacOSError::throwMe(CSSMERR_TP_INVALID_POLICY_IDENTIFIERS);
+ context.setPolicies(policies, policies);
+
+ // anchor certificates
+ CFCopyRef<CFArrayRef> anchors(mAnchors);
+ if (!anchors)
+ anchors = gStore().copyRootCertificates(); // retains
+ CFToVector<CssmData, SecCertificateRef, cfCertificateData> roots(anchors);
+ context.anchors(roots, roots);
+
+ // dlDbList (keychain list)
+ vector<CSSM_DL_DB_HANDLE> dlDbList;
+ for (StorageManager::KeychainList::const_iterator it = mSearchLibs.begin();
+ it != mSearchLibs.end(); it++)
+ dlDbList.push_back((*it)->database()->handle());
+ context.setDlDbList(dlDbList.size(), &dlDbList[0]);
+
+ // verification time
+ char timeString[15];
+ if (mVerifyTime) {
+ CssmUniformDate(mVerifyTime).convertTo(timeString, sizeof(timeString));
+ context.time(timeString);
+ }
+
+ // Go TP!
+ try {
+ mTP->certGroupVerify(subjectCertGroup, context, &mTpResult);
+ mTpReturn = noErr;
+ } catch (CssmCommonError &err) {
+ mTpReturn = err.osStatus();
+ }
+ mResult = diagnoseOutcome();
+
+ // see if we can use the evidence
+ if (mTpResult.count() > 0
+ && mTpResult[0].form() == CSSM_EVIDENCE_FORM_APPLE_HEADER
+ && mTpResult[0].as<CSSM_TP_APPLE_EVIDENCE_HEADER>()->Version == CSSM_TP_APPLE_EVIDENCE_VERSION
+ && mTpResult.count() == 3
+ && mTpResult[1].form() == CSSM_EVIDENCE_FORM_APPLE_CERTGROUP
+ && mTpResult[2].form() == CSSM_EVIDENCE_FORM_APPLE_CERT_INFO) {
+ evaluateUserTrust(*mTpResult[1].as<CertGroup>(),
+ mTpResult[2].as<CSSM_TP_APPLE_EVIDENCE_INFO>());
+ } else {
+ // unexpected evidence information. Can't use it
+ debug("trusteval", "unexpected evidence ignored");
+ }
+}
+
+
+//
+// Classify the TP outcome in terms of a SecTrustResultType
+//
+SecTrustResultType Trust::diagnoseOutcome()
+{
+ switch (mTpReturn) {
+ case noErr: // peachy
+ return kSecTrustResultUnspecified;
+ case CSSMERR_TP_CERT_EXPIRED: // expired cert
+ case CSSMERR_TP_CERT_NOT_VALID_YET: // mis-expired cert
+ case CSSMERR_TP_NOT_TRUSTED: // no root, no anchor
+ case CSSMERR_TP_VERIFICATION_FAILURE: // root does not self-verify
+ case CSSMERR_TP_INVALID_ANCHOR_CERT: // valid is not an anchor
+ case CSSMERR_TP_VERIFY_ACTION_FAILED: // policy action failed
+ return kSecTrustResultRecoverableTrustFailure;
+ case CSSMERR_TP_INVALID_CERTIFICATE: // bad certificate
+ return kSecTrustResultFatalTrustFailure;
+ default:
+ return kSecTrustResultOtherError; // unknown
+ }
+}
+
+
+//
+// Assuming a good evidence chain, check user trust
+// settings and set mResult accordingly.
+//
+void Trust::evaluateUserTrust(const CertGroup &chain,
+ const CSSM_TP_APPLE_EVIDENCE_INFO *infoList)
+{
+ // extract cert chain as Certificate objects
+ //@@@ once new Evidence is in, use it to build the Certificates
+ mCertChain.resize(chain.count());
+ for (uint32 n = 0; n < mCertChain.size(); n++) {
+ const TPEvidenceInfo &info = TPEvidenceInfo::overlay(infoList[n]);
+ if (info.recordId()) {
+ debug("trusteval", "evidence %ld from DLDB source", n);
+ assert(false); // from DL/DB search - not yet implemented
+ } else if (info.status(CSSM_CERT_STATUS_IS_IN_INPUT_CERTS)) {
+ debug("trusteval", "evidence %ld from input cert %ld", n, info.index());
+ assert(info.index() < uint32(CFArrayGetCount(mCerts)));
+ SecCertificateRef cert = SecCertificateRef(CFArrayGetValueAtIndex(mCerts,
+ info.index()));
+ mCertChain[n] = gTypes().certificate.required(cert);
+ } else if (info.status(CSSM_CERT_STATUS_IS_IN_ANCHORS)) {
+ debug("trusteval", "evidence %ld from anchor cert %ld", n, info.index());
+ assert(info.index() < uint32(CFArrayGetCount(mAnchors)));
+ SecCertificateRef cert = SecCertificateRef(CFArrayGetValueAtIndex(mAnchors,
+ info.index()));
+ mCertChain[n] = gTypes().certificate.required(cert);
+ } else {
+ // unknown source; make a new Certificate for it
+ debug("trusteval", "evidence %ld from unknown source", n);
+ mCertChain[n] =
+ new Certificate(chain.blobCerts()[n],
+ CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER);
+ }
+ }
+
+ // now walk the chain, leaf-to-root, checking for user settings
+ TrustStore &store = gStore();
+ RefPointer<Policy> policy =
+ gTypes().policy.required(SecPolicyRef(CFArrayGetValueAtIndex(mPolicies, 0)));
+ for (mResultIndex = 0;
+ mResult == kSecTrustResultUnspecified && mResultIndex < mCertChain.size();
+ mResultIndex++)
+ mResult = store.find(mCertChain[mResultIndex], policy);
+}
+
+
+//
+// Release TP evidence information.
+// This information is severely under-defined by CSSM, so we proceed
+// as follows:
+// (a) If the evidence matches an Apple-defined pattern, use specific
+// knowledge of that format.
+// (b) Otherwise, assume that the void * are flat blocks of memory.
+//
+void Trust::releaseTPEvidence(TPVerifyResult &result, CssmAllocator &allocator)
+{
+ if (result.count() > 0) { // something to do
+ if (result[0].form() == CSSM_EVIDENCE_FORM_APPLE_HEADER) {
+ // Apple defined evidence form -- use intimate knowledge
+ if (result[0].as<CSSM_TP_APPLE_EVIDENCE_HEADER>()->Version == CSSM_TP_APPLE_EVIDENCE_VERSION
+ && result.count() == 3
+ && result[1].form() == CSSM_EVIDENCE_FORM_APPLE_CERTGROUP
+ && result[2].form() == CSSM_EVIDENCE_FORM_APPLE_CERT_INFO) {
+ // proper format
+ allocator.free(result[0].data()); // just a struct
+ result[1].as<CertGroup>()->destroy(allocator); // CertGroup contents
+ allocator.free(result[1].data()); // the CertGroup itself
+ allocator.free(result[2].data()); // array of (flat) info structs
+ } else {
+ debug("trusteval", "unrecognized Apple TP evidence format");
+ // drop it -- better leak than kill
+ }
+ } else {
+ // unknown format -- blindly assume flat blobs
+ debug("trusteval", "destroying unknown TP evidence format");
+ for (uint32 n = 0; n < result.count(); n++)
+ allocator.free(result[n].data());
+ }
+ }
+}
+
+
+//
+// Clear evaluation results unless state is initial (invalid)
+//
+void Trust::clearResults()
+{
+ if (mResult != kSecTrustResultInvalid) {
+ releaseTPEvidence(mTpResult, mTP.allocator());
+ mResult = kSecTrustResultInvalid;
+ }
+}
+
+
+//
+// Build evidence information
+//
+void Trust::buildEvidence(CFArrayRef &certChain, TPEvidenceInfo * &statusChain)
+{
+ if (mResult == kSecTrustResultInvalid)
+ MacOSError::throwMe(errSecNotAvailable);
+ certChain = mEvidenceReturned =
+ makeCFArray(gTypes().certificate, mCertChain);
+ statusChain = mTpResult[2].as<TPEvidenceInfo>();
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// Trust.h - Trust control wrappers
+//
+#ifndef _SECURITY_TRUST_H_
+#define _SECURITY_TRUST_H_
+
+#include <Security/SecRuntime.h>
+#include <CoreFoundation/CoreFoundation.h>
+#include <Security/StorageManager.h>
+#include <Security/tpclient.h>
+#include <Security/cfutilities.h>
+#include <Security/SecTrust.h>
+#include <Security/Certificate.h>
+#include <Security/Policies.h>
+#include <Security/TrustStore.h>
+#include <vector>
+
+using namespace CssmClient;
+
+namespace Security {
+namespace KeychainCore {
+
+
+//
+// The Trust object manages trust-verification workflow.
+// As such, it represents a somewhat more complex concept than
+// a single "object".
+//
+class Trust : public SecCFObject
+{
+ NOCOPY(Trust)
+public:
+ Trust(CFTypeRef certificates, CFTypeRef policies);
+ virtual ~Trust();
+
+ // set more input parameters
+ void action(CSSM_TP_ACTION action) { mAction = action; }
+ void actionData(CFDataRef data) { mActionData = data; }
+ void time(CFDateRef verifyTime) { mVerifyTime = verifyTime; }
+ void anchors(CFArrayRef anchorList) { mAnchors = cfArrayize(anchorList); }
+ StorageManager::KeychainList &searchLibs() { return mSearchLibs; }
+
+ // perform evaluation
+ void evaluate();
+
+ // get at evaluation results
+ void buildEvidence(CFArrayRef &certChain, TPEvidenceInfo * &statusChain);
+ CSSM_TP_VERIFY_CONTEXT_RESULT_PTR cssmResult();
+
+ SecTrustResultType result() const { return mResult; }
+ TP getTPHandle() const { return mTP; }
+
+ // an independent release function for TP evidence results
+ // (yes, we could hand this out to the C layer if desired)
+ static void releaseTPEvidence(TPVerifyResult &result, CssmAllocator &allocator);
+
+private:
+ SecTrustResultType diagnoseOutcome();
+ void evaluateUserTrust(const CertGroup &certs,
+ const CSSM_TP_APPLE_EVIDENCE_INFO *info);
+ void clearResults();
+
+private:
+ TP mTP; // our TP
+
+ // input arguments: set up before evaluate()
+ CSSM_TP_ACTION mAction; // TP action to verify
+ CFRef<CFDataRef> mActionData; // action data
+ CFRef<CFDateRef> mVerifyTime; // verification "now"
+ CFRef<CFArrayRef> mCerts; // certificates to verify (item 1 is subject)
+ CFRef<CFArrayRef> mPolicies; // array of policy objects to control verification
+ CFRef<CFArrayRef> mAnchors; // array of anchor certs
+ StorageManager::KeychainList mSearchLibs; // array of databases to search
+
+ // evaluation results: set as a result of evaluate()
+ SecTrustResultType mResult; // result classification
+ uint32 mResultIndex; // which result cert made the decision?
+ OSStatus mTpReturn; // return code from TP Verify
+ TPVerifyResult mTpResult; // result of latest TP verify
+
+ vector< RefPointer<Certificate> > mCertChain; // distilled certificate chain
+
+ // information returned to caller but owned by us
+ CFRef<CFArrayRef> mEvidenceReturned; // evidence chain returned
+
+public:
+ static ModuleNexus<TrustStore> Trust::gStore;
+};
+
+} // end namespace KeychainCore
+
+} // end namespace Security
+
+#endif // !_SECURITY_TRUST_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// TrustStore.h - Abstract interface to permanent user trust assignments
+//
+#include <Security/TrustItem.h>
+#include <Security/Schema.h>
+#include <Security/SecCFTypes.h>
+
+
+namespace Security {
+namespace KeychainCore {
+
+
+//
+// Construct a UserTrustItem from attributes and initial content
+//
+UserTrustItem::UserTrustItem(Certificate *cert, Policy *policy, const TrustData &trustData) :
+ ItemImpl(CSSM_DL_DB_RECORD_USER_TRUST,
+ reinterpret_cast<SecKeychainAttributeList *>(NULL),
+ UInt32(sizeof(trustData)),
+ reinterpret_cast<const void *>(&trustData)),
+ mCertificate(cert), mPolicy(policy)
+{
+ debug("usertrust", "create %p (%p,%p) = %d", this, cert, policy, trustData.trust);
+}
+
+
+//
+// Destroy it
+//
+UserTrustItem::~UserTrustItem()
+{
+ debug("usertrust", "destroy %p", this);
+}
+
+
+//
+// Retrieve the trust value from a UserTrustItem
+//
+UserTrustItem::TrustData UserTrustItem::trust()
+{
+ CssmDataContainer data;
+ getData(data);
+ if (data.length() != sizeof(TrustData))
+ MacOSError::throwMe(errSecInvalidTrustSetting);
+ return *data.interpretedAs<TrustData>();
+}
+
+
+//
+// Add item to keychain
+//
+PrimaryKey UserTrustItem::add(Keychain &keychain)
+{
+ // If we already have a Keychain we can't be added.
+ if (mKeychain)
+ MacOSError::throwMe(errSecDuplicateItem);
+
+ populateAttributes();
+
+ CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType();
+
+ Db db(keychain->database());
+ // add the item to the (regular) db
+ try
+ {
+ mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
+ debug("usertrust", "%p inserted", this);
+ }
+ catch (const CssmError &e)
+ {
+ if (e.cssmError() != CSSMERR_DL_INVALID_RECORDTYPE)
+ throw;
+
+ // Create the cert relation and try again.
+ debug("usertrust", "adding schema relation for user trusts");
+ db->createRelation(CSSM_DL_DB_RECORD_USER_TRUST, "CSSM_DL_DB_RECORD_USER_TRUST",
+ Schema::UserTrustSchemaAttributeCount,
+ Schema::UserTrustSchemaAttributeList,
+ Schema::UserTrustSchemaIndexCount,
+ Schema::UserTrustSchemaIndexList);
+
+ mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
+ debug("usertrust", "%p inserted now", this);
+ }
+
+ mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId);
+ mKeychain = keychain;
+
+ return mPrimaryKey;
+}
+
+
+void UserTrustItem::populateAttributes()
+{
+ const CssmData &certData = mCertificate->data();
+ const CssmOid &policyOid = mPolicy->oid();
+ mDbAttributes->add(Schema::attributeInfo(kSecTrustCertAttr), certData);
+ mDbAttributes->add(Schema::attributeInfo(kSecTrustPolicyAttr), policyOid);
+}
+
+
+} // end namespace KeychainCore
+} // end namespace Security
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// TrustStore.h - Abstract interface to permanent user trust assignments
+//
+#ifndef _SECURITY_TRUSTITEM_H_
+#define _SECURITY_TRUSTITEM_H_
+
+#include <Security/utilities.h>
+#include <Security/Certificate.h>
+#include <Security/Policies.h>
+#include <Security/SecTrust.h>
+
+
+// unique keychain item attributes for user trust records
+enum {
+ kSecTrustCertAttr = 'tcrt',
+ kSecTrustPolicyAttr = 'tpol'
+};
+
+
+namespace Security {
+namespace KeychainCore {
+
+
+//
+// A trust item in a keychain.
+// Currently, Item constructors do not explicitly generate this subclass.
+// They don't need to, since our ownly user (TrustStore) can deal with
+// the generic Item class just fine.
+// If we ever need Item to produce UserTrustItem impls, we would need to
+// add constructors from primary key (see Certificate for an example).
+//
+class UserTrustItem : public ItemImpl {
+ NOCOPY(UserTrustItem)
+public:
+ struct TrustData {
+ uint32 version; // version mark
+ SecTrustUserSetting trust; // user's trust choice
+ };
+ static const uint32 currentVersion = 0x101;
+
+public:
+ // new item constructor
+ UserTrustItem(Certificate *cert, Policy *policy, const TrustData &trust);
+ virtual ~UserTrustItem();
+
+ TrustData trust();
+
+protected:
+ virtual PrimaryKey add(Keychain &keychain);
+
+ void populateAttributes();
+
+private:
+ RefPointer<Certificate> mCertificate;
+ RefPointer<Policy> mPolicy;
+};
+
+
+} // end namespace KeychainCore
+} // end namespace Security
+
+#endif // !_SECURITY_TRUSTITEM_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// TrustStore.h - Abstract interface to permanent user trust assignments
+//
+#include <Security/TrustStore.h>
+#include <Security/Globals.h>
+#include <Security/Certificate.h>
+#include <Security/SecCFTypes.h>
+#include <Security/schema.h>
+
+
+namespace Security {
+namespace KeychainCore {
+
+
+//
+// Make and break: trivial
+//
+TrustStore::TrustStore(CssmAllocator &alloc)
+ : allocator(alloc), mRootsValid(false), mRootBytes(allocator)
+{
+}
+
+TrustStore::~TrustStore()
+{ }
+
+
+//
+// Retrieve the trust setting for a (certificate, policy) pair.
+//
+SecTrustUserSetting TrustStore::find(Certificate *cert, Policy *policy)
+{
+ if (Item item = findItem(cert, policy)) {
+ CssmDataContainer data;
+ item->getData(data);
+ if (data.length() != sizeof(TrustData))
+ MacOSError::throwMe(errSecInvalidTrustSetting);
+ TrustData &trust = *data.interpretedAs<TrustData>();
+ if (trust.version != UserTrustItem::currentVersion)
+ MacOSError::throwMe(errSecInvalidTrustSetting);
+ return trust.trust;
+ } else {
+ return kSecTrustResultUnspecified;
+ }
+}
+
+
+//
+// Set an individual trust element
+//
+void TrustStore::assign(Certificate *cert, Policy *policy, SecTrustUserSetting trust)
+{
+ TrustData trustData = { UserTrustItem::currentVersion, trust };
+ if (Item item = findItem(cert, policy)) {
+ // user has a trust setting in a keychain - modify that
+ item->modifyContent(NULL, sizeof(trustData), &trustData);
+ } else {
+ // no trust entry: make one
+ Item item = new UserTrustItem(cert, policy, trustData);
+ if (Keychain location = cert->keychain())
+ location->add(item); // in the cert's keychain
+ else
+ Keychain::optional(NULL)->add(item); // in the default keychain
+ }
+}
+
+
+//
+// Search the user's configured keychains for a trust setting.
+// If found, return it (as a TrustItem). Otherwise, return NULL.
+// Note that this function throws if a "real" error is encountered.
+//
+Item TrustStore::findItem(Certificate *cert, Policy *policy)
+{
+ try {
+ SecKeychainAttribute attrs[2];
+ const CssmData &data = cert->data();
+ attrs[0].tag = kSecTrustCertAttr;
+ attrs[0].length = data.length();
+ attrs[0].data = data.data();
+ const CssmOid &policyOid = policy->oid();
+ attrs[1].tag = kSecTrustPolicyAttr;
+ attrs[1].length = policyOid.length();
+ attrs[1].data = policyOid.data();
+ SecKeychainAttributeList attrList = { 2, attrs };
+ KCCursor cursor = globals().storageManager.createCursor(CSSM_DL_DB_RECORD_USER_TRUST, &attrList);
+ Item item;
+ if (cursor->next(item))
+ return item;
+ else
+ return NULL;
+ } catch (const CssmError &error) {
+ if (error.cssmError() == CSSMERR_DL_INVALID_RECORDTYPE)
+ return NULL; // no trust schema, no records, no error
+ throw;
+ }
+}
+
+
+//
+// Return the root certificate list.
+// This list is cached.
+//
+CFArrayRef TrustStore::copyRootCertificates()
+{
+ if (!mRootsValid) {
+ loadRootCertificates();
+ mCFRoots = NULL;
+ }
+ if (!mCFRoots) {
+ uint32 count = mRoots.size();
+ debug("anchors", "building %ld CF-style anchor certificates", count);
+ vector<SecCertificateRef> roots(count);
+ for (uint32 n = 0; n < count; n++) {
+ RefPointer<Certificate> cert = new Certificate(mRoots[n],
+ CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER);
+ roots[n] = gTypes().certificate.handle(*cert);
+ }
+ mCFRoots = CFArrayCreate(NULL, (const void **)&roots[0], count,
+ &kCFTypeArrayCallBacks);
+ for (uint32 n = 0; n < count; n++)
+ CFRelease(roots[n]); // undo CFArray's retain
+ }
+ CFRetain(mCFRoots);
+ return mCFRoots;
+}
+
+void TrustStore::getCssmRootCertificates(CertGroup &rootCerts)
+{
+ if (!mRootsValid)
+ loadRootCertificates();
+ rootCerts = CertGroup(CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER, CSSM_CERTGROUP_DATA);
+ rootCerts.blobCerts() = &mRoots[0];
+ rootCerts.count() = mRoots.size();
+}
+
+void TrustStore::refreshRootCertificates()
+{
+ if (mRootsValid) {
+ debug("anchors", "clearing %ld cached anchor certificates", mRoots.size());
+
+ // throw out the CF version
+ if (mCFRoots) {
+ CFRelease(mCFRoots);
+ mCFRoots = NULL;
+ }
+
+ // release cert memory
+ mRootBytes.reset();
+ mRoots.clear();
+
+ // all pristine again
+ mRootsValid = false;
+ }
+}
+
+
+//
+// Load root (anchor) certificates from disk
+//
+void TrustStore::loadRootCertificates()
+{
+ using namespace CssmClient;
+ using namespace KeychainCore::Schema;
+
+ // release previous cached data (if any)
+ refreshRootCertificates();
+
+ static const char anchorLibrary[] = "/System/Library/Keychains/X509Anchors";
+
+ // open anchor database and formulate query (x509v3 certs)
+ debug("anchors", "Loading anchors from %s", anchorLibrary);
+ DL dl(gGuidAppleFileDL);
+ Db db(dl, anchorLibrary);
+ DbCursor search(db);
+ search->recordType(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
+ search->conjunctive(CSSM_DB_OR);
+#if 0 // if we ever need to support v1/v2 certificates...
+ search->add(CSSM_DB_EQUAL, kX509CertificateCertType, UInt32(CSSM_CERT_X_509v1));
+ search->add(CSSM_DB_EQUAL, kX509CertificateCertType, UInt32(CSSM_CERT_X_509v2));
+ search->add(CSSM_DB_EQUAL, kX509CertificateCertType, UInt32(CSSM_CERT_X_509v3));
+#endif
+
+ // collect certificate data
+ typedef list<CssmDataContainer> ContainerList;
+ ContainerList::iterator last;
+ ContainerList certs;
+ for (;;) {
+ DbUniqueRecord id;
+ last = certs.insert(certs.end());
+ if (!search->next(NULL, &*last, id))
+ break;
+ }
+
+ // how many data bytes do we need?
+ size_t size = 0;
+ for (ContainerList::const_iterator it = certs.begin(); it != last; it++)
+ size += it->length();
+ mRootBytes.length(size);
+
+ // fill CssmData vector while copying data bytes together
+ mRoots.clear();
+ uint8 *base = mRootBytes.data<uint8>();
+ for (ContainerList::const_iterator it = certs.begin(); it != last; it++) {
+ memcpy(base, it->data(), it->length());
+ mRoots.push_back(CssmData(base, it->length()));
+ base += it->length();
+ }
+ debug("anchors", "%ld anchors loaded", mRoots.size());
+
+ mRootsValid = true; // ready to roll
+}
+
+
+} // end namespace KeychainCore
+} // end namespace Security
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// TrustStore.h - Abstract interface to permanent user trust assignments
+//
+#ifndef _SECURITY_TRUSTSTORE_H_
+#define _SECURITY_TRUSTSTORE_H_
+
+#include <Security/utilities.h>
+#include <Security/Certificate.h>
+#include <Security/Policies.h>
+#include <Security/SecTrust.h>
+#include <Security/TrustItem.h>
+
+
+namespace Security {
+namespace KeychainCore {
+
+
+//
+// A TrustStore object mediates access to "user trust" information stored
+// for a user (usually in her keychains).
+// For lack of a better home, access to the default anchor certificate
+// list is also provided here.
+//
+class TrustStore {
+ NOCOPY(TrustStore)
+public:
+ TrustStore(CssmAllocator &alloc = CssmAllocator::standard());
+ virtual ~TrustStore();
+
+ CssmAllocator &allocator;
+
+ // set/get user trust for a certificate and policy
+ SecTrustUserSetting find(Certificate *cert, Policy *policy);
+ void assign(Certificate *cert, Policy *policy, SecTrustUserSetting assignment);
+
+ // get access to the default root anchor certificates for X509
+ CFArrayRef copyRootCertificates();
+ void getCssmRootCertificates(CertGroup &roots);
+ void refreshRootCertificates();
+
+ typedef UserTrustItem::TrustData TrustData;
+
+protected:
+ Item findItem(Certificate *cert, Policy *policy);
+ void loadRootCertificates();
+
+private:
+ bool mRootsValid; // roots have been loaded from disk
+ vector<CssmData> mRoots; // array of CssmDatas to certificate datas
+ CssmAutoData mRootBytes; // certificate data blobs (bunched up)
+ CFRef<CFArrayRef> mCFRoots; // mRoots as CFArray<SecCertificate>
+};
+
+} // end namespace KeychainCore
+} // end namespace Security
+
+#endif // !_SECURITY_TRUSTSTORE_H_
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// TrustedApplication.cpp
+//
+#include <Security/TrustedApplication.h>
+#include <Security/ACL.h>
+#include <Security/osxsigning.h>
+#include <Security/osxsigner.h>
+#include <Security/trackingallocator.h>
+#include <memory>
+
+using namespace KeychainCore;
+using namespace CodeSigning;
+
+
+//
+// Create a TrustedApplication from a code-signing ACL subject.
+// Throws ACL::ParseError if the subject is unexpected.
+//
+TrustedApplication::TrustedApplication(const TypedList &subject)
+ : mSignature(CssmAllocator::standard()),
+ mData(CssmAllocator::standard())
+{
+ if (subject.type() != CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE)
+ throw ACL::ParseError();
+ if (subject[1] != CSSM_ACL_CODE_SIGNATURE_OSX)
+ throw ACL::ParseError();
+ mSignature = subject[2].data();
+ mData = subject[3].data();
+}
+
+
+TrustedApplication::TrustedApplication(const CssmData &signature, const CssmData &data) :
+ mSignature(CssmAllocator::standard(), signature),
+ mData(CssmAllocator::standard(), data)
+{
+}
+
+TrustedApplication::TrustedApplication(const char *path)
+ : mSignature(CssmAllocator::standard()),
+ mData(CssmAllocator::standard())
+{
+ OSXSigner signer;
+ RefPointer<OSXCode> object(OSXCode::at(path));
+ auto_ptr<OSXSigner::OSXSignature> signature(signer.sign(*object));
+ mSignature = *signature;
+ mData = CssmData(const_cast<char *>(path), strlen(path) + 1);
+}
+
+TrustedApplication::TrustedApplication()
+ : mSignature(CssmAllocator::standard()),
+ mData(CssmAllocator::standard())
+{
+ OSXSigner signer;
+ RefPointer<OSXCode> object(OSXCode::main());
+ auto_ptr<OSXSigner::OSXSignature> signature(signer.sign(*object));
+ mSignature = *signature;
+ string path = object->canonicalPath();
+ mData.copy(path.c_str(), path.length() + 1); // including trailing null
+}
+
+TrustedApplication::~TrustedApplication()
+{
+}
+
+const CssmData &
+TrustedApplication::signature() const
+{
+ return mSignature;
+}
+
+bool
+TrustedApplication::sameSignature(const char *path)
+{
+ // return true if object at given path has same signature
+ CssmAutoData otherSignature(CssmAllocator::standard());
+ calcSignature(path, otherSignature);
+ return (mSignature.get() == otherSignature);
+}
+
+void
+TrustedApplication::calcSignature(const char *path, CssmOwnedData &signature)
+{
+ // generate a signature for the given object
+ RefPointer<CodeSigning::OSXCode> objToVerify(CodeSigning::OSXCode::at(path));
+ CodeSigning::OSXSigner signer;
+ auto_ptr<CodeSigning::OSXSigner::OSXSignature> osxSignature(signer.sign(*objToVerify));
+ signature.copy(osxSignature->data(), osxSignature->length());
+}
+
+
+//
+// Produce a TypedList representing a code-signing ACL subject
+// for this application.
+// Memory is allocated from the allocator given, and belongs to
+// the caller.
+//
+TypedList TrustedApplication::makeSubject(CssmAllocator &allocator)
+{
+ return TypedList(allocator,
+ CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE,
+ new(allocator) ListElement(CSSM_ACL_CODE_SIGNATURE_OSX),
+ new(allocator) ListElement(mSignature.get()),
+ new(allocator) ListElement(mData.get()));
+}
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+//
+// TrustedApplication.h - TrustedApplication control wrappers
+//
+#ifndef _SECURITY_TRUSTEDAPPLICATION_H_
+#define _SECURITY_TRUSTEDAPPLICATION_H_
+
+#include <Security/SecRuntime.h>
+#include <Security/cssmdata.h>
+#include <Security/cssmaclpod.h>
+
+
+namespace Security {
+namespace KeychainCore {
+
+
+//
+// TrustedApplication actually denotes a signed executable
+// on disk as used by the ACL subsystem. Much useful
+// information is encapsulated in the 'comment' field that
+// is stored with the ACL subject. TrustedApplication does
+// not interpret this value, leaving its meaning to its caller.
+//
+class TrustedApplication : public SecCFObject {
+ NOCOPY(TrustedApplication)
+public:
+ TrustedApplication(const TypedList &subject);
+ TrustedApplication(const CssmData &signature, const CssmData &comment);
+ TrustedApplication(const char *path);
+ TrustedApplication(); // for current application
+ virtual ~TrustedApplication();
+
+ const CssmData &signature() const;
+
+ // data (aka "comment") access
+ const CssmData &data() const { return mData; }
+ template <class Data>
+ void data(const Data &data) { mData = data; }
+
+ TypedList makeSubject(CssmAllocator &allocator);
+
+protected:
+ bool sameSignature(const char *path); // return true if object at path has same signature
+ void calcSignature(const char *path, CssmOwnedData &signature); // generate a signature
+
+private:
+ CssmAutoData mSignature;
+ CssmAutoData mData;
+};
+
+} // end namespace KeychainCore
+} // end namespace Security
+
+#endif // !_SECURITY_TRUSTEDAPPLICATION_H_
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
#include <CoreFoundation/CFDate.h>
#include <CoreFoundation/CFTimeZone.h>
+#include <ctype.h>
namespace Security
{
//tmp->tm_sec = x;
date.second = x;
- CFTimeZoneRef timeZone = CFTimeZoneCopyDefault();
+ CFTimeZoneRef timeZone = CFTimeZoneCreateWithTimeIntervalFromGMT(NULL, 0);
CFAbsoluteTime absTime = CFGregorianDateGetAbsoluteTime(date, timeZone);
CFRelease(timeZone);
+
+ // Adjust abstime to local timezone
+ timeZone = CFTimeZoneCopyDefault();
+ absTime += CFTimeZoneGetSecondsFromGMT(timeZone, absTime);
+ CFRelease(timeZone);
+
outMacDate = SInt64(double(absTime + kCFAbsoluteTimeIntervalSince1904));
}
void MacLongDateTimeToTimeString(const SInt64 &inMacDate,
UInt32 inLength, void *outData)
{
+ // @@@ this code is close, but on the fringe case of a daylight savings time it will be off for a little while
CFAbsoluteTime absTime = inMacDate - kCFAbsoluteTimeIntervalSince1904;
+
+ // Remove local timezone component from absTime
CFTimeZoneRef timeZone = CFTimeZoneCopyDefault();
+ absTime -= CFTimeZoneGetSecondsFromGMT(timeZone, absTime);
+ CFRelease(timeZone);
+
+ timeZone = CFTimeZoneCreateWithTimeIntervalFromGMT(NULL, 0);
CFGregorianDate date = CFAbsoluteTimeGetGregorianDate(absTime, timeZone);
CFRelease(timeZone);
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 1997-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
/*
- File: cssmdatetime.h
-
- Contains: defines for the CSSM date and time utilities for the Mac
-
- Written by: The Hindsight team
-
- Copyright: © 1997-2000 by Apple Computer, Inc., all rights reserved.
-
- Change History (most recent first):
-
- To Do:
-*/
-
-#ifndef _CSSM_DATE_TIME_UTILS
-#define _CSSM_DATE_TIME_UTILS
+ * cssmdatetime.h -- defines for the CSSM date and time utilities for the Mac
+ */
+#ifndef _SECURITY_CSSMDATETIME_H_
+#define _SECURITY_CSSMDATETIME_H_
#include <Security/cssm.h>
-#ifdef _CPP_CSSM_DATE_TIME_UTILS
-# pragma export on
-#endif
-
namespace Security
{
extern void MacSecondsToTimeString(UInt32 inMacDate, UInt32 inLength, void *outData);
extern void MacLongDateTimeToTimeString(const SInt64 &inMacDate,
UInt32 inLength, void *outData);
-}; // end namespace CSSMDateTimeUtils
-} // end namespace Security
+} // end namespace CSSMDateTimeUtils
-#ifdef _CPP_CSSM_DATE_TIME_UTILS
-# pragma export off
-#endif
+} // end namespace Security
-#endif //_CSSM_DATE_TIME_UTILS
+#endif // !_SECURITY_CSSMDATETIME_H_
case transferSent:
switch (reply) {
case 150:
+ case 125:
+ transfer().ftpResponse() = input; // remember response for caller.
+ transfer().ftpResponseCode() = reply;
if (!mPassive)
mReceiver.receive(mDataPath); // accept incoming connection and stop listening
+ observe(Observer::resultCodeReady, input);
// engage the data path
switch (operation()) {
case downloadDirectory:
case downloadListing:
mDataPath.start(sink());
+ observe(Observer::downloading, input);
break;
case upload:
mDataPath.start(source());
+ observe(Observer::uploading, input);
break;
default:
assert(false);
// The Protocol object for the FTP protocol
//
class FTPProtocol : public Protocol {
- class FTPTransfer;
+protected:
class FTPConnection;
public:
+ class FTPTransfer;
static const IPPort defaultFtpPort = 21;
FTPProtocol(Manager &mgr);
bool mConnectionDone; // our Connection is ready to finish()
};
+protected:
//
// This is the persistent connection object.
//
FTPDataConnection mDataPath; // subsidiary (data transfer) connection
TCPServerSocket mReceiver; // incoming listen socket for active mode transfers
};
-
+
+public:
//
// The official Transfer object (for all kinds of transfers)
//
ResultClass resultClass() const;
+ string &ftpResponse() { return mPrimaryResponseString; }
+ unsigned int &ftpResponseCode() { return mPrimaryResponseCode; }
+ unsigned int ftpResponseCode() const { return mPrimaryResponseCode; }
+
protected:
void start(); // start me up
void abort(); // abort this Transfer
string mFailedReply; // reply string that triggered failure
+
+ private:
+ string mPrimaryResponseString; //FTP protocol first response line.
+ unsigned int mPrimaryResponseCode; // numeric response code.
};
private:
HTTPProtocol::HTTPConnection::HTTPConnection(Protocol &proto,
const HostTarget &hostTarget)
: TCPConnection(proto, hostTarget),
+ subVersion(defaultSubVersion),
state(errorState), deferSendRequest(false)
{
const HostTarget &host = proxyHostTarget();
{
assert(state == idle);
+ // what version of HTTP/1 shall we use?
+ subVersion = getv<int>(kNetworkHttpUseVersion, defaultSubVersion);
+
flushOutput(false); // hold output until we're done
const Target &target = this->target();
if (transfer().useProxyHeaders()) {
- printfe("%s %s HTTP/1.1",
- mOperation.c_str(), target.urlForm().c_str());
+ printfe("%s %s HTTP/1.%d", mOperation.c_str(), target.urlForm().c_str(), subVersion);
authorizationHeader("Proxy-Authorization", hostTarget,
kNetworkGenericProxyUsername, kNetworkGenericProxyPassword);
} else {
- printfe("%s %s HTTP/1.1", mOperation.c_str(), target.path.c_str());
+ printfe("%s %s HTTP/1.%d", mOperation.c_str(), target.path.c_str(), subVersion);
}
hostHeader();
authorizationHeader("Authorization", target,
} else {
printfe("Content-length: %ld", size);
}
+ printfe("Content-Type: %s", getv<string>(kNetworkHttpPostContentType, "text/plain").c_str());
printfe(""); // end of headers
mode(source); // initiate autoWrite mode
} else {
} else { // end of headers
// we are now handling the transition from response headers to response body
observe(Observer::protocolReceive, "** END OF HEADER **");
+ observe(Observer::downloading, input);
// Transfer-Encoding overrides Content-Length as per RFC2616 p.34
if (const char *encoding = headers().find("Transfer-Encoding")) {
// The Protocol object for the HTTP protocol
//
class HTTPProtocol : public Protocol {
- class HTTPTransfer;
public:
+ class HTTPTransfer;
static const IPPort defaultHttpPort = 80;
HTTPProtocol(Manager &mgr, const char *scheme = "http");
void merge(string key, string &old, string newValue);
};
-private:
+protected:
//
// Our persistent connection object
//
class HTTPConnection : public TCPConnection {
+ static const int defaultSubVersion = 1; // default to HTTP/1.1
public:
HTTPConnection(Protocol &proto, const HostTarget &tgt);
void chooseRetain();
protected:
+ int subVersion; // HTTP/1.x sub-protocol version
State state; // master state machine switch
bool deferSendRequest; // allows a subclass to interrupt state machine
string mOperation; // requested HTTP operation
unsigned int httpVersionMinor; // minor version of peer
};
-
+public:
//
// A generic Transfer object. All HTTP transfers are transactional (headers in, optional data in,
// headers out, optional data out), so there's no reason to distinguish subclasses.
mode(rawInput);
// configure the SSL session
- allowExpiredCerts(getv<bool>(kNetworkHttpAcceptExpiredCerts, false));
- allowUnknownRoots(getv<bool>(kNetworkHttpAcceptUnknownRoots, false));
-
+ allowsExpiredCerts(getv<bool>(kNetworkHttpAcceptExpiredCerts, false));
+ allowsUnknownRoots(getv<bool>(kNetworkHttpAcceptUnknownRoots, false));
+ peerId(peerAddress());
+
// start SSL handshake
SSL::open();
assert(SSL::state() == kSSLHandshake); // there is no chance that we could already be done
}
// if SSL fails, we have to abandon the Connection
- } catch (CssmCommonError &err) {
+ } catch (const CssmCommonError &err) {
setError("SSL failed", err.osStatus());
throw;
} catch (...) {
// stuff.
//
class SecureHTTPProtocol : public HTTPProtocol {
- class SecureHTTPTransfer;
public:
+ class SecureHTTPTransfer;
static const IPPort defaultHttpsPort = 443;
SecureHTTPProtocol(Manager &mgr);
// Our persistent connection object
//
typedef SecureTransport<Socket> SSL;
-
+
+protected:
class SecureHTTPConnection : public HTTPConnection, protected SSL {
public:
SecureHTTPConnection(Protocol &proto, const HostTarget &tgt);
bool atEnd() const;
};
-
+public:
//
// A generic Transfer object. All HTTP transfers are transactional (headers in, optional data in,
// headers out, optional data out), so there's no reason to distinguish subclasses.
connectState = connectReady;
try {
startSSL();
- } catch (CssmCommonError &err) {
+ } catch (const CssmCommonError &err) {
setError("SSL failed", err.osStatus());
throw;
} catch (...) {
{
}
-Error::~Error()
+Error::~Error() throw()
{
}
protected:
Error(OSStatus err);
public:
- virtual ~Error();
+ virtual ~Error() throw();
//@@@ -1 == internal error?!
static void throwMe(OSStatus err = -1) __attribute__((noreturn));
};
kNetworkHttpMoreHeaders = PARAMKEY(0x02003,string), // arbitrary more headers
kNetworkHttpAcceptExpiredCerts = PARAMKEY(0x02004,bool), // accept expired certs
kNetworkHttpAcceptUnknownRoots = PARAMKEY(0x02005,bool), // accept untrusted root certificates
+ kNetworkHttpPostContentType = PARAMKEY(0x02006,string), // Content-Type: for posted data
+ kNetworkHttpUseVersion = PARAMKEY(0x02007,integer), // subversion of HTTP/1 to use
// Legacy interface use ONLY. Not valid for modern use
kNetworkLegacyIsSecure = PARAMKEY(0x100001,bool), // secure connection (SSL)
debug("xferengine", "xfer %p(%d) HAD %ld BYTES WRITE LEFT",
client, client->fileDesc(), client->mWriteBuffer.length());
#endif //NDEBUG
- Selector::remove(client->io);
+ if (client->io.fd () != -1) { // did we have a live socket?
+ Selector::remove(client->io);
+ }
+
client->io = FileDesc(); // invalidate
}
//@@@ feed back for more output here? But also see comments above...
//@@@ probably better to take the trip through the Selector
}
- } catch (CssmCommonError &err) {
+ } catch (const CssmCommonError &err) {
transitError(err);
} catch (...) {
transitError(UnixError::make(EIO)); // best guess (could be anything)
--- /dev/null
+Web Resources for MacOS Data Security
+
+
+This code contains a Darwin version of CDSA along with many other security libraries.
+
+Information about CDSA may be obtained from the OpenGroup web site at:
+
+ http://www.opengroup.org/pubs/catalog/c914.htm
+
+Further information regarding the security of the MacOSX product is available at:
+
+ http://www.apple.com/support/security/
+
+Developers wishing to know more about developing their products in a manner consistent with
+MacOS security should view:
+
+ http://developer.apple.com/macos/security.html
+
+
# Created and modified by checkpoint; do not edit
# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:58 mb Exp $
-# $Name: Security-30~1 $
+# $Name: $
ProjectName: SecureTransport
ProjectVersion: 3
mCspHand(CSSM_INVALID_HANDLE),
mClHand(CSSM_INVALID_HANDLE),
mTpHand(CSSM_INVALID_HANDLE),
+ #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE
+ mCspDlHand(CSSM_INVALID_HANDLE),
+ #endif
mCssmInitd(false)
{ }
~ModuleAttacher();
CSSM_RETURN loadAllModules(
CSSM_CSP_HANDLE &cspHand,
CSSM_CL_HANDLE &clHand,
- CSSM_TP_HANDLE &tpHand);
+ CSSM_TP_HANDLE &tpHand
+ #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE
+ ,
+ CSSM_CSP_HANDLE &cspDlHand
+ #endif
+ );
private:
/* on all private member functions, mLock held on entry and exit */
CSSM_CSP_HANDLE mCspHand;
CSSM_TP_HANDLE mClHand;
CSSM_TP_HANDLE mTpHand;
+ #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE
+ CSSM_CSP_HANDLE mCspDlHand;
+ #endif
bool mCssmInitd;
Mutex mLock;
};
if(mClHand != CSSM_INVALID_HANDLE) {
unloadModule(mClHand, &gGuidAppleX509CL);
}
+ #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE
+ if(mCspDlHand != CSSM_INVALID_HANDLE) {
+ unloadModule(mCspDlHand, &gGuidAppleCSPDL);
+ }
+ #endif
}
static const CSSM_VERSION cssmVers = {2, 0};
NULL, // eventHandler
NULL); // AppNotifyCallbackCtx
if(crtn) {
- errorLog2("AppleX509CLSession::cspAttach: error (%s) loading %s\n",
+ errorLog2("ModuleAttacher::loadModule: error (%s) loading %s\n",
stCssmErrToStr(crtn), modName);
return CSSM_INVALID_HANDLE;
}
NULL, // reserved
&hand);
if(crtn) {
- errorLog2("AppleX509CLSession::cspAttach: error (%s) attaching to %s\n",
+ errorLog2("ModuleAttacher::loadModule: error (%s) attaching to %s\n",
stCssmErrToStr(crtn), modName);
return CSSM_INVALID_HANDLE;
}
CSSM_RETURN ModuleAttacher::loadAllModules(
CSSM_CSP_HANDLE &cspHand,
CSSM_CL_HANDLE &clHand,
- CSSM_TP_HANDLE &tpHand)
+ CSSM_TP_HANDLE &tpHand
+ #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE
+ ,
+ CSSM_CSP_HANDLE &cspDlHand
+ #endif
+ )
{
StLock<Mutex> _(mLock);
return CSSMERR_CSSM_ADDIN_LOAD_FAILED;
}
}
+ #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE
+ if(mCspDlHand == CSSM_INVALID_HANDLE) {
+ mCspDlHand = loadModule(CSSM_SERVICE_CSP, &gGuidAppleCSPDL, "AppleCSPDL");
+ if(mCspDlHand == CSSM_INVALID_HANDLE) {
+ return CSSMERR_CSSM_ADDIN_LOAD_FAILED;
+ }
+ }
+ cspDlHand = mCspDlHand;
+ #endif
cspHand = mCspHand;
clHand = mClHand;
tpHand = mTpHand;
CSSM_RETURN attachToModules(
CSSM_CSP_HANDLE *cspHand,
CSSM_CL_HANDLE *clHand,
- CSSM_TP_HANDLE *tpHand)
+ CSSM_TP_HANDLE *tpHand
+ #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE
+ ,
+ CSSM_CSP_HANDLE *cspDlHand
+ #endif
+ )
{
- return moduleAttacher().loadAllModules(*cspHand, *clHand, *tpHand);
+ return moduleAttacher().loadAllModules(*cspHand, *clHand, *tpHand
+ #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE
+ ,
+ *cspDlHand
+ #endif
+ );
}
#define _MODULE_ATTACHER_H_
#include <Security/cssmtype.h>
+#include "sslBuildFlags.h"
#ifdef __cplusplus
extern "C" {
extern CSSM_RETURN attachToModules(
CSSM_CSP_HANDLE *cspHand,
CSSM_CL_HANDLE *clHand,
- CSSM_TP_HANDLE *tpHand);
+ CSSM_TP_HANDLE *tpHand
+ #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE
+ ,
+ /* manually attach to secure CSP/DL; eventually we get this from
+ * SecKeychainAPI */
+ CSSM_CSP_HANDLE *cspDlHandle
+ #endif
+ );
#ifdef __cplusplus
}
- SecureTransport notes\r 8 Nov 1999 dmitch\r \rCurrent status of this project:\r\rNote "Version" refers to SSL2 vs. SSL3. "Mode" refers to client vs. server.\r\r-- All modes require domestic CSP. \r\r-- Both modes require post-Sonata CSP mods which allow \r specification of raw symmetric key bits. These CSP changes \r have been checked in prior to 8 Nov 1999.\r\r-- Server mode requires post-Sonata CSP mods which allow \r asymmetric keys to have multiple KeyUsage flags set - \r specifically, private keys must be able to sign and \r decrypt; public keys must be able to verify and encrypt.\r These CSP changes have NOT been checked in as of 8 Nov 1999;\r final implementation pending input from A. Perez. \r\r-- Client mode works in both versions, both domestic and export. \r\r-- Server mode works with Netscape client 4.6.1 on Mac. \r Operation with IE on Mac is flaky - sometimes it works,\r sometimes not. Server untested with Windows clients. \r\r-- Client authentication is not tested. \r\r-- No support for session resumption. This needs a thread-safe\r database, to be implemented in appleSession.c.\r\r
\ No newline at end of file
+ SecureTransport notes
+ 14 Feb 2002 dmitch
+
+-- Server-side cert usage and configuration is highly application dependent.
+
+ -- Although the use of server-initiated key exchange is optional under
+ the SSL3 spec, Netscape browsers (4.61 through 4.75) will not tolerate
+ this operation unless an exportable cipher is selected. The current
+ configuration of the library will attempt to perform server-initiated
+ key exchange if and only if the app has specified an encryption
+ certificate via SSLSetEncryptionCertificate(). Thus, in a config
+ which is required to work with Netscape browsers, if non-export
+ (i.e., strong) ciphers are to be supported, encryption certs
+ must NOT be specified, and the server cert specified in SSLSetCertificate()
+ must be capable of both signing and encryption. This applies to the underlying
+ keys as well.
+
+ -- On top of that, even in a situation where Netscape will allow a server-
+ initiated key exchange (export cipher, app specifies both kinds of certs),
+ Netscape will abort if the *signing-only* cert (specified in
+ SSLSetCertificate()) is not capable of encryption! In this case that cert
+ is never even used for encryption. But that is the real world.
+
+ Thus, to work with Netscape browsers with export-grade ciphers, the main
+ signing cert still has to be capable of encryption, even if the app specifies
+ a separate encryption cert.
+
+ -- The SSL_SERVER_KEYEXCH_HACK flag, in sslBuildFlags.h, was previously used
+ to work around the above-mentioned Netscape bug; when this flag is true,
+ server-initiated key exchange is only performed if an encrypting cert is
+ specified AND an export-grade cipher is selected. The current config has
+ this flag set false.
+
+ -- SSL2 server-side operation requires the presence of a cert and key which is
+ capable of encryption (not signing). One cert, specified in SSLSetCertificate(),
+ can support both SSL2 and SSL3 if and only if it is capable of both signing
+ and encryption.
+
+-- Server mode operation with IE is fully functional and reliable. There is a
+ bug in IE which is worked around in SSLEncodeServerHello(), in hdskhelo.c.
+ See comments there. Tested with IE 5.0 on OS 9 and 5.1.3 on OS X.
+
+-- Server untested with Windows clients.
+
+-- Client authentication is not tested.
+
archiveVersion = 1;
classes = {
};
- objectVersion = 31;
+ objectVersion = 38;
objects = {
00E4CE33FF9B8B71D0A17CE7 = {
buildStyles = (
isa = PBXProject;
mainGroup = 00E4CE34FF9B8B71D0A17CE7;
productRefGroup = 00E4CE35FF9B8CA8D0A17CE7;
- projectDirPath = .;
+ projectDirPath = "";
targets = (
00E4CE37FF9B8CA8D0A17CE7,
00E4CE38FF9B8CA8D0A17CE7,
buildPhases = (
);
buildSettings = {
- OPTIMIZATION_CFLAGS = "";
OTHER_CFLAGS = "";
OTHER_LDFLAGS = "";
OTHER_REZFLAGS = "";
SECTORDER_FLAGS = "";
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
};
- conditionalBuildSettings = {
- };
dependencies = (
00E4CEBEFF9B99B0D0A17CE7,
);
00E4CE3DFF9B8CA8D0A17CE7,
);
buildSettings = {
- DEPLOYMENT_OPTIMIZATION_CFLAGS = "-O3";
DYLIB_COMPATIBILITY_VERSION = 1;
DYLIB_CURRENT_VERSION = 1;
EXPORTED_SYMBOLS_FILE = secureTransport.exp;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYMROOT)\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
+ FRAMEWORK_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\" /Volumes/Data_and_Apps/dmitchBuildRelease";
FRAMEWORK_VERSION = A;
HEADER_SEARCH_PATHS = "\"$(SRCROOT)/privateInc\"";
INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas -Wno-format";
WRAPPER_EXTENSION = framework;
};
- conditionalBuildSettings = {
- };
dependencies = (
);
isa = PBXFrameworkTarget;
00E4CE65FF9B8EABD0A17CE7,
00E4CE66FF9B8EABD0A17CE7,
00E4CE67FF9B8EABD0A17CE7,
- 00E4CE68FF9B8EABD0A17CE7,
- 00E4CE6BFF9B8EABD0A17CE7,
00E4CE6CFF9B8EABD0A17CE7,
00E4CE6DFF9B8EABD0A17CE7,
00E4CE6EFF9B8EABD0A17CE7,
00E4CEB7FF9B909FD0A17CE7,
00E4CEB8FF9B909FD0A17CE7,
0145E21DFFEED50A7F000001,
+ 9D1B441A01F5ED1200003D05,
+ 9D1B441B01F5ED1200003D05,
+ 9D1B441C01F5ED1200003D05,
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
00E4CE3AFF9B8CA8D0A17CE7 = {
buildActionMask = 2147483647;
files = (
+ 9D1B441D01F5ED1200003D05,
+ 9D1B441E01F5ED1200003D05,
+ 9D1B441F01F5ED1200003D05,
+ 9D1B442001F5ED1200003D05,
);
isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
};
00E4CE3BFF9B8CA8D0A17CE7 = {
buildActionMask = 2147483647;
files = (
00E4CE82FF9B8F1DD0A17CE7,
00E4CE83FF9B8F1DD0A17CE7,
- 00E4CE84FF9B8F1DD0A17CE7,
00E4CE85FF9B8F1DD0A17CE7,
00E4CE9BFF9B8FE5D0A17CE7,
- 00E4CE9CFF9B8FE5D0A17CE7,
00E4CE9EFF9B8FE5D0A17CE7,
00E4CE9FFF9B8FE5D0A17CE7,
00E4CEA0FF9B8FE5D0A17CE7,
00E4CEA1FF9B8FE5D0A17CE7,
- 00E4CEA2FF9B8FE5D0A17CE7,
00E4CEA3FF9B8FE5D0A17CE7,
- 00E4CEA4FF9B8FE5D0A17CE7,
00E4CEA5FF9B8FE5D0A17CE7,
00E4CEA6FF9B8FE5D0A17CE7,
00E4CEA7FF9B8FE5D0A17CE7,
00E4CEC0FF9B9A4ED0A17CE7,
00E4CEC2FF9BA51FD0A17CE7,
0145E21EFFEED50A7F000001,
+ 9D1B442601F5ED3000003D05,
+ 9D1B442701F5ED3000003D05,
+ 9D1B442801F5ED3000003D05,
+ 9D1B442901F5ED3000003D05,
+ 9D1B442A01F5ED3000003D05,
+ 9D1B443101F5EE8D00003D05,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
00E4CE3CFF9B8CA8D0A17CE7 = {
buildActionMask = 2147483647;
files = (
- 1F123555FF9CE352D0A17CE7,
- 1F123558FF9CE3A5D0A17CE7,
1F123559FF9CE3A5D0A17CE7,
- 1F12355DFF9CE43ED0A17CE7,
- 1F12355EFF9CE43ED0A17CE7,
+ 9D1B442C01F5ED9400003D05,
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
00E4CE3DFF9B8CA8D0A17CE7 = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
00E4CE3EFF9B8E08D0A17CE7 = {
children = (
children = (
00E4CEB5FF9B909FD0A17CE7,
00E4CEB6FF9B909FD0A17CE7,
+ 9D1B441201F5ED1200003D05,
);
isa = PBXGroup;
name = "Public Headers";
00E4CE46FF9B8EABD0A17CE7,
00E4CE47FF9B8EABD0A17CE7,
00E4CE48FF9B8EABD0A17CE7,
- 00E4CE49FF9B8EABD0A17CE7,
0145E21CFFEED50A7F000001,
- 00E4CE4CFF9B8EABD0A17CE7,
00E4CE4DFF9B8EABD0A17CE7,
00E4CE4EFF9B8EABD0A17CE7,
00E4CE4FFF9B8EABD0A17CE7,
00E4CE5CFF9B8EABD0A17CE7,
00E4CE5DFF9B8EABD0A17CE7,
00E4CE5EFF9B8EABD0A17CE7,
+ 9D1B441301F5ED1200003D05,
+ 9D1B441801F5ED1200003D05,
+ 9D1B441901F5ED1200003D05,
);
isa = PBXGroup;
name = "Private Headers";
path = privateInc/digests.h;
refType = 4;
};
- 00E4CE49FF9B8EABD0A17CE7 = {
- isa = PBXFileReference;
- name = md5.h;
- path = privateInc/md5.h;
- refType = 4;
- };
- 00E4CE4CFF9B8EABD0A17CE7 = {
- isa = PBXFileReference;
- name = sha.h;
- path = privateInc/sha.h;
- refType = 4;
- };
00E4CE4DFF9B8EABD0A17CE7 = {
isa = PBXFileReference;
name = ssl.h;
children = (
00E4CE7EFF9B8F1DD0A17CE7,
00E4CE7FFF9B8F1DD0A17CE7,
- 00E4CE80FF9B8F1DD0A17CE7,
00E4CE81FF9B8F1DD0A17CE7,
00E4CE91FF9B8FE5D0A17CE7,
- 00E4CE92FF9B8FE5D0A17CE7,
00E4CE94FF9B8FE5D0A17CE7,
00E4CEC1FF9BA51FD0A17CE7,
0145E21BFFEED50A7F000001,
+ 9D1B442101F5ED3000003D05,
+ 9D1B442201F5ED3000003D05,
+ 9D1B442301F5ED3000003D05,
+ 9D1B442401F5ED3000003D05,
+ 9D1B442501F5ED3000003D05,
+ 9D1B443001F5EE8D00003D05,
);
isa = PBXGroup;
name = Apple;
00E4CE60FF9B8EABD0A17CE7 = {
children = (
00E4CE95FF9B8FE5D0A17CE7,
- 00E4CE96FF9B8FE5D0A17CE7,
00E4CE97FF9B8FE5D0A17CE7,
- 00E4CE98FF9B8FE5D0A17CE7,
);
isa = PBXGroup;
name = "Embedded Crypto";
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE63FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE64FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE65FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE66FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE67FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00E4CE68FF9B8EABD0A17CE7 = {
- fileRef = 00E4CE49FF9B8EABD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00E4CE6BFF9B8EABD0A17CE7 = {
- fileRef = 00E4CE4CFF9B8EABD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE6CFF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE6DFF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE6EFF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE6FFF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE70FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE71FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE72FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE73FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE75FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE76FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE77FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE78FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE79FF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE7AFF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE7BFF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE7CFF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE7DFF9B8EABD0A17CE7 = {
ATTRIBUTES = (
Private,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CE7EFF9B8F1DD0A17CE7 = {
path = appleGlue.c;
refType = 4;
};
- 00E4CE80FF9B8F1DD0A17CE7 = {
- isa = PBXFileReference;
- path = appleSession.c;
- refType = 4;
- };
00E4CE81FF9B8F1DD0A17CE7 = {
isa = PBXFileReference;
path = sslKeychain.c;
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00E4CE84FF9B8F1DD0A17CE7 = {
- fileRef = 00E4CE80FF9B8F1DD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
path = cipherSpecs.c;
refType = 4;
};
- 00E4CE92FF9B8FE5D0A17CE7 = {
- isa = PBXFileReference;
- path = sslBER.cpp;
- refType = 4;
- };
00E4CE94FF9B8FE5D0A17CE7 = {
isa = PBXFileReference;
path = symCipher.c;
path = digests.c;
refType = 4;
};
- 00E4CE96FF9B8FE5D0A17CE7 = {
- isa = PBXFileReference;
- path = md5.c;
- refType = 4;
- };
00E4CE97FF9B8FE5D0A17CE7 = {
isa = PBXFileReference;
path = nullciph.c;
refType = 4;
};
- 00E4CE98FF9B8FE5D0A17CE7 = {
- isa = PBXFileReference;
- path = sha.c;
- refType = 4;
- };
00E4CE99FF9B8FE5D0A17CE7 = {
isa = PBXFileReference;
path = sslalloc.c;
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00E4CE9CFF9B8FE5D0A17CE7 = {
- fileRef = 00E4CE92FF9B8FE5D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00E4CEA2FF9B8FE5D0A17CE7 = {
- fileRef = 00E4CE96FF9B8FE5D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00E4CEA4FF9B8FE5D0A17CE7 = {
- fileRef = 00E4CE98FF9B8FE5D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CEB8FF9B909FD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
00E4CEB9FF9B909FD0A17CE7 = {
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
+//000
+//001
+//002
+//003
+//004
+//010
+//011
+//012
+//013
+//014
0145E21BFFEED50A7F000001 = {
isa = PBXFileReference;
path = ModuleAttacher.cpp;
fileRef = 0145E21CFFEED50A7F000001;
isa = PBXBuildFile;
settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
0145E21EFFEED50A7F000001 = {
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
- 1F123554FF9CE352D0A17CE7 = {
- isa = PBXFrameworkReference;
- name = cdsa.framework;
- path = /System/Library/PrivateFrameworks/cdsa.framework;
- refType = 0;
- };
- 1F123555FF9CE352D0A17CE7 = {
- fileRef = 1F123554FF9CE352D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 1F123556FF9CE3A5D0A17CE7 = {
- isa = PBXFrameworkReference;
- name = cdsa_utilities.framework;
- path = /System/Library/PrivateFrameworks/cdsa_utilities.framework;
- refType = 0;
- };
+//010
+//011
+//012
+//013
+//014
+//1F0
+//1F1
+//1F2
+//1F3
+//1F4
1F123557FF9CE3A5D0A17CE7 = {
isa = PBXFrameworkReference;
name = CoreFoundation.framework;
path = /System/Library/Frameworks/CoreFoundation.framework;
refType = 0;
};
- 1F123558FF9CE3A5D0A17CE7 = {
- fileRef = 1F123556FF9CE3A5D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
1F123559FF9CE3A5D0A17CE7 = {
fileRef = 1F123557FF9CE3A5D0A17CE7;
isa = PBXBuildFile;
settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
1F12355AFF9CE43ED0A17CE7 = {
children = (
- 1F123554FF9CE352D0A17CE7,
- 1F123556FF9CE3A5D0A17CE7,
1F123557FF9CE3A5D0A17CE7,
- 1F12355BFF9CE43ED0A17CE7,
- 1F12355CFF9CE43ED0A17CE7,
+ 9D1B442B01F5ED9400003D05,
);
isa = PBXGroup;
name = Frameworks;
refType = 4;
};
- 1F12355BFF9CE43ED0A17CE7 = {
- isa = PBXFrameworkReference;
- name = SecuritySNACCRuntime.framework;
- path = /System/Library/PrivateFrameworks/SecuritySNACCRuntime.framework;
- refType = 0;
- };
- 1F12355CFF9CE43ED0A17CE7 = {
- isa = PBXFrameworkReference;
- name = SecurityASN1.framework;
- path = /System/Library/PrivateFrameworks/SecurityASN1.framework;
- refType = 0;
- };
- 1F12355DFF9CE43ED0A17CE7 = {
- fileRef = 1F12355BFF9CE43ED0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 1F12355EFF9CE43ED0A17CE7 = {
- fileRef = 1F12355CFF9CE43ED0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
+//1F0
+//1F1
+//1F2
+//1F3
+//1F4
+//480
+//481
+//482
+//483
+//484
48499A08FFCB05657F000001 = {
buildRules = (
);
buildSettings = {
COPY_PHASE_STRIP = NO;
+ OPTIMIZATION_CFLAGS = "-O0";
};
isa = PBXBuildStyle;
name = Development;
isa = PBXBuildStyle;
name = Deployment;
};
+//480
+//481
+//482
+//483
+//484
+//9D0
+//9D1
+//9D2
+//9D3
+//9D4
+ 9D1B441201F5ED1200003D05 = {
+ isa = PBXFileReference;
+ path = "securetransport++.h";
+ refType = 4;
+ };
+ 9D1B441301F5ED1200003D05 = {
+ children = (
+ 9D1B441401F5ED1200003D05,
+ 9D1B441501F5ED1200003D05,
+ 9D1B441601F5ED1200003D05,
+ 9D1B441701F5ED1200003D05,
+ );
+ isa = PBXGroup;
+ name = CVS;
+ path = privateInc/CVS;
+ refType = 4;
+ };
+ 9D1B441401F5ED1200003D05 = {
+ isa = PBXFileReference;
+ path = Entries;
+ refType = 4;
+ };
+ 9D1B441501F5ED1200003D05 = {
+ isa = PBXFileReference;
+ path = Repository;
+ refType = 4;
+ };
+ 9D1B441601F5ED1200003D05 = {
+ isa = PBXFileReference;
+ path = Root;
+ refType = 4;
+ };
+ 9D1B441701F5ED1200003D05 = {
+ isa = PBXFileReference;
+ path = Template;
+ refType = 4;
+ };
+ 9D1B441801F5ED1200003D05 = {
+ isa = PBXFileReference;
+ name = tls_hmac.h;
+ path = privateInc/tls_hmac.h;
+ refType = 4;
+ };
+ 9D1B441901F5ED1200003D05 = {
+ isa = PBXFileReference;
+ name = tls_ssl.h;
+ path = privateInc/tls_ssl.h;
+ refType = 4;
+ };
+ 9D1B441A01F5ED1200003D05 = {
+ fileRef = 9D1B441801F5ED1200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B441B01F5ED1200003D05 = {
+ fileRef = 9D1B441901F5ED1200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B441C01F5ED1200003D05 = {
+ fileRef = 9D1B441201F5ED1200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B441D01F5ED1200003D05 = {
+ fileRef = 9D1B441401F5ED1200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B441E01F5ED1200003D05 = {
+ fileRef = 9D1B441501F5ED1200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B441F01F5ED1200003D05 = {
+ fileRef = 9D1B441601F5ED1200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B442001F5ED1200003D05 = {
+ fileRef = 9D1B441701F5ED1200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B442101F5ED3000003D05 = {
+ isa = PBXFileReference;
+ path = appleSession.cpp;
+ refType = 4;
+ };
+ 9D1B442201F5ED3000003D05 = {
+ isa = PBXFileReference;
+ path = "securetransport++.cpp";
+ refType = 4;
+ };
+ 9D1B442301F5ED3000003D05 = {
+ isa = PBXFileReference;
+ path = ssl3Callouts.c;
+ refType = 4;
+ };
+ 9D1B442401F5ED3000003D05 = {
+ isa = PBXFileReference;
+ path = tls_hmac.c;
+ refType = 4;
+ };
+ 9D1B442501F5ED3000003D05 = {
+ isa = PBXFileReference;
+ path = tls1Callouts.c;
+ refType = 4;
+ };
+ 9D1B442601F5ED3000003D05 = {
+ fileRef = 9D1B442101F5ED3000003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B442701F5ED3000003D05 = {
+ fileRef = 9D1B442201F5ED3000003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B442801F5ED3000003D05 = {
+ fileRef = 9D1B442301F5ED3000003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B442901F5ED3000003D05 = {
+ fileRef = 9D1B442401F5ED3000003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B442A01F5ED3000003D05 = {
+ fileRef = 9D1B442501F5ED3000003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B442B01F5ED9400003D05 = {
+ isa = PBXFrameworkReference;
+ name = Security.framework;
+ path = /Volumes/Data_and_Apps/dmitchBuildRelease/Security.framework;
+ refType = 0;
+ };
+ 9D1B442C01F5ED9400003D05 = {
+ fileRef = 9D1B442B01F5ED9400003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1B443001F5EE8D00003D05 = {
+ isa = PBXFileReference;
+ path = sslBER_Dummy.c;
+ refType = 4;
+ };
+ 9D1B443101F5EE8D00003D05 = {
+ fileRef = 9D1B443001F5EE8D00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
};
rootObject = 00E4CE33FF9B8B71D0A17CE7;
}
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
*/
-#ifndef _CIPHER_SUITE_H_
-#define _CIPHER_SUITE_H_
+#ifndef _SECURITY_CIPHERSUITE_H_
+#define _SECURITY_CIPHERSUITE_H_
/* fetch Uint32 */
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
SSL_NO_SUCH_CIPHERSUITE = 0xFFFF
};
-#endif /* _CIPHER_SUITE_H_ */
+#endif /* !_SECURITY_CIPHERSUITE_H_ */
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
/*
File: SecureTransport.h
- Contains: Public API for Apple SSL 3.0 Implementation
+ Contains: Public API for Apple SSL/TLS Implementation
- Written by: Doug Mitchell
-
- Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
+ Copyright: (c) 1999-2002 by Apple Computer, Inc., all rights reserved.
*/
-#ifndef _SECURE_TRANSPORT_H_
-#define _SECURE_TRANSPORT_H_
+#ifndef _SECURITY_SECURETRANSPORT_H_
+#define _SECURITY_SECURETRANSPORT_H_
-/*
- * Initial X port: no keychain storage of certs; no server mode, no
- * client-side authentication.
- */
-#define ST_KEYCHAIN_ENABLE 0
-#define ST_SERVER_MODE_ENABLE 0
+/* Current capabilities */
+#define ST_SERVER_MODE_ENABLE 1
#define ST_CLIENT_AUTHENTICATION 0
/*
* This file describes the public API for an implementation of the
- * Secure Socket Layer, V. 3.0. This implementation is based on Netscape's
- * SSLRef 3.0, modified for Apple use. (Appropriate copyrights and
- * acknowledgements are found elsewhere, and in all files containing
- * Netscape code.)
+ * Secure Socket Layer, V. 3.0, and Transport Layer Security, V. 1.0.
+ * This implementation is based on Netscape's SSLRef 3.0, modified
+ * for Apple use. (Appropriate copyrights and acknowledgements are
+ * found elsewhere, and in all files containing Netscape code.)
*
* As in SSLRef 3.0, there no transport layer dependencies in this library;
* it can be used with sockets, Open Transport, etc. Applications using
* on underlying network connections. Applications are also responsible
* for setting up raw network connections; the application passes in
* an opaque reference to the underlying (connected) entity at the
- * start of an SSL session.
+ * start of an SSL session in the form of an SSLConnectionRef.
*
* Some terminology:
*
* two calls, inclusive.
*
* An SSL Session Context, or SSLContextRef, is an opaque reference in this
- * library to the state associated with one session.
+ * library to the state associated with one session. A SSLContextRef cannot
+ * be reused for multiple sessions.
*/
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
-//#include <CoreServices/CoreServices.h>
-#include <CoreFoundation/CFData.h>
#include <CoreFoundation/CFArray.h>
#include <Security/CipherSuite.h>
-
-#if ST_KEYCHAIN_ENABLE
-#include <Keychain.h>
-#endif /* ST_KEYCHAIN_ENABLE */
+#include <sys/types.h>
#ifdef __cplusplus
extern "C" {
/* SSL Protocol version */
typedef enum {
- kSSLProtocolUnknown, /* no protocol negotiated/specified */
+ kSSLProtocolUnknown, /* no protocol negotiated/specified; use default */
kSSLProtocol2, /* SSL 2.0 only */
kSSLProtocol3, /* SSL 3.0 preferred, 2.0 OK if peer requires */
- kSSLProtocol3Only /* use SSL 3.0 only, fail if peer tries to
+ kSSLProtocol3Only, /* use SSL 3.0 only, fail if peer tries to
* negotiate 2.0 */
+ kTLSProtocol1, /* TLS 1.0 preferred, lower versions OK */
+ kTLSProtocol1Only /* TLS 1.0 only */
} SSLProtocol;
/* State of an SSLSession */
void *data, /* owned by
* caller, data
* RETURNED */
- UInt32 *dataLength); /* IN/OUT */
+ size_t *dataLength); /* IN/OUT */
typedef OSStatus
(*SSLWriteFunc) (SSLConnectionRef connection,
const void *data,
- UInt32 *dataLength); /* IN/OUT */
+ size_t *dataLength); /* IN/OUT */
/*************************************************
SSLWriteFunc write);
/*
- * Get/set SSL protocol version; optional. Default for client is is
- * kSSLProtocolUnknown (which works with whatever the server prefers);
- * default for server side is kSSLProtocol3 (which prefers SSL3 but
- * works with SSL2-only clients).
+ * Get/set SSL protocol version; optional. Default is kSSLProtocolUnknown,
+ * in which case the highest possible version (currently kTLSProtocol1)
+ * is attempted, but a lower version is accepted if the peer requires it.
*
* SSLSetProtocolVersion can not be called when a session is active.
*/
* Specify this connection's certificate(s). This is mandatory for
* server connections, optional for clients. Specifying a certificate
* for a client enables SSL client-side authentication. The end-entity
- * cert is in certRef[0]. Specifying a root cert is optional; if it's
+ * cert is in certRefs[0]. Specifying a root cert is optional; if it's
* not specified, the root cert which verifies the cert chain specified
- * here must have been specified in SSLSetTrustedRootCertKC().
+ * here must be present in the system-wide set of trusted anchor certs.
*
- * The certRefs argument is a CFArray containing KCItemRefs.
+ * The certRefs argument is a CFArray containing SecCertificateRefs,
+ * except for certRefs[0], which is a SecIdentityRef.
*
* Can only be called when no session is active.
*
*
* -- The certRef references remains valid for the lifetime of the
* session.
- * -- The specified certRef[0] is capable of signing.
- * -- In order for a server connection to work with SSL3 protocol,
- * the private key associated with certRef[0] must ALSO be
- * capable of decryption. This is a workaround for a known
- * Netscape bug.
+ * -- The specified certRefs[0] is capable of signing.
+ * -- The required capabilities of the certRef[0], and of the optional cert
+ * specified in SSLSetEncryptionCertificate (see below), are highly
+ * dependent on the application. For example, to work as a server with
+ * Netscape clients, the cert specified here must be capable of both
+ * signing and encrypting.
*/
OSStatus
SSLSetCertificate (SSLContextRef context,
#endif /* (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION) */
-#if ST_KEYCHAIN_ENABLE
-
-/*
- * Specify a Keychain containing trusted root certificates.
- * Optional; the Keychain's root certs either are appended to or
- * replace the existing SSLContextRef's root certs, which are initialized
- * to a system-wide set of trusted roots at SSLContextAlloc().
- *
- * Can not be called while a session is active.
- */
-OSStatus
-SSLSetTrustedRootCertKC (SSLContextRef context,
- KCRef keyChainRef,
- Boolean deleteExisting);
-
-/*
- * Specify a Keychain (and access credentials for the keychain)
- * to which newly encountered root certs are attempted to be
- * added. This may or may not result in user interaction, depending
- * on the configuration of the keychain and of the specified
- * accesssCreds.
- *
- * Can not be called while a session is active and can only be
- * called a maximum of one time per SSLContextRef.
- */
-OSStatus
-SSLSetNewRootKC (SSLContextRef context,
- KCRef keyChainRef,
- void *accessCreds);
-
-#endif /* ST_KEYCHAIN_ENABLE */
-
/*
* Specify I/O connection - a socket, endpoint, etc., which is
* managed by caller. On the client side, it's assumed that communication
SSLSetConnection (SSLContextRef context,
SSLConnectionRef connection);
+/*
+ * Specify the fully qualified doman name of the peer, e.g., "store.apple.com."
+ * Optional; used to verify the common name field in peer's certificate.
+ * Name is in the form of a C string; NULL termination optional, i.e.,
+ * peerName[peerNameLen[1] may or may not have a NULL. In any case peerNameLen
+ * is the number of bytes of the peer domain name.
+ */
+OSStatus
+SSLSetPeerDomainName (SSLContextRef context,
+ const char *peerName,
+ size_t peerNameLen);
+
+/*
+ * Determine the buffer size needed for SSLGetPeerDomainName().
+ */
+OSStatus
+SSLGetPeerDomainNameLength (SSLContextRef context,
+ size_t *peerNameLen); // RETURNED
+
+/*
+ * Obtain the value specified in SSLSetPeerDomainName().
+ */
+OSStatus
+SSLGetPeerDomainName (SSLContextRef context,
+ char *peerName, // returned here
+ size_t *peerNameLen); // IN/OUT
+
/*
* Obtain the actual negotiated protocol version of the active
* session, which may be different that the value specified in
*/
OSStatus
SSLGetNumberSupportedCiphers (SSLContextRef context,
- UInt32 *numCiphers);
+ size_t *numCiphers);
OSStatus
SSLGetSupportedCiphers (SSLContextRef context,
SSLCipherSuite *ciphers, /* RETURNED */
- UInt32 *numCiphers); /* IN/OUT */
+ size_t *numCiphers); /* IN/OUT */
/*
- * Specify a (typlically) restricted set of SSLCipherSuites to be enabled by
+ * Specify a (typically) restricted set of SSLCipherSuites to be enabled by
* the current SSLContext. Can only be called when no session is active. Default
* set of enabled SSLCipherSuites is the same as the complete set of supported
* SSLCipherSuites as obtained by SSLGetSupportedCiphers().
OSStatus
SSLSetEnabledCiphers (SSLContextRef context,
const SSLCipherSuite *ciphers,
- UInt32 numCiphers);
+ size_t numCiphers);
/*
* Determine number and values of all of the SSLCipherSuites currently enabled.
*/
OSStatus
SSLGetNumberEnabledCiphers (SSLContextRef context,
- UInt32 *numCiphers);
+ size_t *numCiphers);
OSStatus
SSLGetEnabledCiphers (SSLContextRef context,
SSLCipherSuite *ciphers, /* RETURNED */
- UInt32 *numCiphers); /* IN/OUT */
+ size_t *numCiphers); /* IN/OUT */
/*
* errSSLCertExpired error.
*/
OSStatus
-SSLSetAllowExpiredCerts (SSLContextRef context,
- Boolean allowExpired);
+SSLSetAllowsExpiredCerts (SSLContextRef context,
+ Boolean allowsExpired);
/*
* Obtain the current value of an SSLContext's "allowExpiredCerts" flag.
*/
OSStatus
-SSLGetAllowExpiredCerts (SSLContextRef context,
- Boolean *allowExpired); /* RETURNED */
+SSLGetAllowsExpiredCerts (SSLContextRef context,
+ Boolean *allowsExpired); /* RETURNED */
/*
* Specify option of allowing for an unknown root cert, i.e., one which
* allowing connection to a totally untrusted peer.
*/
OSStatus
-SSLSetAllowAnyRoot (SSLContextRef context,
+SSLSetAllowsAnyRoot (SSLContextRef context,
Boolean anyRoot);
/*
* Obtain the current value of an SSLContext's "allow any root" flag.
*/
OSStatus
-SSLGetAllowAnyRoot (SSLContextRef context,
+SSLGetAllowsAnyRoot (SSLContextRef context,
Boolean *anyRoot); /* RETURNED */
/*
* a handshake attempt.
*
* The certs argument is a CFArray containing CFDataRefs, each
- * of which is one DER-encoded cert. The entire array is mallocd
- * by the SecureTransport library. The cert at the end of the
- * returned array is the subject (end entity) cert; the root cert
- * (or the closest cert to it) is in index 0 of the returned array.
+ * of which is one DER-encoded cert. The entire array is created
+ * by the SecureTransport library and must be released by the caller.
+ * The cert at the end of the returned array is the subject (end
+ * entity) cert; the root cert (or the closest cert to it) is in
+ * index 0 of the returned array.
*/
OSStatus
SSLGetPeerCertificates (SSLContextRef context,
* would be IP address and port, stored in some caller-private manner.
* To be optionally called prior to SSLHandshake for the current
* session. This is mandatory if this session is to be resumable.
+ *
+ * SecureTransport allocates its own copy of the incoming peerID. The
+ * data provided in *peerID, while opaque to SecureTransport, is used
+ * in a byte-for-byte compare to other previous peerID values set by the
+ * current application. Matching peerID blobs result in SecureTransport
+ * attempting to resume an SSL session with the same parameters as used
+ * in the previous session which specified the same peerID bytes.
*/
OSStatus
SSLSetPeerID (SSLContextRef context,
- CFDataRef peerID);
+ const void *peerID,
+ size_t peerIDLen);
+
+/*
+ * Obtain current PeerID. Returns NULL pointer, zero length if
+ * SSLSetPeerID has not been called for this context.
+ */
+OSStatus
+SSLGetPeerID (SSLContextRef context,
+ const void **peerID,
+ size_t *peerIDLen);
/*
* Obtain the SSLCipherSuite (e.g., SSL_RSA_WITH_DES_CBC_SHA) negotiated
* used in one of the following cases:
*
* -- The end-entity certificate specified in SSLSetCertificate() is
- * not capable of encryption. (THIS REQUIREMENT IS OBSOLETE due
- * due a workaround for a Netscape bug.)
+ * not capable of encryption.
*
* -- The end-entity certificate specified in SSLSetCertificate()
* contains a key which is too large (i.e., too strong) for legal
* encryption in this session. In this case a weaker cert is
* specified here and is used for server-initiated key exchange.
*
- * -- Servers which establsh an SSL level 2 connection require
- * encryption certs. (SSL2 does not perform signing and verification,
- * only asymmetric encryption and decryption.)
- *
- * The encryptionCertRef argument is a CFArray containing
- * KCItemRefs.
+ * The certRefs argument is a CFArray containing SecCertificateRefs,
+ * except for certRefs[0], which is a SecIdentityRef.
*
* The following assumptions are made:
*
- * -- The encryptionCertRef references remains valid for the lifetime of the
+ * -- The certRefs references remains valid for the lifetime of the
* connection.
- * -- The specified encryptionCertRef[0] is capable of encryption.
+ * -- The specified certRefs[0] is capable of encryption.
*
* Can only be called when no session is active.
*
* not accept encryption certs with key sizes larger than 512
* bits for exportable ciphers. Apps which wish to use encryption
* certs with key sizes larger than 512 bits should disable the
- * use of exportable ciphers via the SSLSetExportEnable() call.
+ * use of exportable ciphers via the SSLSetEnabledCiphers() call.
*/
OSStatus
SSLSetEncryptionCertificate (SSLContextRef context,
/*
* Specify requirements for client-side authentication.
- * Optional; Default is kNeverAuthenticate, unless SSLSetTrustedRootCertKC
- * has been called, in which case the default is kTryAuthenticate.
+ * Optional; Default is kNeverAuthenticate.
*
* Can only be called when no session is active.
*/
OSStatus
SSLWrite (SSLContextRef context,
const void * data,
- UInt32 dataLength,
- UInt32 *processed); /* RETURNED */
+ size_t dataLength,
+ size_t *processed); /* RETURNED */
/*
* data is mallocd by caller; available size specified in
OSStatus
SSLRead (SSLContextRef context,
void * data, /* RETURNED */
- UInt32 dataLength,
- UInt32 *processed); /* RETURNED */
-
+ size_t dataLength,
+ size_t *processed); /* RETURNED */
+
+/*
+ * Determine how much data the client can be guaranteed to
+ * obtain via SSLRead() without blocking or causing any low-level
+ * read operations to occur.
+ */
+OSStatus
+SSLGetBufferedReadSize (SSLContextRef context,
+ size_t *bufSize); /* RETURNED */
+
/*
* Terminate current SSL session.
*/
}
#endif
-#endif /* _SECURE_TRANSPORT_H_ */
+#endif /* !_SECURITY_SECURETRANSPORT_H_ */
#include <string.h>
#include <stdlib.h>
+#include <assert.h>
#include <Security/cssm.h>
#include <Security/cssmapple.h>
#pragma mark *** Utilities ***
+/*
+ * Set up a Raw symmetric key with specified algorithm and key bits.
+ */
+SSLErr sslSetUpSymmKey(
+ CSSM_KEY_PTR symKey,
+ CSSM_ALGORITHMS alg,
+ CSSM_KEYUSE keyUse, // CSSM_KEYUSE_ENCRYPT, etc.
+ CSSM_BOOL copyKey, // true: copy keyData false: set by reference
+ uint8 *keyData,
+ uint32 keyDataLen) // in bytes
+{
+ SSLErr serr;
+ CSSM_KEYHEADER *hdr;
+
+ memset(symKey, 0, sizeof(CSSM_KEY));
+ if(copyKey) {
+ serr = stSetUpCssmData(&symKey->KeyData, keyDataLen);
+ if(serr) {
+ return serr;
+ }
+ memmove(symKey->KeyData.Data, keyData, keyDataLen);
+ }
+ else {
+ symKey->KeyData.Data = keyData;
+ symKey->KeyData.Length = keyDataLen;
+ }
+
+ /* set up the header */
+ hdr = &symKey->KeyHeader;
+ hdr->BlobType = CSSM_KEYBLOB_RAW;
+ hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
+ hdr->AlgorithmId = alg;
+ hdr->KeyClass = CSSM_KEYCLASS_SESSION_KEY;
+ hdr->LogicalKeySizeInBits = keyDataLen * 8;
+ hdr->KeyAttr = CSSM_KEYATTR_MODIFIABLE | CSSM_KEYATTR_EXTRACTABLE;
+ hdr->KeyUsage = keyUse;
+ hdr->WrapAlgorithmId = CSSM_ALGID_NONE;
+ return SSLNoErr;
+}
+
/*
* Free a CSSM_KEY - its CSP resources, KCItemRef, and the key itself.
*/
SSLErr sslFreeKey(
CSSM_CSP_HANDLE cspHand,
CSSM_KEY_PTR *key, /* so we can null it out */
- #if ST_KEYCHAIN_ENABLE
- KCItemRef *kcItem) /* optional; ditto */
- #else
- void *kcItem)
+ #if ST_KEYCHAIN_ENABLE && ST_KC_KEYS_NEED_REF
+ SecKeychainRef *kcItem)
+ #else
+ void *kcItem)
#endif
{
CASSERT(key != NULL);
sslFree(*key);
*key = NULL;
}
- #if ST_KEYCHAIN_ENABLE
+ #if ST_KEYCHAIN_ENABLE && ST_KC_KEYS_NEED_REF
if((kcItem != NULL) && (*kcItem != NULL)) {
KCReleaseItem(kcItem); /* does this NULL the referent? */
*kcItem = NULL;
CASSERT(ctx != NULL);
crtn = attachToModules(&ctx->cspHand, &ctx->clHand,
- &ctx->tpHand);
+ &ctx->tpHand
+ #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE
+ ,
+ &ctx->cspDlHand
+ #endif
+ );
if(crtn) {
return SSLAttachFailure;
}
/*
* Common RNG function; replaces SSLRef's SSLRandomFunc.
+ * FIXME - just use /dev/random.
*/
SSLErr sslRand(SSLContext *ctx, SSLBuffer *buf)
{
SSLErr sslRsaRawSign(
SSLContext *ctx,
- const CSSM_KEY_PTR privKey,
+ const CSSM_KEY *privKey,
CSSM_CSP_HANDLE cspHand,
const UInt8 *plainText,
UInt32 plainTextLen,
SSLErr sslRsaRawVerify(
SSLContext *ctx,
- const CSSM_KEY_PTR pubKey,
+ const CSSM_KEY *pubKey,
CSSM_CSP_HANDLE cspHand,
const UInt8 *plainText,
UInt32 plainTextLen,
SSLErr sslRsaRawSign(
SSLContext *ctx,
- const CSSM_KEY_PTR privKey,
+ const CSSM_KEY *privKey,
CSSM_CSP_HANDLE cspHand,
const UInt8 *plainText,
UInt32 plainTextLen,
SSLErr sslRsaRawVerify(
SSLContext *ctx,
- const CSSM_KEY_PTR pubKey,
+ const CSSM_KEY *pubKey,
CSSM_CSP_HANDLE cspHand,
const UInt8 *plainText,
UInt32 plainTextLen,
SSLErr sslRsaEncrypt(
SSLContext *ctx,
- const CSSM_KEY_PTR pubKey,
+ const CSSM_KEY *pubKey,
CSSM_CSP_HANDLE cspHand,
const UInt8 *plainText,
UInt32 plainTextLen,
}
#if RSA_PUB_KEY_USAGE_HACK
- pubKey->KeyHeader.KeyUsage |= CSSM_KEYUSE_ENCRYPT;
+ ((CSSM_KEY_PTR)pubKey)->KeyHeader.KeyUsage |= CSSM_KEYUSE_ENCRYPT;
#endif
memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
CSSM_ALGID_RSA,
&creds,
pubKey,
- CSSM_PADDING_NONE,
+ CSSM_PADDING_PKCS1,
&cryptHand);
if(crtn) {
stPrintCdsaError("CSSM_CSP_CreateAsymmetricContext", crtn);
SSLErr sslRsaDecrypt(
SSLContext *ctx,
- const CSSM_KEY_PTR privKey,
+ const CSSM_KEY *privKey,
CSSM_CSP_HANDLE cspHand,
const UInt8 *cipherText,
UInt32 cipherTextLen,
CSSM_ALGID_RSA,
&creds,
privKey,
- CSSM_PADDING_NONE,
+ CSSM_PADDING_PKCS1,
&cryptHand);
if(crtn) {
stPrintCdsaError("CSSM_CSP_CreateAsymmetricContext", crtn);
/*
* Obtain size of key in bytes.
*/
-UInt32 sslKeyLengthInBytes(const CSSM_KEY_PTR key)
+UInt32 sslKeyLengthInBytes(const CSSM_KEY *key)
{
CASSERT(key != NULL);
return (((key->KeyHeader.LogicalKeySizeInBits) + 7) / 8);
*/
SSLErr sslGetPubKeyBits(
SSLContext *ctx,
- const CSSM_KEY_PTR pubKey,
+ const CSSM_KEY *pubKey,
CSSM_CSP_HANDLE cspHand,
SSLBuffer *modulus, // data mallocd and RETURNED
SSLBuffer *exponent) // data mallocd and RETURNED
{
CSSM_KEY wrappedKey;
CSSM_BOOL didWrap = CSSM_FALSE;
- CSSM_KEYHEADER_PTR hdr;
+ const CSSM_KEYHEADER *hdr;
CSSM_CC_HANDLE ccHand;
CSSM_RETURN crtn;
SSLBuffer pubKeyBlob;
* Caller must CSSM_FreeKey and free the CSSM_KEY_PTR itself.
*
* For now, the returned cspHand is a copy of ctx->cspHand, so it
- * doesn't have to be detached later - this may change....
+ * doesn't have to be detached later - this may change.
+ *
+ * Update: since CSSM_CL_CertGetKeyInfo() doesn't provide a means for
+ * us to tell the CL what CSP to use, we really have no way of knowing
+ * what is going on here...we return the process-wide (bare) cspHand,
+ * which is currently always able to deal with this raw public key.
*/
SSLErr sslPubKeyFromCert(
SSLContext *ctx,
#endif /* 0 */
-#if ST_KEYCHAIN_ENABLE
+#if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS
/*
* Given a CSSM_CERTGROUP which fails due to CSSM_TP_INVALID_ANCHOR
return SSLNoErr;
}
-#endif /* ST_KEYCHAIN_ENABLE */
+#endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */
/* free a CSSM_CERT_GROUP */
static void sslFreeCertGroup(
CSSM_TP_CALLERAUTH_CONTEXT authCtx;
CSSM_FIELD policyId;
CSSM_DL_DB_LIST dbList;
+ CSSM_APPLE_TP_SSL_OPTIONS sslOpts;
+ CSSM_APPLE_TP_ACTION_DATA actionData;
+ /* FIXME - allowAnyRoot should probably mean "return success" with
+ * no checking */
+
numCerts = SSLGetCertificateChainLength(certChain);
if(numCerts == 0) {
/* nope */
if(certGroup.GroupList.CertList == NULL) {
return SSLMemoryErr;
}
- certGroup.CertGroupType = CSSM_CERTGROUP_ENCODED_CERT;
+ certGroup.CertGroupType = CSSM_CERTGROUP_DATA;
certGroup.CertType = CSSM_CERT_X_509v3;
certGroup.CertEncoding = CSSM_CERT_ENCODING_DER;
certGroup.NumCerts = numCerts;
c = c->next;
}
- #if 0
- if(ctx->rootCertName != NULL) {
- /* save root cert */
- writeBlob(&certGroup.CertList[numCerts-1], ctx->rootCertName);
- }
- #endif /* SSL_DEBUG */
-
memset(&vfyCtx, 0, sizeof(CSSM_TP_VERIFY_CONTEXT));
vfyCtx.Action = CSSM_TP_ACTION_DEFAULT;
vfyCtx.Cred = &authCtx;
CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials;
} CSSM_TP_CALLERAUTH_CONTEXT, *CSSM_TP_CALLERAUTH_CONTEXT_PTR;
*/
+
+ /* SSL-specific FieldValue */
+ sslOpts.Version = CSSM_APPLE_TP_SSL_OPTS_VERSION;
+ sslOpts.ServerNameLen = ctx->peerDomainNameLen;
+ sslOpts.ServerName = ctx->peerDomainName;
+
+ /* TP-wide ActionData */
+ actionData.Version = CSSM_APPLE_TP_ACTION_VERSION;
+ actionData.ActionFlags = 0x80000000; // @@@ secret root-cert-enable
+ if(ctx->allowExpiredCerts) {
+ actionData.ActionFlags |= CSSM_TP_ACTION_ALLOW_EXPIRED;
+ }
+ vfyCtx.ActionData.Data = (uint8 *)&actionData;
+ vfyCtx.ActionData.Length = sizeof(actionData);
+
/* zero or one policy here */
- policyId.FieldValue.Data = NULL;
- policyId.FieldValue.Length = 0;
policyId.FieldOid = CSSMOID_APPLE_TP_SSL;
+ policyId.FieldValue.Data = (uint8 *)&sslOpts;
+ policyId.FieldValue.Length = sizeof(sslOpts);
authCtx.Policy.NumberOfPolicyIds = 1;
authCtx.Policy.PolicyIds = &policyId;
- authCtx.Policy.PolicyControl = ctx->allowExpiredCerts ?
- CSSM_TP_ALLOW_EXPIRE : NULL;
+
authCtx.VerifyTime = NULL;
authCtx.VerificationAbortOn = CSSM_TP_STOP_ON_POLICY;
authCtx.CallbackWithVerifiedCert = NULL;
if(crtn) {
/* get some detailed error info */
switch(crtn) {
- case CSSMERR_TP_INVALID_ANCHOR_CERT:
+ case CSSMERR_TP_INVALID_ANCHOR_CERT:
/* root found but we don't trust it */
if(ctx->allowAnyRoot) {
dprintf0("***Warning: accepting unknown root cert\n");
break;
}
- #if ST_KEYCHAIN_ENABLE
+ #if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS
if(ctx->newRootCertKc != NULL) {
/* see if user wants to handle new root */
serr = sslHandleNewRoot(ctx, &certGroup);
}
#else
serr = SSLUnknownRootCert;
- #endif /* ST_KEYCHAIN_ENABLE */
+ #endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */
break;
case CSSMERR_TP_NOT_TRUSTED:
/* no root, not even in implicit SSL roots */
serr = SSLNoRootCert;
break;
case CSSMERR_TP_CERT_EXPIRED:
- /* FIXME - tolerate this case via some TBD flag */
+ assert(!ctx->allowExpiredCerts);
serr = SSLCertExpired;
break;
case CSSMERR_TP_CERT_NOT_VALID_YET:
}
#endif ST_KEYCHAIN_ENABLE
-#if (SSL_DEBUG && ST_KEYCHAIN_ENABLE)
+#if (SSL_DEBUG && ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS)
void verifyTrustedRoots(SSLContext *ctx,
CSSM_DATA_PTR certs,
unsigned numCerts)
Contains: Glue layer between Apple SecureTransport and
original SSLRef code.
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
*/
SSLErr sslIoRead(
SSLBuffer buf,
- UInt32 *actualLength,
+ size_t *actualLength,
SSLContext *ctx)
{
UInt32 dataLength = buf.length;
SSLErr sslIoWrite(
SSLBuffer buf,
- UInt32 *actualLength,
+ size_t *actualLength,
SSLContext *ctx)
{
UInt32 dataLength = buf.length;
/*
* Time functions - replaces SSLRef's SSLTimeFunc, SSLConvertTimeFunc
- * Weird - this is just used to generate a random number in
- * SSLEncodeRandom
*/
SSLErr sslTime(UInt32 *tim)
{
- time((time_t *)&tim);
+ time_t t;
+ time(&t);
+ *tim = (UInt32)t;
return SSLNoErr;
}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: appleSession.c
-
- Contains: Session storage module, _APPLE_CDSA_ version.
-
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
-
- Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
-
-*/
-
-/*
- * This file replaces the caller-specified SSLAddSessionFunc,
- * SSLGetSessionFunc, and SSLDeleteSessionFunc callbacks in the
- * original SSLRef 3.0.
- */
-#ifndef _SSL_H_
-#include "ssl.h"
-#endif
-
-#ifndef _SSLCTX_H_
-#include "sslctx.h"
-#endif
-
-#ifndef _SSLALLOC_H_
-#include "sslalloc.h"
-#endif
-
-#ifndef _APPLE_GLUE_H_
-#include "appleGlue.h"
-#endif
-
-#ifndef _SSL_DEBUG_H_
-#include "sslDebug.h"
-#endif
-
-#ifndef _APPLE_SESSION_H_
-#include "appleSession.h"
-#endif
-
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
-
-/*
- * Store opaque sessionData, associated with opaque sessionKey.
- */
-SSLErr sslAddSession (
- const SSLBuffer sessionKey,
- const SSLBuffer sessionData,
- void *sessionRef)
-{
- /* TBD */
- return SSLUnsupportedErr;
-}
-
-/*
- * Given an opaque sessionKey, alloc & retrieve associated sessionData.
- */
-SSLErr sslGetSession (
- const SSLBuffer sessionKey,
- SSLBuffer *sessionData,
- void *sessionRef)
-{
- /* TBD */
- return SSLSessionNotFoundErr;
-}
-
-SSLErr sslDeleteSession (
- const SSLBuffer sessionKey,
- void *sessionRef)
-{
- /* TBD */
- return SSLSessionNotFoundErr;
-}
-
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: appleSession.cpp
+
+ Contains: Session storage module, Apple CDSA version.
+
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
+
+ Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
+
+*/
+
+/*
+ * This file replaces the caller-specified SSLAddSessionFunc,
+ * SSLGetSessionFunc, and SSLDeleteSessionFunc callbacks in the
+ * original SSLRef 3.0.
+ *
+ * The current implementation stores sessions in a deque<>, a member of a
+ * SessionCache object for which we keep a ModuleNexus-ized instance. It is
+ * expected that at a given time, only a small number of sessions will be
+ * cached, so the random insertion access provided by a map<> is unnecessary.
+ * New entries are placed in the head of the queue, assuming a LIFO usage
+ * tendency.
+ *
+ * Entries in this cache have a time to live of SESSION_CACHE_TTL, currently
+ * ten minutes. Entries are tested for being stale upon lookup; also, the global
+ * sslCleanupSession() tests all entries in the cache, deleting entries which
+ * are stale. This function is currently called whenever an SSLContext is deleted.
+ * The current design does not provide any asynchronous timed callouts to perform
+ * further cache cleanup; it was decided that the thread overhead of this would
+ * outweight the benefits (again assuming a small number of entries in the
+ * cache).
+ *
+ * When a session is added via sslAddSession, and a cache entry already
+ * exists for the specifed key (sessionID), the sessionData for the existing
+ * cache entry is updated with the new sessionData. The entry's expiration
+ * time is unchanged (thus a given session entry can only be used for a finite
+ * time no mattter how often it is re-used),
+ */
+
+#include "ssl.h"
+//#include "sslctx.h"
+#include "sslalloc.h"
+#include "appleGlue.h"
+#include "sslDebug.h"
+#include "appleSession.h"
+
+#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
+
+#include <deque>
+#include <stdexcept>
+#include <Security/threading.h>
+#include <Security/globalizer.h>
+#include <Security/timeflow.h>
+
+/* time-to-live in cache, in seconds */
+#define QUICK_CACHE_TEST 0
+#if QUICK_CACHE_TEST
+#define SESSION_CACHE_TTL ((int)5)
+#else
+#define SESSION_CACHE_TTL ((int)(10 * 60))
+#endif /* QUICK_CACHE_TEST */
+
+#define CACHE_PRINT 0
+#if CACHE_PRINT
+#define cprintf(s) printf s
+#define DUMP_ALL_CACHE 0
+
+static void cachePrint(
+ const SSLBuffer *key,
+ const SSLBuffer *data)
+{
+ unsigned char *kd = key->data;
+ if(data != NULL) {
+ unsigned char *dd = data->data;
+ printf(" key: %02X%02X%02X%02X%02X%02X%02X%02X"
+ " data: %02X%02X%02X%02X... (len %d)\n",
+ kd[0],kd[1],kd[2],kd[3], kd[4],kd[5],kd[6],kd[7],
+ dd[0],dd[1],dd[2],dd[3], (unsigned)data->length);
+ }
+ else {
+ /* just print key */
+ printf(" key: %02X%02X%02X%02X%02X%02X%02X%02X\n",
+ kd[0],kd[1],kd[2],kd[3], kd[4],kd[5],kd[6],kd[7]);
+ }
+}
+#else /* !CACHE_PRINT */
+#define cprintf(s)
+#define cachePrint(k, d)
+#define DUMP_ALL_CACHE 0
+#endif /* CACHE_PRINT */
+
+#if DUMP_ALL_CACHE
+static void dumpAllCache();
+#else
+#define dumpAllCache()
+#endif
+
+/*
+ * One entry (value) in SessionCache.
+ */
+class SessionCacheEntry {
+public:
+ /*
+ * This constructor, the only one, allocs copies of the key and value
+ * SSLBuffers.
+ */
+ SessionCacheEntry(
+ const SSLBuffer &key,
+ const SSLBuffer &sessionData,
+ const Time::Absolute &expirationTime);
+ ~SessionCacheEntry();
+
+ /* basic lookup/match function */
+ bool matchKey(const SSLBuffer &key) const;
+
+ /* has this expired? */
+ bool isStale(); // calculates "now"
+ bool isStale(const Time::Absolute &now); // when you know it
+
+ /* key/data accessors */
+ SSLBuffer &key() { return mKey; }
+ SSLBuffer &sessionData() { return mSessionData; }
+
+ /* replace existing mSessionData */
+ SSLErr sessionData(const SSLBuffer &data);
+
+private:
+ SSLBuffer mKey;
+ SSLBuffer mSessionData;
+
+ /* this entry to be removed from session map at this time */
+ Time::Absolute mExpiration;
+};
+
+/*
+ * Note: the caller passes in the expiration time solely to accomodate the
+ * instantiation of a single const Time::Interval for use in calculating
+ * TTL. This const, SessionCache.mTimeToLive, is in the singleton gSession Cache.
+ */
+SessionCacheEntry::SessionCacheEntry(
+ const SSLBuffer &key,
+ const SSLBuffer &sessionData,
+ const Time::Absolute &expirationTime)
+ : mExpiration(expirationTime)
+{
+ SSLErr serr;
+
+ serr = SSLCopyBuffer(&key, &mKey);
+ if(serr) {
+ throw runtime_error("memory error");
+ }
+ serr = SSLCopyBuffer(&sessionData, &mSessionData);
+ if(serr) {
+ throw runtime_error("memory error");
+ }
+ cprintf(("SessionCacheEntry(buf,buf) this %p\n", this));
+ mExpiration += Time::Interval(SESSION_CACHE_TTL);
+}
+
+SessionCacheEntry::~SessionCacheEntry()
+{
+ cprintf(("~SessionCacheEntry() this %p\n", this));
+ SSLFreeBuffer(&mKey, NULL); // no SystemContext
+ SSLFreeBuffer(&mSessionData, NULL);
+}
+
+/* basic lookup/match function */
+bool SessionCacheEntry::matchKey(const SSLBuffer &key) const
+{
+ if(key.length != mKey.length) {
+ return false;
+ }
+ if((key.data == NULL) || (mKey.data == NULL)) {
+ return false;
+ }
+ return (memcmp(key.data, mKey.data, mKey.length) == 0);
+}
+
+/* has this expired? */
+bool SessionCacheEntry::isStale()
+{
+ return isStale(Time::now());
+}
+
+bool SessionCacheEntry::isStale(const Time::Absolute &now)
+{
+ if(now > mExpiration) {
+ return true;
+ }
+ else {
+ return false;
+ }
+}
+
+/* replace existing mSessionData */
+SSLErr SessionCacheEntry::sessionData(
+ const SSLBuffer &data)
+{
+ SSLFreeBuffer(&mSessionData, NULL);
+ return SSLCopyBuffer(&data, &mSessionData);
+}
+
+/* Types for the actual deque and its iterator */
+typedef std::deque<SessionCacheEntry *> SessionCacheType;
+typedef SessionCacheType::iterator SessionCacheIter;
+
+/*
+ * Global map and associated state. We maintain a singleton of this.
+ */
+class SessionCache
+{
+public:
+ SessionCache()
+ : mTimeToLive(SESSION_CACHE_TTL) {}
+ ~SessionCache();
+
+ /* these correspond to the C functions exported by this file */
+ SSLErr addEntry(
+ const SSLBuffer sessionKey,
+ const SSLBuffer sessionData);
+ SSLErr lookupEntry(
+ const SSLBuffer sessionKey,
+ SSLBuffer *sessionData);
+ SSLErr deleteEntry(
+ const SSLBuffer sessionKey);
+
+ /* cleanup, delete stale entries */
+ bool cleanup();
+ SessionCacheType &sessMap() { return mSessionCache; }
+
+private:
+ SessionCacheIter lookupPriv(
+ const SSLBuffer *sessionKey);
+ void deletePriv(
+ const SSLBuffer *sessionKey);
+ SessionCacheIter deletePriv(
+ SessionCacheIter iter);
+ SessionCacheType mSessionCache;
+ Mutex mSessionLock;
+ const Time::Interval mTimeToLive;
+};
+
+SessionCache::~SessionCache()
+{
+ /* free all entries */
+ StLock<Mutex> _(mSessionLock);
+ for(SessionCacheIter iter = mSessionCache.begin(); iter != mSessionCache.end(); ) {
+ iter = deletePriv(iter);
+ }
+}
+
+/* these three correspond to the C functions exported by this file */
+SSLErr SessionCache::addEntry(
+ const SSLBuffer sessionKey,
+ const SSLBuffer sessionData)
+{
+ StLock<Mutex> _(mSessionLock);
+
+ SessionCacheIter existIter = lookupPriv(&sessionKey);
+ if(existIter != mSessionCache.end()) {
+ /* cache hit - just update this entry's sessionData if necessary */
+ /* Note we leave expiration time and position in deque unchanged - OK? */
+ SessionCacheEntry *existEntry = *existIter;
+ SSLBuffer &existBuf = existEntry->sessionData();
+ if((existBuf.length == sessionData.length) &&
+ (memcmp(existBuf.data, sessionData.data, sessionData.length) == 0)) {
+ /*
+ * These usually match, and a memcmp is a lot cheaper than
+ * a malloc and a free, hence this quick optimization.....
+ */
+ cprintf(("SessionCache::addEntry CACHE HIT entry = %p\n", existEntry));
+ return SSLNoErr;
+ }
+ else {
+ cprintf(("SessionCache::addEntry CACHE REPLACE entry = %p\n", existEntry));
+ return existEntry->sessionData(sessionData);
+ }
+ }
+
+ /* this allocs new copy of incoming sessionKey and sessionData */
+ SessionCacheEntry *entry = new SessionCacheEntry(sessionKey,
+ sessionData,
+ Time::now() + mTimeToLive);
+
+ cprintf(("SessionCache::addEntry %p\n", entry));
+ cachePrint(&sessionKey, &sessionData);
+ dumpAllCache();
+
+ /* add to head of queue for LIFO caching */
+ mSessionCache.push_front(entry);
+ CASSERT(lookupPriv(&sessionKey) != mSessionCache.end());
+ return SSLNoErr;
+}
+
+SSLErr SessionCache::lookupEntry(
+ const SSLBuffer sessionKey,
+ SSLBuffer *sessionData)
+{
+ StLock<Mutex> _(mSessionLock);
+
+ SessionCacheIter existIter = lookupPriv(&sessionKey);
+ if(existIter == mSessionCache.end()) {
+ return SSLSessionNotFoundErr;
+ }
+ SessionCacheEntry *entry = *existIter;
+ if(entry->isStale()) {
+ cprintf(("SessionCache::lookupEntry %p: STALE entry, deleting\n", entry));
+ cachePrint(&sessionKey, &entry->sessionData());
+ deletePriv(existIter);
+ return SSLSessionNotFoundErr;
+ }
+ /* alloc/copy sessionData from existing entry (caller must free) */
+ return SSLCopyBuffer(&entry->sessionData(), sessionData);
+}
+
+SSLErr SessionCache::deleteEntry(
+ const SSLBuffer sessionKey)
+{
+ StLock<Mutex> _(mSessionLock);
+ deletePriv(&sessionKey);
+ return SSLNoErr;
+}
+
+/* cleanup, delete stale entries */
+bool SessionCache::cleanup()
+{
+ StLock<Mutex> _(mSessionLock);
+ bool brtn = false;
+ Time::Absolute rightNow = Time::now();
+ SessionCacheIter iter;
+
+ for(iter = mSessionCache.begin(); iter != mSessionCache.end(); ) {
+ SessionCacheEntry *entry = *iter;
+ if(entry->isStale(rightNow)) {
+ #if CACHE_PRINT
+ SSLBuffer *key = &entry->key();
+ cprintf(("...SessionCache::cleanup: deleting cached session (%p)\n",
+ entry));
+ cachePrint(key, &entry->sessionData());
+ #endif
+ iter = deletePriv(iter);
+ }
+ else {
+ iter++;
+ /* we're leaving one in the map */
+ brtn = true;
+ }
+ }
+ return brtn;
+}
+
+/* private methods, mSessionLock held on entry and exit */
+SessionCacheIter SessionCache::lookupPriv(
+ const SSLBuffer *sessionKey)
+{
+ SessionCacheIter it;
+
+ for(it = mSessionCache.begin(); it != mSessionCache.end(); it++) {
+ SessionCacheEntry *entry = *it;
+ if(entry->matchKey(*sessionKey)) {
+ return it;
+ }
+ }
+ /* returning map.end() */
+ return it;
+}
+
+void SessionCache::deletePriv(
+ const SSLBuffer *sessionKey)
+{
+ SessionCacheIter iter = lookupPriv(sessionKey);
+ if(iter != mSessionCache.end()) {
+ /*
+ * delete from map
+ * free underlying SSLBuffer.data pointers
+ * destruct the stored map entry
+ */
+ #if CACHE_PRINT
+ SessionCacheEntry *entry = *iter;
+ cprintf(("SessionCache::deletePriv %p\n", entry));
+ cachePrint(sessionKey, &entry->sessionData());
+ dumpAllCache();
+ #endif
+ deletePriv(iter);
+ }
+ CASSERT(lookupPriv(sessionKey) == mSessionCache.end());
+}
+
+/* common erase, given a SessionCacheIter; returns next iter */
+SessionCacheIter SessionCache::deletePriv(
+ SessionCacheIter iter)
+{
+ CASSERT(iter != mSessionCache.end());
+ SessionCacheEntry *entry = *iter;
+ SessionCacheIter nextIter = mSessionCache.erase(iter);
+ delete entry;
+ return nextIter;
+}
+
+/* the single global thing */
+static ModuleNexus<SessionCache> gSessionCache;
+
+#if DUMP_ALL_CACHE
+static void dumpAllCache()
+{
+ SessionCacheIter it;
+ SessionCacheType &smap = gSessionCache().sessMap();
+
+ printf("Contents of sessionCache:\n");
+ for(it = smap.begin(); it != smap.end(); it++) {
+ SessionCacheEntry *entry = *it;
+ cachePrint(&entry->key(), &entry->sessionData());
+ }
+}
+#endif /* DUMP_ALL_CACHE */
+
+/*
+ * Store opaque sessionData, associated with opaque sessionKey.
+ */
+SSLErr sslAddSession (
+ const SSLBuffer sessionKey,
+ const SSLBuffer sessionData)
+{
+ SSLErr serr;
+ try {
+ serr = gSessionCache().addEntry(sessionKey, sessionData);
+ }
+ catch(...) {
+ serr = SSLUnsupportedErr;
+ }
+ dumpAllCache();
+ return serr;
+}
+
+/*
+ * Given an opaque sessionKey, alloc & retrieve associated sessionData.
+ */
+SSLErr sslGetSession (
+ const SSLBuffer sessionKey,
+ SSLBuffer *sessionData)
+{
+ SSLErr serr;
+ try {
+ serr = gSessionCache().lookupEntry(sessionKey, sessionData);
+ }
+ catch(...) {
+ serr = SSLSessionNotFoundErr;
+ }
+ cprintf(("\nsslGetSession(%d, %p): %d\n", (int)sessionKey.length, sessionKey.data,
+ serr));
+ if(serr == SSLNoErr) {
+ cachePrint(&sessionKey, sessionData);
+ }
+ else {
+ cachePrint(&sessionKey, NULL);
+ }
+ dumpAllCache();
+ return serr;
+}
+
+SSLErr sslDeleteSession (
+ const SSLBuffer sessionKey)
+{
+ SSLErr serr;
+ try {
+ serr = gSessionCache().deleteEntry(sessionKey);
+ }
+ catch(...) {
+ serr = SSLSessionNotFoundErr;
+ }
+ return serr;
+}
+
+/* cleanup up session cache, deleting stale entries. */
+SSLErr sslCleanupSession ()
+{
+ SSLErr serr = SSLNoErr;
+ bool moreToGo = false;
+ try {
+ moreToGo = gSessionCache().cleanup();
+ }
+ catch(...) {
+ serr = SSLSessionNotFoundErr;
+ }
+ /* Possible TBD: if moreToGo, schedule a timed callback to this function */
+ return serr;
+}
Contains: SSLCipherSpec declarations
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
{ SSL_NULL_WITH_NULL_NULL,
Exportable,
SSL_NULL_auth,
- &SSLHashNull,
+ &HashHmacNull,
&SSLCipherNull
};
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
NotExportable,
SSL_RSA,
- &SSLHashSHA1,
+ &HashHmacSHA1,
&SSLCipher3DES_CBC
},
#endif
SSL_RSA_WITH_3DES_EDE_CBC_MD5,
NotExportable,
SSL_RSA,
- &SSLHashMD5,
+ &HashHmacMD5,
&SSLCipher3DES_CBC
},
#endif
SSL_RSA_WITH_RC4_128_SHA,
NotExportable,
SSL_RSA,
- &SSLHashSHA1,
+ &HashHmacSHA1,
&SSLCipherRC4_128
},
#endif
SSL_RSA_WITH_RC4_128_MD5,
NotExportable,
SSL_RSA,
- &SSLHashMD5,
+ &HashHmacMD5,
&SSLCipherRC4_128
},
#endif
SSL_RSA_WITH_DES_CBC_SHA,
NotExportable,
SSL_RSA,
- &SSLHashSHA1,
+ &HashHmacSHA1,
&SSLCipherDES_CBC
},
#endif
SSL_RSA_WITH_DES_CBC_MD5,
NotExportable,
SSL_RSA,
- &SSLHashMD5,
+ &HashHmacMD5,
&SSLCipherDES_CBC
},
#endif
SSL_RSA_EXPORT_WITH_RC4_40_MD5,
Exportable,
SSL_RSA_EXPORT,
- &SSLHashMD5,
+ &HashHmacMD5,
&SSLCipherRC4_40
},
#endif
SSL_DH_anon_WITH_RC4_128_MD5,
NotExportable,
SSL_DH_anon,
- &SSLHashMD5,
+ &HashHmacMD5,
&SSLCipherRC4_128
},
#endif
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
Exportable,
SSL_RSA_EXPORT,
- &SSLHashSHA1,
+ &HashHmacSHA1,
&SSLCipherDES40_CBC
},
#endif
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
Exportable,
SSL_RSA_EXPORT,
- &SSLHashMD5,
+ &HashHmacMD5,
&SSLCipherRC2_40
},
#endif
SSL_RSA_WITH_RC2_CBC_MD5,
NotExportable,
SSL_RSA,
- &SSLHashMD5,
+ &HashHmacMD5,
&SSLCipherRC2_128
},
#endif
SSL_RSA_WITH_NULL_MD5,
Exportable,
SSL_RSA,
- &SSLHashMD5,
+ &HashHmacMD5,
&SSLCipherNull
}
};
}
/*
- * Specify a (typlically) restricted set of SSLCipherSuites to be enabled by
+ * Specify a (typically) restricted set of SSLCipherSuites to be enabled by
* the current SSLContext. Can only be called when no session is active. Default
* set of enabled SSLCipherSuites is the same as the complete set of supported
* SSLCipherSuites as obtained by SSLGetSupportedCiphers().
Contains: interface between SSL and SHA, MD5 digest libraries
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
****************************************************************** */
-#ifndef _SSLCTX_H_
#include "sslctx.h"
-#endif
-
-#ifndef _CRYPTTYPE_H_
#include "cryptType.h"
-#endif
-
-#ifndef SHA_H
-#include <stdio.h> /* sha.h has a prototype with a FILE* */
-#include "st_sha.h"
-#endif
-
-#ifndef _SSL_MD5_H_
-#include "sslmd5.h"
-#endif
-
-#ifndef _SSLALLOC_H_
#include "sslalloc.h"
-#endif
-
-#ifndef _DIGESTS_H_
#include "digests.h"
-#endif
-
-#ifndef _SSL_DEBUG_H_
#include "sslDebug.h"
-#endif
-
+#include "appleCdsa.h"
+#include <Security/cssm.h>
#include <string.h>
-typedef struct
-{ SHA_INFO sha;
- int bufferPos;
- uint8 dataBuffer[SHA_BLOCKSIZE];
-} SSL_SHA_INFO;
+#define DIGEST_PRINT 0
+#if DIGEST_PRINT
+#define dgprintf(s) printf s
+#else
+#define dgprintf(s)
+#endif
+
+/*
+ * Common digest context. The SSLBuffer.data pointer in a "digest state" argument
+ * casts to one of these.
+ */
+typedef struct {
+ CSSM_CC_HANDLE hashHand;
+} cdsaHashContext;
uint8 SSLMACPad1[MAX_MAC_PADDING], SSLMACPad2[MAX_MAC_PADDING];
}
}
-/* FIXME - what's this for, if each alg has its own clone functions? */
+/*
+ * A convenience wrapper for HashReference.clone, which has the added benefit of
+ * allocating the state buffer for the caller.
+ */
SSLErr
CloneHashState(const HashReference *ref, SSLBuffer state, SSLBuffer *newState, SSLContext *ctx)
-{ SSLErr err;
- if ((err = SSLAllocBuffer(newState, state.length, &ctx->sysCtx)) != 0)
+{
+ SSLErr err;
+ if ((err = SSLAllocBuffer(newState, ref->contextSize, &ctx->sysCtx)) != 0)
return err;
- memcpy(newState->data, state.data, state.length);
- return SSLNoErr;
+ return ref->clone(state, *newState);
}
+/*
+ * Wrapper for HashReference.init.
+ */
SSLErr
ReadyHash(const HashReference *ref, SSLBuffer *state, SSLContext *ctx)
-{ SSLErr err;
+{
+ SSLErr err;
if ((err = SSLAllocBuffer(state, ref->contextSize, &ctx->sysCtx)) != 0)
return err;
- if ((err = ref->init(*state)) != 0)
- return err;
- return SSLNoErr;
+ return ref->init(*state, ctx);
+}
+
+/*
+ * Wrapper for HashReference.clone. Tolerates NULL digestCtx and frees it if it's
+ * there.
+ */
+SSLErr CloseHash(const HashReference *ref, SSLBuffer *state, SSLContext *ctx)
+{
+ SSLErr serr;
+
+ if((state == NULL) || (state->data == NULL)) {
+ return SSLNoErr;
+ }
+ serr = ref->close(*state, ctx);
+ if(serr) {
+ return serr;
+ }
+ return SSLFreeBuffer(state, &ctx->sysCtx);
}
-static SSLErr HashNullInit(SSLBuffer);
+static SSLErr HashNullInit(SSLBuffer digestCtx, SSLContext *sslCtx);
static SSLErr HashNullUpdate(SSLBuffer,SSLBuffer);
static SSLErr HashNullFinal(SSLBuffer,SSLBuffer);
+static SSLErr HashNullClose(SSLBuffer digestCtx, SSLContext *sslCtx);
static SSLErr HashNullClone(SSLBuffer,SSLBuffer);
-static SSLErr HashMD5Init(SSLBuffer digestCtx);
-static SSLErr HashMD5Update(SSLBuffer digestCtx, SSLBuffer data);
-static SSLErr HashMD5Final(SSLBuffer digestCtx, SSLBuffer digest);
-static SSLErr HashMD5Clone(SSLBuffer src, SSLBuffer dest);
-
-static SSLErr HashSHA1Init(SSLBuffer digestCtx);
-static SSLErr HashSHA1Update(SSLBuffer digestCtx, SSLBuffer data);
-static SSLErr HashSHA1Final(SSLBuffer digestCtx, SSLBuffer digest);
-static SSLErr HashSHA1Clone(SSLBuffer src, SSLBuffer dest);
+static SSLErr HashMD5Init(SSLBuffer digestCtx, SSLContext *sslCtx);
+static SSLErr HashSHA1Init(SSLBuffer digestCtx, SSLContext *sslCtx);
+static SSLErr cdsaHashInit(SSLBuffer digestCtx, SSLContext *sslCtx,
+ CSSM_ALGORITHMS digestAlg);
+static SSLErr cdsaHashUpdate(SSLBuffer digestCtx, SSLBuffer data);
+static SSLErr cdsaHashFinal(SSLBuffer digestCtx, SSLBuffer digest);
+static SSLErr cdsaHashClose(SSLBuffer digestCtx, SSLContext *sslCtx);
+static SSLErr cdsaHashClone(SSLBuffer src, SSLBuffer dest);
/*
* These are the handles by which the bulk of digesting work
HashNullInit,
HashNullUpdate,
HashNullFinal,
+ HashNullClose,
HashNullClone
};
const HashReference SSLHashMD5 =
{
- sizeof(MD5_CTX),
+ sizeof(cdsaHashContext),
16,
48,
HashMD5Init,
- HashMD5Update,
- HashMD5Final,
- HashMD5Clone
+ cdsaHashUpdate,
+ cdsaHashFinal,
+ cdsaHashClose,
+ cdsaHashClone
};
const HashReference SSLHashSHA1 =
{
- sizeof(SSL_SHA_INFO),
+ sizeof(cdsaHashContext),
20,
40,
HashSHA1Init,
- HashSHA1Update,
- HashSHA1Final,
- HashSHA1Clone
+ cdsaHashUpdate,
+ cdsaHashFinal,
+ cdsaHashClose,
+ cdsaHashClone
};
/*** NULL ***/
-static SSLErr HashNullInit(SSLBuffer digestCtx) {
+static SSLErr HashNullInit(SSLBuffer digestCtx, SSLContext *sslCtx) {
return SSLNoErr;
}
static SSLErr HashNullFinal(SSLBuffer digestCtx, SSLBuffer digest) {
return SSLNoErr;
}
-
+static SSLErr HashNullClose(SSLBuffer digestCtx, SSLContext *sslCtx) {
+ return SSLNoErr;
+}
static SSLErr HashNullClone(SSLBuffer src, SSLBuffer dest) {
return SSLNoErr;
}
-/*** MD5 ***/
-
-static SSLErr HashMD5Init(SSLBuffer digestCtx)
-{ CASSERT(digestCtx.length >= sizeof(MD5_CTX));
- SSLMD5Init((MD5_CTX*)digestCtx.data);
- return SSLNoErr;
+static SSLErr HashMD5Init(SSLBuffer digestCtx, SSLContext *sslCtx)
+{
+ CASSERT(digestCtx.length >= sizeof(cdsaHashContext));
+ return cdsaHashInit(digestCtx, sslCtx, CSSM_ALGID_MD5);
}
-static SSLErr HashMD5Update(SSLBuffer digestCtx, SSLBuffer data)
-{ CASSERT(digestCtx.length >= sizeof(MD5_CTX));
- SSLMD5Update((MD5_CTX*)digestCtx.data, data.data, data.length);
- return SSLNoErr;
+static SSLErr HashSHA1Init(SSLBuffer digestCtx, SSLContext *sslCtx)
+{
+ CASSERT(digestCtx.length >= sizeof(cdsaHashContext));
+ return cdsaHashInit(digestCtx, sslCtx, CSSM_ALGID_SHA1);
}
-static SSLErr HashMD5Final(SSLBuffer digestCtx, SSLBuffer digest)
-{ CASSERT(digestCtx.length >= sizeof(MD5_CTX));
- CASSERT(digest.length >= 16);
- SSLMD5Final(digest.data, (MD5_CTX*)digestCtx.data);
- digest.length = 16;
+/* common digest functions via CDSA */
+static SSLErr cdsaHashInit(SSLBuffer digestCtx,
+ SSLContext *sslCtx,
+ CSSM_ALGORITHMS digestAlg)
+{
+ SSLErr serr;
+ cdsaHashContext *cdsaCtx;
+ CSSM_CC_HANDLE hashHand = 0;
+ CSSM_RETURN crtn;
+
+ CASSERT(digestCtx.length >= sizeof(cdsaHashContext));
+ serr = attachToCsp(sslCtx); // should be a nop
+ if(serr) {
+ return serr;
+ }
+ cdsaCtx = (cdsaHashContext *)digestCtx.data;
+ cdsaCtx->hashHand = 0;
+ dgprintf(("###cdsaHashInit cdsaCtx %p\n", cdsaCtx));
+
+ /* cook up a digest context, initialize it */
+ crtn = CSSM_CSP_CreateDigestContext(sslCtx->cspHand,
+ digestAlg,
+ &hashHand);
+ if(crtn) {
+ errorLog0("CSSM_CSP_CreateDigestContext failure\n");
+ return SSLCryptoError;
+ }
+ crtn = CSSM_DigestDataInit(hashHand);
+ if(crtn) {
+ CSSM_DeleteContext(hashHand);
+ errorLog0("CSSM_DigestDataInit failure\n");
+ return SSLCryptoError;
+ }
+ cdsaCtx->hashHand = hashHand;
return SSLNoErr;
}
-static SSLErr HashMD5Clone(SSLBuffer src, SSLBuffer dest)
+static SSLErr cdsaHashUpdate(SSLBuffer digestCtx, SSLBuffer data)
{
- if (src.length != dest.length) {
- errorLog0("HashMD5Clone: length mismatch\n");
- return SSLProtocolErr;
- }
- memcpy(dest.data, src.data, src.length);
- return SSLNoErr;
-}
-
-/*** SHA ***/
-static SSLErr HashSHA1Init(SSLBuffer digestCtx)
-{ SSL_SHA_INFO *ctx = (SSL_SHA_INFO*)digestCtx.data;
- CASSERT(digestCtx.length >= sizeof(SSL_SHA_INFO));
- sha_init(&ctx->sha);
- ctx->bufferPos = 0;
- return SSLNoErr;
+ cdsaHashContext *cdsaCtx;
+ CSSM_RETURN crtn;
+ CSSM_DATA cdata;
+
+ CASSERT(digestCtx.length >= sizeof(cdsaHashContext));
+ cdsaCtx = (cdsaHashContext *)digestCtx.data;
+ //dgprintf(("###cdsaHashUpdate cdsaCtx %p\n", cdsaCtx));
+
+ SSLBUF_TO_CSSM(&data, &cdata);
+ crtn = CSSM_DigestDataUpdate(cdsaCtx->hashHand, &cdata, 1);
+ if(crtn) {
+ errorLog0("CSSM_DigestDataUpdate failure\n");
+ return SSLCryptoError;
+ }
+ else {
+ return SSLNoErr;
+ }
}
-static SSLErr HashSHA1Update(SSLBuffer digestCtx, SSLBuffer data)
-{ SSL_SHA_INFO *ctx = (SSL_SHA_INFO*)digestCtx.data;
- uint32 dataRemaining, processed;
- uint8 *dataPos;
-
- CASSERT(digestCtx.length >= sizeof(SSL_SHA_INFO));
- dataRemaining = data.length;
- dataPos = data.data;
- while (dataRemaining > 0)
- { processed = SHA_BLOCKSIZE - ctx->bufferPos;
- if (dataRemaining < processed)
- processed = dataRemaining;
- memcpy(ctx->dataBuffer+ctx->bufferPos, dataPos, processed);
- ctx->bufferPos += processed;
- if (ctx->bufferPos == SHA_BLOCKSIZE)
- { sha_update(&ctx->sha, ctx->dataBuffer, ctx->bufferPos);
- ctx->bufferPos = 0;
- }
- dataRemaining -= processed;
- dataPos += processed;
- }
- //DUMP_BUFFER_PTR("SHA1 data", digestCtx.data, data);
- return SSLNoErr;
+static SSLErr cdsaHashFinal(SSLBuffer digestCtx, SSLBuffer digest)
+{
+ cdsaHashContext *cdsaCtx;
+ CSSM_RETURN crtn;
+ CSSM_DATA cdata;
+ SSLErr srtn = SSLNoErr;
+
+ CASSERT(digestCtx.length >= sizeof(cdsaHashContext));
+ cdsaCtx = (cdsaHashContext *)digestCtx.data;
+ dgprintf(("###cdsaHashFinal cdsaCtx %p\n", cdsaCtx));
+ SSLBUF_TO_CSSM(&digest, &cdata);
+ crtn = CSSM_DigestDataFinal(cdsaCtx->hashHand, &cdata);
+ if(crtn) {
+ errorLog0("CSSM_DigestDataFinal failure\n");
+ srtn = SSLCryptoError;
+ }
+ else {
+ digest.length = cdata.Length;
+ }
+ CSSM_DeleteContext(cdsaCtx->hashHand);
+ cdsaCtx->hashHand = 0;
+ return srtn;
}
-static SSLErr HashSHA1Final(SSLBuffer digestCtx, SSLBuffer digest)
-{ SSL_SHA_INFO *ctx = (SSL_SHA_INFO*)digestCtx.data;
- CASSERT(digestCtx.length >= sizeof(SSL_SHA_INFO));
- CASSERT(digest.length >= SHA_DIGESTSIZE);
- if (ctx->bufferPos > 0)
- sha_update(&ctx->sha, ctx->dataBuffer, ctx->bufferPos);
- sha_final((SHA_INFO*)digestCtx.data);
- memcpy(digest.data, ((SHA_INFO*)digestCtx.data)->digest, 20);
- //DUMP_BUFFER_PTR("SHA1 final", digestCtx.data, digest);
- return SSLNoErr;
+static SSLErr cdsaHashClose(SSLBuffer digestCtx, SSLContext *sslCtx)
+{
+ cdsaHashContext *cdsaCtx;
+
+ CASSERT(digestCtx.length >= sizeof(cdsaHashContext));
+ cdsaCtx = (cdsaHashContext *)digestCtx.data;
+ dgprintf(("###cdsaHashClose cdsaCtx %p\n", cdsaCtx));
+ if(cdsaCtx->hashHand != 0) {
+ CSSM_DeleteContext(cdsaCtx->hashHand);
+ cdsaCtx->hashHand = 0;
+ }
+ return SSLNoErr;
}
-static SSLErr HashSHA1Clone(SSLBuffer src, SSLBuffer dest)
-{ if (src.length != dest.length) {
- errorLog0("HashSHA1Clone: length mismatch\n");
- return SSLProtocolErr;
- }
- memcpy(dest.data, src.data, src.length);
- return SSLNoErr;
+static SSLErr cdsaHashClone(SSLBuffer src, SSLBuffer dst)
+{
+ cdsaHashContext *srcCtx;
+ cdsaHashContext *dstCtx;
+ CSSM_RETURN crtn;
+
+ CASSERT(src.length >= sizeof(cdsaHashContext));
+ CASSERT(dst.length >= sizeof(cdsaHashContext));
+ srcCtx = (cdsaHashContext *)src.data;
+ dstCtx = (cdsaHashContext *)dst.data;
+ dgprintf(("###cdsaHashClone srcCtx %p dstCtx %p\n", srcCtx, dstCtx));
+
+ crtn = CSSM_DigestDataClone(srcCtx->hashHand, &dstCtx->hashHand);
+ if(crtn) {
+ errorLog0("CSSM_DigestDataClone failure\n");
+ return SSLCryptoError;
+ }
+ else {
+ return SSLNoErr;
+ }
}
+
#endif
#include <string.h>
+#include <assert.h>
SSLErr
SSLEncodeCertificate(SSLRecord *certificate, SSLContext *ctx)
}
certificate->contentType = SSL_handshake;
- certificate->protocolVersion = SSL_Version_3_0;
+ assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
+ (ctx->negProtocolVersion == TLS_Version_1_0));
+ certificate->protocolVersion = ctx->negProtocolVersion;
if ((err = SSLAllocBuffer(&certificate->contents, totalLength + 7, &ctx->sysCtx)) != 0)
return err;
SSLProcessCertificate(SSLBuffer message, SSLContext *ctx)
{ SSLErr err;
UInt32 listLen, certLen;
- #ifndef __APPLE__
- SSLBuffer buf;
- #endif
UInt8 *p;
SSLCertificate *cert;
errorLog0("SSLProcessCertificate: length decode error 2\n");
return SSLProtocolErr;
}
- #ifdef __APPLE__
cert = (SSLCertificate *)sslMalloc(sizeof(SSLCertificate));
if(cert == NULL) {
return SSLMemoryErr;
{ sslFree(cert);
return err;
}
- #else
- if ((err = SSLAllocBuffer(&buf, sizeof(SSLCertificate), &ctx->sysCtx)) != 0)
- return err;
- cert = (SSLCertificate*)buf.data;
- if ((err = SSLAllocBuffer(&cert->derCert, certLen, &ctx->sysCtx)) != 0)
- { SSLFreeBuffer(&buf, &ctx->sysCtx);
- return err;
- }
- #endif
memcpy(cert->derCert.data, p, certLen);
p += certLen;
cert->next = ctx->peerCert; /* Insert backwards; root cert will be first in linked list */
ctx->peerCert = cert;
- #ifndef _APPLE_CDSA_
- /* we don't parse this, the CL does */
- if ((err = ASNParseX509Certificate(cert->derCert, &cert->cert, ctx)) != 0)
- return err;
- #endif
listLen -= 3+certLen;
}
CASSERT(p == message.data + message.length && listLen == 0);
if (ctx->peerCert == 0)
return X509CertChainInvalidErr;
- #ifdef _APPLE_CDSA_
if((err = sslVerifyCertChain(ctx, ctx->peerCert)) != 0)
- #else
- if ((err = X509VerifyCertChain(ctx->peerCert, ctx)) != 0)
- #endif
return err;
-/* Server's certificate is the last one in the chain */
+ /* Server's certificate is the last one in the chain */
cert = ctx->peerCert;
while (cert->next != 0)
cert = cert->next;
-/* Convert its public key to RSAREF format */
- #ifdef _APPLE_CDSA_
+ /* Convert its public key to CDSA format */
if ((err = sslPubKeyFromCert(ctx,
&cert->derCert,
&ctx->peerPubKey,
&ctx->peerPubKeyCsp)) != 0)
- #else
- if ((err = X509ExtractPublicKey(&cert->cert.pubKey, &ctx->peerKey)) != 0)
- #endif
return err;
-
- #ifndef _APPLE_CDSA_
- /*
- * This appears to be redundant with the cert check above;
- * it's here for additional cert checking by clients of SSLRef.
- */
- if (ctx->certCtx.checkCertFunc != 0)
- { SSLBuffer certList, *certs;
- int i,certCount;
- SSLCertificate *c;
- if ((err = SSLGetPeerCertificateChainLength(ctx, &certCount)) != 0)
- return err;
- if ((err = SSLAllocBuffer(&certList, certCount * sizeof(SSLBuffer), &ctx->sysCtx)) != 0)
- return err;
- certs = (SSLBuffer *)certList.data;
- c = ctx->peerCert;
- for (i = 0; i < certCount; i++, c = c->next)
- certs[i] = c->derCert;
-
- if ((err = ctx->certCtx.checkCertFunc(certCount, certs, ctx->certCtx.checkCertRef)) != 0)
- { SSLFreeBuffer(&certList, &ctx->sysCtx);
- return err;
- }
- SSLFreeBuffer(&certList, &ctx->sysCtx);
- }
- #endif /* _APPLE_CDSA_ */
-
return SSLNoErr;
}
msgLen = 1 + 1 + 2 + dnListLen;
request->contentType = SSL_handshake;
- request->protocolVersion = SSL_Version_3_0;
+ assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
+ (ctx->negProtocolVersion == TLS_Version_1_0));
+ request->protocolVersion = ctx->negProtocolVersion;
if ((err = SSLAllocBuffer(&request->contents, msgLen + 4, &ctx->sysCtx)) != 0)
return err;
goto fail;
if (ERR(err = CloneHashState(&SSLHashMD5, ctx->md5State, &md5MsgState, ctx)) != 0)
goto fail;
- if (ERR(err = SSLCalculateFinishedMessage(hashData, shaMsgState, md5MsgState, 0, ctx)) != 0)
+ assert(ctx->sslTslCalls != NULL);
+ if (ERR(err = ctx->sslTslCalls->computeCertVfyMac(ctx,
+ hashData, shaMsgState, md5MsgState)) != 0)
goto fail;
-#if RSAREF
- len = (ctx->localKey.bits + 7)/8;
-#elif BSAFE
- { A_RSA_KEY *keyInfo;
- int rsaResult;
-
- if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->localKey, KI_RSAPublic)) != 0)
- return ERR(SSLUnknownErr);
- len = keyInfo->modulus.len;
- }
-#elif _APPLE_CDSA_
CASSERT(ctx->signingPrivKey != NULL);
len = sslKeyLengthInBytes(ctx->signingPrivKey);
-#else
-#error No asymmetric crypto specified
-#endif /* RSAREF / BSAFE */
certVerify->contentType = SSL_handshake;
- certVerify->protocolVersion = SSL_Version_3_0;
+ assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
+ (ctx->negProtocolVersion == TLS_Version_1_0));
+ certVerify->protocolVersion = ctx->negProtocolVersion;
if (ERR(err = SSLAllocBuffer(&certVerify->contents, len + 6, &ctx->sysCtx)) != 0)
goto fail;
certVerify->contents.data[0] = SSL_certificate_verify;
SSLEncodeInt(certVerify->contents.data+1, len+2, 3);
SSLEncodeInt(certVerify->contents.data+4, len, 2);
-#if RSAREF
- if (RSAPrivateEncrypt(certVerify->contents.data+6, &outputLen,
- signedHashData, 36, &ctx->localKey) != 0) /* Sign the structure */
- { err = ERR(SSLUnknownErr);
- goto fail;
- }
-#elif BSAFE
- { B_ALGORITHM_OBJ rsa;
- B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_CRT_ENCRYPT, 0 };
- int rsaResult;
-
- if (ERR(rsaResult = B_CreateAlgorithmObject(&rsa)) != 0)
- return SSLUnknownErr;
- if (ERR(rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPrivate, 0)) != 0)
- return SSLUnknownErr;
- if (ERR(rsaResult = B_EncryptInit(rsa, ctx->localKey, chooser, NO_SURR)) != 0)
- return SSLUnknownErr;
- if (ERR(rsaResult = B_EncryptUpdate(rsa, certVerify->contents.data+6,
- &outputLen, len, signedHashData, 36, 0, NO_SURR)) != 0)
- return SSLUnknownErr;
- if (ERR(rsaResult = B_EncryptFinal(rsa, certVerify->contents.data+6+outputLen,
- &outputLen, len-outputLen, 0, NO_SURR)) != 0)
- return SSLUnknownErr;
- B_DestroyAlgorithmObject(&rsa);
- }
-#elif _APPLE_CDSA_
-
- err = sslRsaRawSign(ctx,
- ctx->signingPrivKey,
- ctx->signingKeyCsp,
- signedHashData,
- 36, // MD5 size + SHA1 size
- certVerify->contents.data+6,
- len, // we mallocd len+6
- &outputLen);
- if(err) {
- goto fail;
- }
-#else
-#error No asymmetric crypto specified
-#endif /* RSAREF / BSAFE */
+
+ err = sslRsaRawSign(ctx,
+ ctx->signingPrivKey,
+ ctx->signingKeyCsp,
+ signedHashData,
+ 36, // MD5 size + SHA1 size
+ certVerify->contents.data+6,
+ len, // we mallocd len+6
+ &outputLen);
+ if(err) {
+ goto fail;
+ }
CASSERT(outputLen == len);
UInt8 signedHashData[36];
UInt16 signatureLen;
SSLBuffer hashData, shaMsgState, md5MsgState, outputData;
- #if defined(BSAFE) || defined(RSAREF)
- unsigned int outputLen;
- #endif
unsigned int publicModulusLen;
shaMsgState.data = 0;
return ERR(SSLProtocolErr);
}
-#if RSAREF
- publicModulusLen = (ctx->peerKey.bits + 7)/8;
-#elif BSAFE
- { A_RSA_KEY *keyInfo;
- int rsaResult;
-
- if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->peerKey, KI_RSAPublic)) != 0)
- return SSLUnknownErr;
- publicModulusLen = keyInfo->modulus.len;
- }
-#elif _APPLE_CDSA_
CASSERT(ctx->peerPubKey != NULL);
publicModulusLen = sslKeyLengthInBytes(ctx->peerPubKey);
-#else
-#error No asymmetric crypto specified
-#endif /* RSAREF / BSAFE */
if (signatureLen != publicModulusLen) {
errorLog0("SSLProcessCertificateVerify: sig len error 2\n");
goto fail;
if (ERR(err = CloneHashState(&SSLHashMD5, ctx->md5State, &md5MsgState, ctx)) != 0)
goto fail;
- if (ERR(err = SSLCalculateFinishedMessage(hashData, shaMsgState, md5MsgState, 0, ctx)) != 0)
+ assert(ctx->sslTslCalls != NULL);
+ if (ERR(err = ctx->sslTslCalls->computeCertVfyMac(ctx, hashData,
+ shaMsgState, md5MsgState)) != 0)
goto fail;
if (ERR(err = SSLAllocBuffer(&outputData, publicModulusLen, &ctx->sysCtx)) != 0)
goto fail;
-#if RSAREF
- if (RSAPublicDecrypt(outputData.data, &outputLen,
- message.data + 2, signatureLen, &ctx->peerKey) != 0)
- { ERR(err = SSLUnknownErr);
- goto fail;
- }
-#elif BSAFE
- { B_ALGORITHM_OBJ rsa;
- B_ALGORITHM_METHOD *chooser[] = { &AM_MD2, &AM_MD5, &AM_RSA_DECRYPT, 0 };
- int rsaResult;
- unsigned int decryptLen;
-
- if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPublic, 0)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_DecryptInit(rsa, ctx->peerKey, chooser, NO_SURR)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_DecryptUpdate(rsa, outputData.data, &decryptLen, 36,
- message.data + 2, signatureLen, 0, NO_SURR)) != 0)
- return SSLUnknownErr;
- outputLen = decryptLen;
- if ((rsaResult = B_DecryptFinal(rsa, outputData.data+outputLen,
- &decryptLen, 36-outputLen, 0, NO_SURR)) != 0)
- return SSLUnknownErr;
- outputLen += decryptLen;
- B_DestroyAlgorithmObject(&rsa);
- }
-#elif _APPLE_CDSA_
/*
* The CSP does the decrypt & compare for us in one shot
*/
if(err) {
goto fail;
}
-
-#endif /* RSAREF / BSAFE */
-
-#if !_APPLE_CDSA_
- /* we don't have to do the compare */
- if (outputLen != 36)
- {
- ERR(err = SSLProtocolErr);
- goto fail;
- }
- outputData.length = outputLen;
-
- DUMP_BUFFER_NAME("Finished got ", outputData);
- DUMP_BUFFER_NAME("Finished wanted", hashData);
-
- if (memcmp(outputData.data, signedHashData, 36) != 0)
- {
- ERR(err = SSLProtocolErr);
- goto fail;
- }
-#endif /* BSAFE, RSAREF only */
-
err = SSLNoErr;
fail:
#include "sslDebug.h"
#endif
+#include <assert.h>
#include <string.h>
SSLErr
dprintf0("===Sending changeCipherSpec msg\n");
#endif
rec->contentType = SSL_change_cipher_spec;
- rec->protocolVersion = SSL_Version_3_0;
+ assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
+ (ctx->negProtocolVersion == TLS_Version_1_0));
+ rec->protocolVersion = ctx->negProtocolVersion;
rec->contents.length = 1;
if ((err = SSLAllocBuffer(&rec->contents, 1, &ctx->sysCtx)) != 0)
return err;
SSLDisposeCipherSuite(CipherContext *cipher, SSLContext *ctx)
{ SSLErr err;
+ /* symmetric key */
if (cipher->symKey)
{ if ((err = cipher->symCipher->finish(cipher, ctx)) != 0)
return err;
cipher->symKey = 0;
}
+ /* per-record hash/hmac context */
+ ctx->sslTslCalls->freeMac(cipher);
+
return SSLNoErr;
}
Contains: Finished and server hello done messages.
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
#endif
#include <string.h>
+#include <assert.h>
SSLErr
SSLEncodeFinishedMessage(SSLRecord *finished, SSLContext *ctx)
{ SSLErr err;
SSLBuffer finishedMsg, shaMsgState, md5MsgState;
- UInt32 sideSenderValue;
-
+ Boolean isServerMsg;
+ unsigned finishedSize;
+
shaMsgState.data = 0;
md5MsgState.data = 0;
+ /* size and version depend on negotiatedProtocol */
+ switch(ctx->negProtocolVersion) {
+ case SSL_Version_3_0:
+ finished->protocolVersion = SSL_Version_3_0;
+ finishedSize = 36;
+ break;
+ case TLS_Version_1_0:
+ finished->protocolVersion = TLS_Version_1_0;
+ finishedSize = 12;
+ break;
+ default:
+ assert(0);
+ return SSLInternalError;
+ }
finished->contentType = SSL_handshake;
- finished->protocolVersion = SSL_Version_3_0;
- if ((err = SSLAllocBuffer(&finished->contents, 40, &ctx->sysCtx)) != 0)
+ /* msg = type + 3 bytes len + finishedSize */
+ if ((err = SSLAllocBuffer(&finished->contents, finishedSize + 4,
+ &ctx->sysCtx)) != 0)
return err;
finished->contents.data[0] = SSL_finished;
- SSLEncodeInt(finished->contents.data + 1, 36, 3);
+ SSLEncodeInt(finished->contents.data + 1, finishedSize, 3);
- finishedMsg.data = finished->contents.data+4;
- finishedMsg.length = 36;
+ finishedMsg.data = finished->contents.data + 4;
+ finishedMsg.length = finishedSize;
if ((err = CloneHashState(&SSLHashSHA1, ctx->shaState, &shaMsgState, ctx)) != 0)
goto fail;
if ((err = CloneHashState(&SSLHashMD5, ctx->md5State, &md5MsgState, ctx)) != 0)
goto fail;
- sideSenderValue = (ctx->protocolSide == SSL_ServerSide) ? SSL_Finished_Sender_Server : SSL_Finished_Sender_Client;
- if ((err = SSLCalculateFinishedMessage(finishedMsg, shaMsgState, md5MsgState, sideSenderValue, ctx)) != 0)
+ isServerMsg = (ctx->protocolSide == SSL_ServerSide) ? true : false;
+ if ((err = ctx->sslTslCalls->computeFinishedMac(ctx, finishedMsg,
+ shaMsgState, md5MsgState, isServerMsg)) != 0)
goto fail;
fail:
SSLProcessFinished(SSLBuffer message, SSLContext *ctx)
{ SSLErr err;
SSLBuffer expectedFinished, shaMsgState, md5MsgState;
- UInt32 peerSenderValue;
+ Boolean isServerMsg;
+ unsigned finishedSize;
- if (message.length != 36) {
+ switch(ctx->negProtocolVersion) {
+ case SSL_Version_3_0:
+ finishedSize = 36;
+ break;
+ case TLS_Version_1_0:
+ finishedSize = 12;
+ break;
+ default:
+ assert(0);
+ return SSLInternalError;
+ }
+ if (message.length != finishedSize) {
errorLog0("SSLProcessFinished: msg len error 1\n");
return SSLProtocolErr;
}
- peerSenderValue = (ctx->protocolSide == SSL_ClientSide) ? SSL_Finished_Sender_Server : SSL_Finished_Sender_Client;
expectedFinished.data = 0;
- if ((err = SSLAllocBuffer(&expectedFinished, 36, &ctx->sysCtx)) != 0)
+ if ((err = SSLAllocBuffer(&expectedFinished, finishedSize, &ctx->sysCtx)) != 0)
return err;
shaMsgState.data = 0;
if ((err = CloneHashState(&SSLHashSHA1, ctx->shaState, &shaMsgState, ctx)) != 0)
md5MsgState.data = 0;
if ((err = CloneHashState(&SSLHashMD5, ctx->md5State, &md5MsgState, ctx)) != 0)
goto fail;
- if ((err = SSLCalculateFinishedMessage(expectedFinished, shaMsgState, md5MsgState, peerSenderValue, ctx)) != 0)
+ isServerMsg = (ctx->protocolSide == SSL_ServerSide) ? false : true;
+ if ((err = ctx->sslTslCalls->computeFinishedMac(ctx, expectedFinished,
+ shaMsgState, md5MsgState, isServerMsg)) != 0)
goto fail;
- DUMP_BUFFER_NAME("finished got", message);
- DUMP_BUFFER_NAME("finished wanted", expectedFinished);
- if (memcmp(expectedFinished.data, message.data, 36) != 0)
+
+ if (memcmp(expectedFinished.data, message.data, finishedSize) != 0)
{
errorLog0("SSLProcessFinished: memcmp failure\n");
err = SSLProtocolErr;
return err;
}
-SSLErr
-SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState,
- SSLBuffer md5MsgState, UInt32 senderID, SSLContext *ctx)
-{ SSLErr err;
- SSLBuffer hash, input;
- UInt8 sender[4], md5Inner[16], shaInner[20];
-
- CASSERT(finished.length == 36);
-
- if (senderID != 0)
- { SSLEncodeInt(sender, senderID, 4);
- input.data = sender;
- input.length = 4;
- if ((err = SSLHashMD5.update(md5MsgState, input)) != 0)
- return err;
- if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0)
- return err;
- }
- input.data = ctx->masterSecret;
- input.length = 48;
- if ((err = SSLHashMD5.update(md5MsgState, input)) != 0)
- return err;
- if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0)
- return err;
- input.data = SSLMACPad1;
- input.length = SSLHashMD5.macPadSize;
- if ((err = SSLHashMD5.update(md5MsgState, input)) != 0)
- return err;
- input.length = SSLHashSHA1.macPadSize;
- if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0)
- return err;
- hash.data = md5Inner;
- hash.length = 16;
- if ((err = SSLHashMD5.final(md5MsgState, hash)) != 0)
- return err;
- hash.data = shaInner;
- hash.length = 20;
- if ((err = SSLHashSHA1.final(shaMsgState, hash)) != 0)
- return err;
- if ((err = SSLHashMD5.init(md5MsgState)) != 0)
- return err;
- if ((err = SSLHashSHA1.init(shaMsgState)) != 0)
- return err;
- input.data = ctx->masterSecret;
- input.length = 48;
- if ((err = SSLHashMD5.update(md5MsgState, input)) != 0)
- return err;
- if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0)
- return err;
- input.data = SSLMACPad2;
- input.length = SSLHashMD5.macPadSize;
- if ((err = SSLHashMD5.update(md5MsgState, input)) != 0)
- return err;
- input.length = SSLHashSHA1.macPadSize;
- if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0)
- return err;
- input.data = md5Inner;
- input.length = 16;
- if ((err = SSLHashMD5.update(md5MsgState, input)) != 0)
- return err;
- hash.data = finished.data;
- hash.length = 16;
- if ((err = SSLHashMD5.final(md5MsgState, hash)) != 0)
- return err;
- input.data = shaInner;
- input.length = 20;
- if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0)
- return err;
- hash.data = finished.data + 16;
- hash.length = 20;
- if ((err = SSLHashSHA1.final(shaMsgState, hash)) != 0)
- return err;
- return SSLNoErr;
-}
-
SSLErr
SSLEncodeServerHelloDone(SSLRecord *helloDone, SSLContext *ctx)
{ SSLErr err;
helloDone->contentType = SSL_handshake;
- helloDone->protocolVersion = SSL_Version_3_0;
+ assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
+ (ctx->negProtocolVersion == TLS_Version_1_0));
+ helloDone->protocolVersion = ctx->negProtocolVersion;
if ((err = SSLAllocBuffer(&helloDone->contents, 4, &ctx->sysCtx)) != 0)
return err;
helloDone->contents.data[0] = SSL_server_hello_done;
Contains: Support for client hello and server hello messages.
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
static SSLErr SSLEncodeRandom(unsigned char *p, SSLContext *ctx);
+/* IE treats null session id as valid; two consecutive sessions with NULL ID
+ * are considered a match. Workaround: when resumable sessions are disabled,
+ * send a random session ID. */
+#define SSL_IE_NULL_RESUME_BUG 1
+#if SSL_IE_NULL_RESUME_BUG
+#define SSL_NULL_ID_LEN 32 /* length of bogus session ID */
+#endif
+
SSLErr
SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx)
{ SSLErr err;
sessionIDLen = 0;
if (ctx->sessionID.data != 0)
sessionIDLen = (UInt8)ctx->sessionID.length;
+ #if SSL_IE_NULL_RESUME_BUG
+ if(sessionIDLen == 0) {
+ sessionIDLen = SSL_NULL_ID_LEN;
+ }
+ #endif /* SSL_IE_NULL_RESUME_BUG */
+
#if LOG_NEGOTIATE
- dprintf0("===SSL3 server: sending SSL_Version_3_0\n");
+ dprintf2("===SSL3 server: sending version %d_%d\n",
+ ctx->negProtocolVersion >> 8, ctx->negProtocolVersion & 0xff);
+ dprintf1("...sessionIDLen = %d\n", sessionIDLen);
#endif
- serverHello->protocolVersion = SSL_Version_3_0;
+ serverHello->protocolVersion = ctx->negProtocolVersion;
serverHello->contentType = SSL_handshake;
if ((err = SSLAllocBuffer(&serverHello->contents, 42 + sessionIDLen, &ctx->sysCtx)) != 0)
return err;
progress = serverHello->contents.data;
*progress++ = SSL_server_hello;
progress = SSLEncodeInt(progress, 38 + sessionIDLen, 3);
- progress = SSLEncodeInt(progress, SSL_Version_3_0, 2);
+ progress = SSLEncodeInt(progress, serverHello->protocolVersion, 2);
if ((err = SSLEncodeRandom(progress, ctx)) != 0)
return err;
- memcpy(ctx->serverRandom, progress, 32);
- progress += 32;
- *(progress++) = (UInt8)sessionIDLen;
+ memcpy(ctx->serverRandom, progress, SSL_CLIENT_SRVR_RAND_SIZE);
+ progress += SSL_CLIENT_SRVR_RAND_SIZE;
+ *(progress++) = (UInt8)sessionIDLen;
+ #if SSL_IE_NULL_RESUME_BUG
+ if(ctx->sessionID.data != NULL) {
+ /* normal path for enabled resumable session */
+ memcpy(progress, ctx->sessionID.data, sessionIDLen);
+ }
+ else {
+ /* IE workaround */
+ SSLBuffer rb;
+ rb.data = progress;
+ rb.length = SSL_NULL_ID_LEN;
+ sslRand(ctx, &rb);
+ }
+ #else
if (sessionIDLen > 0)
memcpy(progress, ctx->sessionID.data, sessionIDLen);
- progress += sessionIDLen;
+ #endif /* SSL_IE_NULL_RESUME_BUG */
+ progress += sessionIDLen;
progress = SSLEncodeInt(progress, ctx->selectedCipher, 2);
*(progress++) = 0; /* Null compression */
+ #if LOG_NEGOTIATE
dprintf1("ssl3: server specifying cipherSuite 0x%lx\n", (UInt32)ctx->selectedCipher);
-
+ #endif
+
CASSERT(progress == serverHello->contents.data + serverHello->contents.length);
return SSLNoErr;
protocolVersion = (SSLProtocolVersion)SSLDecodeInt(p, 2);
p += 2;
- if (protocolVersion != SSL_Version_3_0)
- return SSLUnsupportedErr;
+ if (protocolVersion > ctx->maxProtocolVersion) {
+ return SSLNegotiationErr;
+ }
ctx->negProtocolVersion = protocolVersion;
- #if LOG_NEGOTIATE
- dprintf0("===SSL3 client: negVersion is 3_0\n");
+ switch(protocolVersion) {
+ case SSL_Version_3_0:
+ ctx->sslTslCalls = &Ssl3Callouts;
+ break;
+ case TLS_Version_1_0:
+ ctx->sslTslCalls = &Tls1Callouts;
+ break;
+ default:
+ return SSLNegotiationErr;
+ }
+ #if LOG_NEGOTIATE
+ dprintf2("===SSL3 client: negVersion is %d_%d\n",
+ (protocolVersion >> 8) & 0xff, protocolVersion & 0xff);
#endif
memcpy(ctx->serverRandom, p, 32);
ctx->selectedCipher = (UInt16)SSLDecodeInt(p,2);
#if LOG_NEGOTIATE
- dprintf1("===ssl3: server requests cipherKind 0x%x\n",
- (UInt32)ctx->selectedCipher);
+ dprintf1("===ssl3: server requests cipherKind %d\n",
+ (unsigned)ctx->selectedCipher);
#endif
p += 2;
if ((err = FindCipherSpec(ctx)) != 0) {
sessionIDLen = 0;
if (ctx->resumableSession.data != 0)
- { if (ERR(err = SSLRetrieveSessionIDIdentifier(ctx->resumableSession, &sessionIdentifier, ctx)) != 0)
+ { if (ERR(err = SSLRetrieveSessionID(ctx->resumableSession, &sessionIdentifier, ctx)) != 0)
{ return err;
}
sessionIDLen = sessionIdentifier.length;
length = 39 + 2*(ctx->numValidCipherSpecs) + sessionIDLen;
- clientHello->protocolVersion = SSL_Version_3_0;
+ clientHello->protocolVersion = ctx->maxProtocolVersion;
clientHello->contentType = SSL_handshake;
if ((err = SSLAllocBuffer(&clientHello->contents, length + 4, &ctx->sysCtx)) != 0)
return err;
p = clientHello->contents.data;
*p++ = SSL_client_hello;
p = SSLEncodeInt(p, length, 3);
- p = SSLEncodeInt(p, SSL_Version_3_0, 2);
+ p = SSLEncodeInt(p, ctx->maxProtocolVersion, 2);
#if LOG_NEGOTIATE
- dprintf0("===SSL3 client: proclaiming Version_3_0 capable ONLY\n");
+ dprintf2("===SSL3 client: proclaiming max protocol %d_%d capable ONLY\n",
+ ctx->maxProtocolVersion >> 8, ctx->maxProtocolVersion & 0xff);
#endif
if ((err = SSLEncodeRandom(p, ctx)) != 0)
{ SSLFreeBuffer(&clientHello->contents, &ctx->sysCtx);
return err;
}
- memcpy(ctx->clientRandom, p, 32);
+ memcpy(ctx->clientRandom, p, SSL_CLIENT_SRVR_RAND_SIZE);
p += 32;
*p++ = sessionIDLen; /* 1 byte vector length */
if (sessionIDLen > 0)
progress = message.data;
clientVersion = (SSLProtocolVersion)SSLDecodeInt(progress, 2);
progress += 2;
+ #if old_way
+ /* tested, works with SSLv3 */
if (clientVersion < SSL_Version_3_0) {
#if LOG_NEGOTIATE
dprintf1("===SSL3 server: clientVersion %s rejected\n", clientVersion);
return SSLUnsupportedErr;
}
ctx->negProtocolVersion = SSL_Version_3_0;
+ #else
+ /* Untested, for TLS */
+ if(clientVersion > ctx->maxProtocolVersion) {
+ clientVersion = ctx->maxProtocolVersion;
+ }
+ switch(clientVersion) {
+ case SSL_Version_3_0:
+ ctx->sslTslCalls = &Ssl3Callouts;
+ break;
+ case TLS_Version_1_0:
+ ctx->sslTslCalls = &Tls1Callouts;
+ break;
+ default:
+ return SSLNegotiationErr;
+ }
+ ctx->negProtocolVersion = clientVersion;
+ #endif /* new_way */
#if LOG_NEGOTIATE
- dprintf0("===SSL3 server: negVersion is 3_0\n");
+ dprintf2("===SSL3 server: negVersion is %d_%d\n",
+ clientVersion >> 8, clientVersion & 0xff);
#endif
- memcpy(ctx->clientRandom, progress, 32);
+ memcpy(ctx->clientRandom, progress, SSL_CLIENT_SRVR_RAND_SIZE);
progress += 32;
sessionIDLen = *(progress++);
if (message.length < 41 + sessionIDLen) {
return err;
}
#if LOG_NEGOTIATE
- dprintf1("ssl3 server: selecting cipherKind 0x%x\n", (UInt32)ctx->selectedCipher);
+ dprintf1("ssl3 server: selecting cipherKind 0x%x\n", (unsigned)ctx->selectedCipher);
#endif
compressionCount = *(progress++);
SSLErr err;
UInt32 time;
- #ifdef _APPLE_CDSA_
if ((err = sslTime(&time)) != 0)
- #else
- if ((err = ctx->sysCtx.time(&time, ctx->sysCtx.timeRef)) != 0)
- #endif
return err;
SSLEncodeInt(p, time, 4);
randomData.data = p+4;
randomData.length = 28;
- #ifdef _APPLE_CDSA_
if((err = sslRand(ctx, &randomData)) != 0)
- #else
- if ((err = ctx->sysCtx.random(randomData, ctx->sysCtx.randomRef)) != 0)
- #endif
return err;
return SSLNoErr;
}
SSLErr
SSLInitMessageHashes(SSLContext *ctx)
{ SSLErr err;
- if ((err = SSLFreeBuffer(&ctx->shaState, &ctx->sysCtx)) != 0)
+
+ if ((err = CloseHash(&SSLHashSHA1, &ctx->shaState, ctx)) != 0)
return err;
- if ((err = SSLFreeBuffer(&ctx->md5State, &ctx->sysCtx)) != 0)
+ if ((err = CloseHash(&SSLHashMD5, &ctx->md5State, ctx)) != 0)
return err;
if ((err = ReadyHash(&SSLHashSHA1, &ctx->shaState, ctx)) != 0)
return err;
- if ((err = ReadyHash(&SSLHashMD5, &ctx->md5State, ctx)) != 0)
+ if ((err = ReadyHash(&SSLHashMD5, &ctx->md5State, ctx)) != 0)
return err;
return SSLNoErr;
}
#endif
#include <string.h>
-
-static SSLErr SSLGenerateKeyMaterial(SSLBuffer key, SSLContext *ctx);
+#include <assert.h>
SSLErr
SSLEncodeRSAPremasterSecret(SSLContext *ctx)
{ SSLBuffer randData;
SSLErr err;
- if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret, 48, &ctx->sysCtx)) != 0)
+ if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret,
+ SSL_RSA_PREMASTER_SECRET_SIZE, &ctx->sysCtx)) != 0)
return err;
- SSLEncodeInt(ctx->preMasterSecret.data, SSL_Version_3_0, 2);
+ assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
+ (ctx->negProtocolVersion == TLS_Version_1_0));
+ SSLEncodeInt(ctx->preMasterSecret.data, ctx->maxProtocolVersion, 2);
randData.data = ctx->preMasterSecret.data+2;
- randData.length = 46;
- #ifdef _APPLE_CDSA_
+ randData.length = SSL_RSA_PREMASTER_SECRET_SIZE - 2;
if ((err = sslRand(ctx, &randData)) != 0)
- #else
- if ((err = ctx->sysCtx.random(randData, ctx->sysCtx.randomRef)) != 0)
- #endif
return err;
DUMP_BUFFER_NAME("premaster secret", ctx->preMasterSecret);
SSLErr err;
int rsaResult;
SSLRandomCtx rsaRandom;
-#if RSAREF
- SSLBuffer privateValue;
-#endif
/* Given the server's Diffie-Hellman parameters, prepare a public & private value,
* then use the public value provided by the server and our private value to
#endif /* APPLE_DH */
-SSLErr
-SSLCalculateMasterSecret(SSLContext *ctx)
-{ SSLErr err;
- SSLBuffer shaState, md5State, clientRandom,
- serverRandom, shaHash, md5Hash, leader;
- UInt8 *masterProgress, shaHashData[20], leaderData[3];
- int i;
-
- md5State.data = shaState.data = 0;
- if ((err = SSLAllocBuffer(&md5State, SSLHashMD5.contextSize, &ctx->sysCtx)) != 0)
- goto fail;
- if ((err = SSLAllocBuffer(&shaState, SSLHashSHA1.contextSize, &ctx->sysCtx)) != 0)
- goto fail;
-
- clientRandom.data = ctx->clientRandom;
- clientRandom.length = 32;
- serverRandom.data = ctx->serverRandom;
- serverRandom.length = 32;
- shaHash.data = shaHashData;
- shaHash.length = 20;
-
- masterProgress = ctx->masterSecret;
-
- for (i = 1; i <= 3; i++)
- { if ((err = SSLHashMD5.init(md5State)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.init(shaState)) != 0)
- goto fail;
-
- leaderData[0] = leaderData[1] = leaderData[2] = 0x40 + i; /* 'A', 'B', etc. */
- leader.data = leaderData;
- leader.length = i;
-
- if ((err = SSLHashSHA1.update(shaState, leader)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.update(shaState, ctx->preMasterSecret)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.update(shaState, clientRandom)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.update(shaState, serverRandom)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.final(shaState, shaHash)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(md5State, ctx->preMasterSecret)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(md5State, shaHash)) != 0)
- goto fail;
- md5Hash.data = masterProgress;
- md5Hash.length = 16;
- if ((err = SSLHashMD5.final(md5State, md5Hash)) != 0)
- goto fail;
- masterProgress += 16;
- }
-
- DUMP_DATA_NAME("master secret",ctx->masterSecret, 48);
-
- err = SSLNoErr;
-fail:
- SSLFreeBuffer(&shaState, &ctx->sysCtx);
- SSLFreeBuffer(&md5State, &ctx->sysCtx);
- return err;
-}
-
SSLErr
SSLInitPendingCiphers(SSLContext *ctx)
{ SSLErr err;
- SSLBuffer key, hashCtx;
+ SSLBuffer key;
UInt8 *keyDataProgress, *keyPtr, *ivPtr;
int keyDataLen;
CipherContext *serverPending, *clientPending;
- key.data = hashCtx.data = 0;
+ key.data = 0;
- ctx->readPending.hash = ctx->selectedCipherSpec->macAlgorithm;
- ctx->writePending.hash = ctx->selectedCipherSpec->macAlgorithm;
+ ctx->readPending.macRef = ctx->selectedCipherSpec->macAlgorithm;
+ ctx->writePending.macRef = ctx->selectedCipherSpec->macAlgorithm;
ctx->readPending.symCipher = ctx->selectedCipherSpec->cipher;
ctx->writePending.symCipher = ctx->selectedCipherSpec->cipher;
ctx->readPending.sequenceNum.high = ctx->readPending.sequenceNum.low = 0;
ctx->writePending.sequenceNum.high = ctx->writePending.sequenceNum.low = 0;
- keyDataLen = ctx->selectedCipherSpec->macAlgorithm->digestSize +
+ keyDataLen = ctx->selectedCipherSpec->macAlgorithm->hash->digestSize +
ctx->selectedCipherSpec->cipher->secretKeySize;
if (ctx->selectedCipherSpec->isExportable == NotExportable)
keyDataLen += ctx->selectedCipherSpec->cipher->ivSize;
if ((err = SSLAllocBuffer(&key, keyDataLen, &ctx->sysCtx)) != 0)
return err;
- if ((err = SSLGenerateKeyMaterial(key, ctx)) != 0)
+ assert(ctx->sslTslCalls != NULL);
+ if ((err = ctx->sslTslCalls->generateKeyMaterial(key, ctx)) != 0)
goto fail;
- DUMP_BUFFER_NAME("key data",key);
if (ctx->protocolSide == SSL_ServerSide)
{ serverPending = &ctx->writePending;
}
keyDataProgress = key.data;
- memcpy(clientPending->macSecret, keyDataProgress, ctx->selectedCipherSpec->macAlgorithm->digestSize);
- DUMP_DATA_NAME("client write mac secret", keyDataProgress, ctx->selectedCipherSpec->macAlgorithm->digestSize);
- keyDataProgress += ctx->selectedCipherSpec->macAlgorithm->digestSize;
- memcpy(serverPending->macSecret, keyDataProgress, ctx->selectedCipherSpec->macAlgorithm->digestSize);
- DUMP_DATA_NAME("server write mac secret", keyDataProgress, ctx->selectedCipherSpec->macAlgorithm->digestSize);
- keyDataProgress += ctx->selectedCipherSpec->macAlgorithm->digestSize;
-
+ memcpy(clientPending->macSecret, keyDataProgress,
+ ctx->selectedCipherSpec->macAlgorithm->hash->digestSize);
+ keyDataProgress += ctx->selectedCipherSpec->macAlgorithm->hash->digestSize;
+ memcpy(serverPending->macSecret, keyDataProgress,
+ ctx->selectedCipherSpec->macAlgorithm->hash->digestSize);
+ keyDataProgress += ctx->selectedCipherSpec->macAlgorithm->hash->digestSize;
+
+ /* init the reusable-per-record MAC contexts */
+ err = ctx->sslTslCalls->initMac(clientPending, ctx);
+ if(err) {
+ goto fail;
+ }
+ err = ctx->sslTslCalls->initMac(serverPending, ctx);
+ if(err) {
+ goto fail;
+ }
+
if (ctx->selectedCipherSpec->isExportable == NotExportable)
{ keyPtr = keyDataProgress;
keyDataProgress += ctx->selectedCipherSpec->cipher->secretKeySize;
if ((err = ctx->selectedCipherSpec->cipher->initialize(keyPtr, ivPtr,
clientPending, ctx)) != 0)
goto fail;
- DUMP_DATA_NAME("client write key", keyPtr, ctx->selectedCipherSpec->cipher->secretKeySize);
- DUMP_DATA_NAME("client write iv", ivPtr, ctx->selectedCipherSpec->cipher->ivSize);
keyPtr = keyDataProgress;
keyDataProgress += ctx->selectedCipherSpec->cipher->secretKeySize;
/* Skip client write IV to get to server write IV */
if ((err = ctx->selectedCipherSpec->cipher->initialize(keyPtr, ivPtr,
serverPending, ctx)) != 0)
goto fail;
- DUMP_DATA_NAME("server write key", keyPtr, ctx->selectedCipherSpec->cipher->secretKeySize);
- DUMP_DATA_NAME("server write iv", ivPtr, ctx->selectedCipherSpec->cipher->ivSize);
}
- else
- { UInt8 exportKey[16], exportIV[16];
- SSLBuffer hashOutput, clientWrite, serverWrite, clientRandom,
- serverRandom;
-
- CASSERT(ctx->selectedCipherSpec->cipher->keySize <= 16);
- CASSERT(ctx->selectedCipherSpec->cipher->ivSize <= 16);
+ else {
+ UInt8 clientExportKey[16], serverExportKey[16],
+ clientExportIV[16], serverExportIV[16];
+ SSLBuffer clientWrite, serverWrite;
+ SSLBuffer finalClientWrite, finalServerWrite;
+ SSLBuffer finalClientIV, finalServerIV;
+
+ assert(ctx->selectedCipherSpec->cipher->keySize <= 16);
+ assert(ctx->selectedCipherSpec->cipher->ivSize <= 16);
+ /* Inputs to generateExportKeyAndIv are clientRandom, serverRandom,
+ * clientWriteKey, serverWriteKey. The first two are already present
+ * in ctx.
+ * Outputs are a key and IV for each of {server, client}.
+ */
clientWrite.data = keyDataProgress;
clientWrite.length = ctx->selectedCipherSpec->cipher->secretKeySize;
serverWrite.data = keyDataProgress + clientWrite.length;
serverWrite.length = ctx->selectedCipherSpec->cipher->secretKeySize;
- clientRandom.data = ctx->clientRandom;
- clientRandom.length = 32;
- serverRandom.data = ctx->serverRandom;
- serverRandom.length = 32;
-
- if ((err = SSLAllocBuffer(&hashCtx, SSLHashMD5.contextSize, &ctx->sysCtx)) != 0)
- goto fail;
- if ((err = SSLHashMD5.init(hashCtx)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(hashCtx, clientWrite)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0)
- goto fail;
- hashOutput.data = exportKey;
- hashOutput.length = 16;
- if ((err = SSLHashMD5.final(hashCtx, hashOutput)) != 0)
- goto fail;
-
- if (ctx->selectedCipherSpec->cipher->ivSize > 0)
- { if ((err = SSLHashMD5.init(hashCtx)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0)
- goto fail;
- hashOutput.data = exportIV;
- hashOutput.length = 16;
- if ((err = SSLHashMD5.final(hashCtx, hashOutput)) != 0)
- goto fail;
- }
- if ((err = ctx->selectedCipherSpec->cipher->initialize(exportKey, exportIV,
- clientPending, ctx)) != 0)
- goto fail;
-
- if ((err = SSLHashMD5.init(hashCtx)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(hashCtx, serverWrite)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0)
- goto fail;
- hashOutput.data = exportKey;
- hashOutput.length = 16;
- if ((err = SSLHashMD5.final(hashCtx, hashOutput)) != 0)
- goto fail;
-
- if (ctx->selectedCipherSpec->cipher->ivSize > 0)
- { if ((err = SSLHashMD5.init(hashCtx)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0)
- goto fail;
- hashOutput.data = exportIV;
- hashOutput.length = 16;
- if ((err = SSLHashMD5.final(hashCtx, hashOutput)) != 0)
- goto fail;
- }
- if ((err = ctx->selectedCipherSpec->cipher->initialize(exportKey, exportIV,
- serverPending, ctx)) != 0)
+ finalClientWrite.data = clientExportKey;
+ finalServerWrite.data = serverExportKey;
+ finalClientIV.data = clientExportIV;
+ finalServerIV.data = serverExportIV;
+ finalClientWrite.length = 16;
+ finalServerWrite.length = 16;
+ /* these can be zero */
+ finalClientIV.length = ctx->selectedCipherSpec->cipher->ivSize;
+ finalServerIV.length = ctx->selectedCipherSpec->cipher->ivSize;
+
+ assert(ctx->sslTslCalls != NULL);
+ err = ctx->sslTslCalls->generateExportKeyAndIv(ctx, clientWrite, serverWrite,
+ finalClientWrite, finalServerWrite, finalClientIV, finalServerIV);
+ if(err) {
+ goto fail;
+ }
+ if ((err = ctx->selectedCipherSpec->cipher->initialize(clientExportKey,
+ clientExportIV, clientPending, ctx)) != 0)
+ goto fail;
+ if ((err = ctx->selectedCipherSpec->cipher->initialize(serverExportKey,
+ serverExportIV, serverPending, ctx)) != 0)
goto fail;
}
-/* Ciphers are ready for use */
+ /* Ciphers are ready for use */
ctx->writePending.ready = 1;
ctx->readPending.ready = 1;
-/* Ciphers get swapped by sending or receiving a change cipher spec message */
+ /* Ciphers get swapped by sending or receiving a change cipher spec message */
err = SSLNoErr;
fail:
SSLFreeBuffer(&key, &ctx->sysCtx);
- SSLFreeBuffer(&hashCtx, &ctx->sysCtx);
- return err;
-}
-
-static SSLErr
-SSLGenerateKeyMaterial(SSLBuffer key, SSLContext *ctx)
-{ SSLErr err;
- UInt8 leaderData[10]; /* Max of 10 hashes (* 16 bytes/hash = 160 bytes of key) */
- UInt8 shaHashData[20], md5HashData[16];
- SSLBuffer shaContext, md5Context;
- UInt8 *keyProgress;
- int i,j,remaining, satisfied;
- SSLBuffer leader, masterSecret, serverRandom, clientRandom, shaHash, md5Hash;
-
- CASSERT(key.length <= 16 * sizeof(leaderData));
-
- leader.data = leaderData;
- masterSecret.data = ctx->masterSecret;
- masterSecret.length = 48;
- serverRandom.data = ctx->serverRandom;
- serverRandom.length = 32;
- clientRandom.data = ctx->clientRandom;
- clientRandom.length = 32;
- shaHash.data = shaHashData;
- shaHash.length = 20;
- md5Hash.data = md5HashData;
- md5Hash.length = 20;
-
- md5Context.data = 0;
- shaContext.data = 0;
- if ((err = ReadyHash(&SSLHashMD5, &md5Context, ctx)) != 0)
- goto fail;
- if ((err = ReadyHash(&SSLHashSHA1, &shaContext, ctx)) != 0)
- goto fail;
-
- keyProgress = key.data;
- remaining = key.length;
-
- for (i = 0; remaining > 0; ++i)
- { for (j = 0; j <= i; j++)
- leaderData[j] = 0x41 + i; /* 'A', 'BB', 'CCC', etc. */
- leader.length = i+1;
-
- if ((err = SSLHashSHA1.update(shaContext, leader)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.update(shaContext, masterSecret)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.update(shaContext, serverRandom)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.update(shaContext, clientRandom)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.final(shaContext, shaHash)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(md5Context, masterSecret)) != 0)
- goto fail;
- if ((err = SSLHashMD5.update(md5Context, shaHash)) != 0)
- goto fail;
- if ((err = SSLHashMD5.final(md5Context, md5Hash)) != 0)
- goto fail;
-
- satisfied = 16;
- if (remaining < 16)
- satisfied = remaining;
- memcpy(keyProgress, md5HashData, satisfied);
- remaining -= satisfied;
- keyProgress += satisfied;
-
- if ((err = SSLHashMD5.init(md5Context)) != 0)
- goto fail;
- if ((err = SSLHashSHA1.init(shaContext)) != 0)
- goto fail;
- }
-
- CASSERT(remaining == 0 && keyProgress == (key.data + key.length));
- err = SSLNoErr;
-fail:
- SSLFreeBuffer(&md5Context, &ctx->sysCtx);
- SSLFreeBuffer(&shaContext, &ctx->sysCtx);
-
return err;
}
-#ifndef _APPLE_CDSA_
-/* I'm not sure what this is for */
-SSLErr
-ReadyRandom(SSLRandomCtx *rsaRandom, SSLContext *ctx)
-{ SSLErr err;
- SSLBuffer randomSeedBuf;
- UInt8 randomSeed[32];
- int rsaResult;
-#if RSAREF
- unsigned int bytesNeeded;
-
- if (R_RandomInit(rsaRandom) != 0)
- return ERR(SSLUnknownErr);
- if (R_GetRandomBytesNeeded(&bytesNeeded, rsaRandom) != 0)
- return ERR(SSLUnknownErr);
-
- randomSeedBuf.data = randomSeed;
- randomSeedBuf.length = 32;
-
- while (bytesNeeded > 0)
- { if (ERR(err = ctx->sysCtx.random(randomSeedBuf, ctx->sysCtx.randomRef)) != 0)
- return err;
- if ((rsaResult = R_RandomUpdate(rsaRandom, randomSeed, 32)) != 0)
- return ERR(SSLUnknownErr);
-
- if (bytesNeeded >= 32)
- bytesNeeded -= 32;
- else
- bytesNeeded = 0;
- }
-#elif BSAFE
- static B_ALGORITHM_OBJ random;
- B_ALGORITHM_METHOD *chooser[] = { &AM_MD5_RANDOM, 0 };
-
- if ((rsaResult = B_CreateAlgorithmObject(rsaRandom)) != 0)
- return ERR(SSLUnknownErr);
- if ((rsaResult = B_SetAlgorithmInfo(*rsaRandom, AI_MD5Random, 0)) != 0)
- return ERR(SSLUnknownErr);
- if ((rsaResult = B_RandomInit(*rsaRandom, chooser, NO_SURR)) != 0)
- return ERR(SSLUnknownErr);
- randomSeedBuf.data = randomSeed;
- randomSeedBuf.length = 32;
- if (ERR(err = ctx->sysCtx.random(randomSeedBuf, ctx->sysCtx.randomRef)) != 0)
- return err;
- if ((rsaResult = B_RandomUpdate(*rsaRandom, randomSeedBuf.data, randomSeedBuf.length, NO_SURR)) != 0)
- return ERR(SSLUnknownErr);
-#endif /* RSAREF / BSAFE */
-
- return SSLNoErr;
-}
-#endif /* APPLE_CDSA */
#include "digests.h"
#endif
+#include <assert.h>
#include <string.h>
-#if _APPLE_CDSA_
/*
- * For this config, just for this file, we'll do this typedef....
+ * Client RSA Key Exchange msgs actually start with a two-byte
+ * length field, contrary to the first version of RFC 2246, dated
+ * January 1999. See RFC 2246, March 2002, section 7.4.7.1 for
+ * updated requirements.
*/
+#define RSA_CLIENT_KEY_ADD_LENGTH 1
+
typedef CSSM_KEY_PTR SSLRSAPrivateKey;
-#endif
static SSLErr SSLEncodeRSAServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx);
static SSLErr SSLEncodeRSAKeyParams(SSLBuffer *keyParams, SSLRSAPrivateKey *key, SSLContext *ctx);
exportKey.data = 0;
hashCtx.data = 0;
- #if _APPLE_CDSA_
/* we have a public key here... */
CASSERT(ctx->encryptPubKey != NULL);
CASSERT(ctx->protocolSide == SSL_ServerSide);
if ((err = SSLEncodeRSAKeyParams(&exportKey, &ctx->encryptPubKey, ctx)) != 0)
- #else
- if (ERR(err = SSLEncodeRSAKeyParams(&exportKey, &ctx->exportKey, ctx)) != 0)
- #endif
goto fail;
-#if RSAREF
- localKeyModulusLen = (ctx->localKey.bits + 7)/8;
-#elif BSAFE
- { A_RSA_KEY *keyInfo;
- int rsaResult;
-
- if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->localKey, KI_RSAPublic)) != 0)
- return SSLUnknownErr;
- localKeyModulusLen = keyInfo->modulus.len;
- }
-#elif _APPLE_CDSA_
CASSERT(ctx->signingPubKey != NULL);
localKeyModulusLen = sslKeyLengthInBytes(ctx->signingPubKey);
-#else
-#error No Asymmetric crypto specified
-#endif /* RSAREF / BSAFE */
length = exportKey.length + 2 + localKeyModulusLen; /* RSA ouputs a block as long as the modulus */
- keyExch->protocolVersion = SSL_Version_3_0;
+ assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
+ (ctx->negProtocolVersion == TLS_Version_1_0));
+ keyExch->protocolVersion = ctx->negProtocolVersion;
keyExch->contentType = SSL_handshake;
if (ERR(err = SSLAllocBuffer(&keyExch->contents, length+4, &ctx->sysCtx)) != 0)
goto fail;
progress += exportKey.length;
clientRandom.data = ctx->clientRandom;
- clientRandom.length = 32;
+ clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE;
serverRandom.data = ctx->serverRandom;
- serverRandom.length = 32;
+ serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE;
hash.data = &hashes[0];
hash.length = 16;
goto fail;
progress = SSLEncodeInt(progress, localKeyModulusLen, 2);
-#if RSAREF
- if (RSAPrivateEncrypt(progress, &outputLen, hashes, 36, &ctx->localKey) != 0) /* Sign the structure */
- return ERR(SSLUnknownErr);
-#elif BSAFE
- { B_ALGORITHM_OBJ rsa;
- B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_ENCRYPT, &AM_RSA_CRT_ENCRYPT, 0 };
- int rsaResult;
- UInt32 encryptedOut;
-
- if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPrivate, 0)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_EncryptInit(rsa, ctx->localKey, chooser, NO_SURR)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_EncryptUpdate(rsa, progress,
- &encryptedOut, localKeyModulusLen, hashes, 36, 0, NO_SURR)) != 0)
- return SSLUnknownErr;
- outputLen = encryptedOut;
- if ((rsaResult = B_EncryptFinal(rsa, progress+outputLen,
- &encryptedOut, localKeyModulusLen-outputLen, 0, NO_SURR)) != 0)
- return SSLUnknownErr;
- outputLen += encryptedOut;
- B_DestroyAlgorithmObject(&rsa);
- }
-#elif _APPLE_CDSA_
err = sslRsaRawSign(ctx,
ctx->signingPrivKey,
ctx->signingKeyCsp,
if(err) {
goto fail;
}
-#endif /* RSAREF / BSAFE */
CASSERT(outputLen == localKeyModulusLen);
err = SSLNoErr;
SSLBuffer modulus, exponent;
UInt8 *progress;
-#if RSAREF
- keyParams->data = 0;
- modulus.length = (key->bits + 7) / 8;
- modulus.data = key->modulus + MAX_RSA_MODULUS_LEN - modulus.length;
-
- exponent.length = MAX_RSA_MODULUS_LEN;
- exponent.data = key->publicExponent; /* Point at first byte */
-
- while (*exponent.data == 0)
- { ++exponent.data;
- --exponent.length;
- }
-#elif BSAFE
- { A_RSA_KEY *keyInfo;
- int rsaResult;
-
- if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, *key, KI_RSAPublic)) != 0)
- return SSLUnknownErr;
- modulus.data = keyInfo->modulus.data;
- modulus.length = keyInfo->modulus.len;
- exponent.data = keyInfo->exponent.data;
- exponent.length = keyInfo->exponent.len;
- }
-#elif _APPLE_CDSA_
err = sslGetPubKeyBits(ctx,
*key,
ctx->encryptKeyCsp,
SSLFreeBuffer(&exponent, &ctx->sysCtx);
return err;
}
-#else
-#error No assymetric crypto specified
-#endif /* RSAREF / BSAFE */
if (ERR(err = SSLAllocBuffer(keyParams, modulus.length + exponent.length + 4, &ctx->sysCtx)) != 0)
return err;
progress = SSLEncodeInt(progress, exponent.length, 2);
memcpy(progress, exponent.data, exponent.length);
-#if _APPLE_CDSA_
/* these were mallocd by sslGetPubKeyBits() */
SSLFreeBuffer(&modulus, &ctx->sysCtx);
SSLFreeBuffer(&exponent, &ctx->sysCtx);
-#endif
return SSLNoErr;
}
length = 6 + ctx->dhAnonParams.primeLen + ctx->dhAnonParams.generatorLen +
ctx->dhExchangePublic.length;
- keyExch->protocolVersion = SSL_Version_3_0;
+ assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
+ (ctx->negProtocolVersion == TLS_Version_1_0));
+ keyExch->protocolVersion = ctx->negProtocolVersion;
keyExch->contentType = SSL_handshake;
if (ERR(err = SSLAllocBuffer(&keyExch->contents, length+4, &ctx->sysCtx)) != 0)
return err;
length = 6 + params->prime.len + params->base.len + ctx->dhExchangePublic.length;
- keyExch->protocolVersion = SSL_Version_3_0;
+ assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
+ (ctx->negProtocolVersion == TLS_Version_1_0));
+ keyExch->protocolVersion = ctx->negProtocolVersion;
keyExch->contentType = SSL_handshake;
if (ERR(err = SSLAllocBuffer(&keyExch->contents, length+4, &ctx->sysCtx)) != 0)
return err;
SSLBuffer tempPubKey, hashOut, hashCtx, clientRandom, serverRandom;
UInt16 modulusLen, exponentLen, signatureLen;
UInt8 *progress, *modulus, *exponent, *signature;
- #if _APPLE_CDSA_
UInt8 hash[36];
- #else
- UInt8 hash[20];
- UInt32 outputLen;
- #endif /* _APPLE_CDSA_ */
SSLBuffer signedHashes;
signedHashes.data = 0;
return ERR(SSLProtocolErr);
}
-#if RSAREF
- { /* Allocate room for the signed hashes; RSA can encrypt data
- as long as the modulus */
- if (ERR(err = SSLAllocBuffer(&signedHashes, (ctx->peerKey.bits + 7)/8, &ctx->sysCtx)) != 0)
- return err;
-
- if ((RSAPublicDecrypt(signedHashes.data, &outputLen, signature, signatureLen,
- &ctx->peerKey)) != 0)
- { ERR(err = SSLUnknownErr);
- goto fail;
- }
- }
-#elif BSAFE
- { B_ALGORITHM_OBJ rsa;
- B_ALGORITHM_METHOD *chooser[] = { &AM_MD2, &AM_MD5, &AM_RSA_DECRYPT, 0 };
- int rsaResult;
- unsigned int decryptLen;
-
- /* Allocate room for the signed hashes; BSAFE makes sure we don't decode too much data */
- if (ERR(err = SSLAllocBuffer(&signedHashes, 36, &ctx->sysCtx)) != 0)
- return err;
-
- if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPublic, 0)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_DecryptInit(rsa, ctx->peerKey, chooser, NO_SURR)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_DecryptUpdate(rsa, signedHashes.data, &decryptLen, 36,
- signature, signatureLen, 0, NO_SURR)) != 0)
- return SSLUnknownErr;
- outputLen = decryptLen;
- if ((rsaResult = B_DecryptFinal(rsa, signedHashes.data+outputLen,
- &decryptLen, 36-outputLen, 0, NO_SURR)) != 0)
- return SSLUnknownErr;
- outputLen += decryptLen;
- B_DestroyAlgorithmObject(&rsa);
- }
-#elif _APPLE_CDSA_
-
- /* not yet - calculate the hashes and then do a sig verify */
-
-#else
-#error No Asymmetric crypto module
-#endif
-
- #ifndef _APPLE_CDSA_
- if (outputLen != 36)
- { ERR(err = SSLProtocolErr);
- goto fail;
- }
- #endif
-
clientRandom.data = ctx->clientRandom;
- clientRandom.length = 32;
+ clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE;
serverRandom.data = ctx->serverRandom;
- serverRandom.length = 32;
+ serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE;
tempPubKey.data = message.data;
tempPubKey.length = modulusLen + exponentLen + 4;
hashOut.data = hash;
if (ERR(err = SSLHashMD5.final(hashCtx, hashOut)) != 0)
goto fail;
- #if _APPLE_CDSA_
/*
* SHA hash goes right after the MD5 hash
*/
hashOut.data = hash + 16;
- #else
- if ((memcmp(hash, signedHashes.data, 16)) != 0)
- { ERR(err = SSLProtocolErr);
- goto fail;
- }
- #endif /* _APPLE_CDSA_ */
-
hashOut.length = 20;
if (ERR(err = SSLFreeBuffer(&hashCtx, &ctx->sysCtx)) != 0)
goto fail;
if (ERR(err = SSLHashSHA1.final(hashCtx, hashOut)) != 0)
goto fail;
- #if _APPLE_CDSA_
-
err = sslRsaRawVerify(ctx,
ctx->peerPubKey,
ctx->peerPubKeyCsp,
err);
goto fail;
}
-
- #else /* old BSAFE/RSAREF */
-
- if ((memcmp(hash, signedHashes.data + 16, 20)) != 0)
- { ERR(err = SSLProtocolErr);
- goto fail;
- }
-
- #endif
-/* Signature matches; now replace server key with new key */
-#if RSAREF
- memset(&ctx->peerKey, 0, sizeof(R_RSA_PUBLIC_KEY));
- memcpy(ctx->peerKey.modulus + (MAX_RSA_MODULUS_LEN - modulusLen),
- modulus, modulusLen);
- memcpy(ctx->peerKey.exponent + (MAX_RSA_MODULUS_LEN - exponentLen),
- exponent, exponentLen);
-
-/* Adjust bit length for leading zeros in value; assume no more than 8 leading zero bits */
- { unsigned int bitAdjust;
- UInt8 c;
-
- c = modulus[0];
-
- bitAdjust = 8;
- while (c != 0)
- { --bitAdjust;
- c >>= 1;
- }
- ctx->peerKey.bits = modulusLen * 8 - bitAdjust;
- }
- err = SSLNoErr;
-#elif BSAFE
- { A_RSA_KEY pubKeyInfo;
- int rsaErr;
-
- pubKeyInfo.modulus.data = modulus;
- pubKeyInfo.modulus.len = modulusLen;
- pubKeyInfo.exponent.data = exponent;
- pubKeyInfo.exponent.len = exponentLen;
-
- if ((rsaErr = B_CreateKeyObject(&ctx->peerKey)) != 0)
- return SSLUnknownErr;
- if ((rsaErr = B_SetKeyInfo(ctx->peerKey, KI_RSAPublic, (POINTER)&pubKeyInfo)) != 0)
- return SSLUnknownErr;
- }
- err = SSLNoErr;
-#elif _APPLE_CDSA_
+ /* Signature matches; now replace server key with new key */
{
SSLBuffer modBuf;
SSLBuffer expBuf;
&ctx->peerPubKey,
&ctx->peerPubKeyCsp);
}
-#else
-#error No Assymmetric crypto module
-#endif /* RSAREF / BSAFE */
fail:
ERR(SSLFreeBuffer(&signedHashes, &ctx->sysCtx));
ERR(SSLFreeBuffer(&hashCtx, &ctx->sysCtx));
{ SSLErr err;
SSLBuffer result;
UInt32 outputLen, localKeyModulusLen;
- SSLRSAPrivateKey *key;
+ CSSM_KEY_PTR *key;
SSLProtocolVersion version;
Boolean useEncryptKey = false;
+ UInt8 *src = NULL;
+
- #if _APPLE_CDSA_
-
- /* different key names, also need CSP handle */
- CSSM_CSP_HANDLE cspHand;
-
- CASSERT(ctx->protocolSide == SSL_ServerSide);
-
- /*
- * FIXME - The original SSLRef looked at
- * ctx->selectedCipherSpec->keyExchangeMethod to decide which
- * key to use (exportKey or localKey). I really don't think we
- * want to use that - it's constant. We need to look at
- * whether the app specified encrypting certs, right?
- */
- #if SSL_SERVER_KEYEXCH_HACK
- /*
- * the way we work with Netscape.
- * FIXME - maybe we should *require* an encryptPrivKey in this
- * situation?
- */
- if((ctx->selectedCipherSpec->keyExchangeMethod == SSL_RSA_EXPORT) &&
- (ctx->encryptPrivKey != NULL)) {
- useEncryptKey = true;
- }
-
- #else /* !SSL_SERVER_KEYEXCH_HACK */
- /* The "correct" way, I think, which doesn't work with Netscape */
- if (ctx->encryptPrivKey) {
- useEncryptKey = true;
- }
- #endif /* SSL_SERVER_KEYEXCH_HACK */
- if (useEncryptKey) {
- key = &ctx->encryptPrivKey;
- cspHand = ctx->encryptKeyCsp;
- }
- else {
- key = &ctx->signingPrivKey;
- cspHand = ctx->signingKeyCsp;
- }
- #else /* original SSLRef3 */
- if (ctx->selectedCipherSpec->keyExchangeMethod == SSL_RSA_EXPORT)
- key = &ctx->exportKey;
- else
- key = &ctx->localKey;
- #endif /* _APPLE_CDSA_ */
- result.data = 0;
+ /* different key names, also need CSP handle */
+ CSSM_CSP_HANDLE cspHand;
+
+ CASSERT(ctx->protocolSide == SSL_ServerSide);
+
+ /*
+ * FIXME - The original SSLRef looked at
+ * ctx->selectedCipherSpec->keyExchangeMethod to decide which
+ * key to use (exportKey or localKey). I really don't think we
+ * want to use that - it's constant. We need to look at
+ * whether the app specified encrypting certs, right?
+ */
+ #if SSL_SERVER_KEYEXCH_HACK
+ /*
+ * the way we work with Netscape.
+ * FIXME - maybe we should *require* an encryptPrivKey in this
+ * situation?
+ */
+ if((ctx->selectedCipherSpec->keyExchangeMethod == SSL_RSA_EXPORT) &&
+ (ctx->encryptPrivKey != NULL)) {
+ useEncryptKey = true;
+ }
+
+ #else /* !SSL_SERVER_KEYEXCH_HACK */
+ /* The "correct" way, I think, which doesn't work with Netscape */
+ if (ctx->encryptPrivKey) {
+ useEncryptKey = true;
+ }
+ #endif /* SSL_SERVER_KEYEXCH_HACK */
+ if (useEncryptKey) {
+ key = &ctx->encryptPrivKey;
+ cspHand = ctx->encryptKeyCsp;
+ }
+ else {
+ key = &ctx->signingPrivKey;
+ cspHand = ctx->signingKeyCsp;
+ }
-#if RSAREF
- localKeyModulusLen = (key->bits + 7)/8;
-#elif BSAFE
- { A_RSA_KEY *keyInfo;
- int rsaResult;
-
- if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, *key, KI_RSAPublic)) != 0)
- return SSLUnknownErr;
- localKeyModulusLen = keyInfo->modulus.len;
- }
-#elif _APPLE_CDSA_
localKeyModulusLen = sslKeyLengthInBytes(*key);
-#else
-#error No assymetric crypto module
-#endif /* RSAREF / BSAFE */
-
- if (keyExchange.length != localKeyModulusLen) {
- errorLog0("SSLDecodeRSAKeyExchange: length error\n");
+
+ /*
+ * We have to tolerate incoming key exchange msgs with and without the
+ * two-byte "encrypted length" field.
+ */
+ if (keyExchange.length == localKeyModulusLen) {
+ /* no length encoded */
+ src = keyExchange.data;
+ }
+ else if((keyExchange.length == (localKeyModulusLen + 2)) &&
+ (ctx->negProtocolVersion >= TLS_Version_1_0)) {
+ /* TLS only - skip the length bytes */
+ src = keyExchange.data + 2;
+ }
+ else {
+ errorLog2("SSLDecodeRSAKeyExchange: length error (exp %u got %u)\n",
+ (unsigned)localKeyModulusLen, (unsigned)keyExchange.length);
return ERR(SSLProtocolErr);
}
-
-#if RSAREF
- if (ERR(err = SSLAllocBuffer(&result, localKeyModulusLen, &ctx->sysCtx)) != 0)
+ err = SSLAllocBuffer(&result, localKeyModulusLen, &ctx->sysCtx);
+ if(err != 0) {
return err;
- if ((RSAPrivateDecrypt(result.data, &outputLen, keyExchange.data, keyExchange.length, key)) != 0)
- { ERR(err = SSLUnknownErr);
- goto fail;
- }
-#elif BSAFE
- { B_ALGORITHM_OBJ rsa;
- B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_DECRYPT, &AM_RSA_CRT_DECRYPT, 0 };
- int rsaResult;
- unsigned int decryptLen;
-
- /* Allocate room for the premaster secret; BSAFE makes sure we don't decode too much data */
- if (ERR(err = SSLAllocBuffer(&result, 48, &ctx->sysCtx)) != 0)
- return err;
-
- if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPrivate, 0)) != 0)
- return SSLUnknownErr;
- #ifdef macintosh
- /*
- * I think this is an SSLRef bug - we need to use the right key here,
- * as the RSAREF case above does!
- */
- if ((rsaResult = B_DecryptInit(rsa, *key, chooser, NO_SURR)) != 0)
- return SSLUnknownErr;
- #else /* the SSLRef way */
- if ((rsaResult = B_DecryptInit(rsa, ctx->localKey, chooser, NO_SURR)) != 0)
- return SSLUnknownErr;
- #endif /* mac/SSLREF */
- if ((rsaResult = B_DecryptUpdate(rsa, result.data, &decryptLen, 48,
- keyExchange.data, keyExchange.length, 0, NO_SURR)) != 0)
- return SSLUnknownErr;
- outputLen = decryptLen;
- if ((rsaResult = B_DecryptFinal(rsa, result.data+outputLen,
- &decryptLen, 48-outputLen, 0, NO_SURR)) != 0)
- return SSLUnknownErr;
- outputLen += decryptLen;
- B_DestroyAlgorithmObject(&rsa);
- }
-#elif _APPLE_CDSA_
+ }
+
err = sslRsaDecrypt(ctx,
*key,
cspHand,
- keyExchange.data,
- keyExchange.length,
+ src,
+ localKeyModulusLen,
result.data,
48,
&outputLen);
if(err) {
goto fail;
}
-#endif
if (outputLen != 48)
{
ERR(err = SSLProtocolErr);
goto fail;
}
- if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret, 48, &ctx->sysCtx)) != 0)
+ if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret,
+ SSL_RSA_PREMASTER_SECRET_SIZE, &ctx->sysCtx)) != 0)
goto fail;
- memcpy(ctx->preMasterSecret.data, result.data, 48);
+ memcpy(ctx->preMasterSecret.data, result.data,
+ SSL_RSA_PREMASTER_SECRET_SIZE);
err = SSLNoErr;
fail:
SSLEncodeRSAKeyExchange(SSLRecord *keyExchange, SSLContext *ctx)
{ SSLErr err;
UInt32 outputLen, peerKeyModulusLen;
- #if !_APPLE_CDSA_
- SSLRandomCtx rsaRandom;
- int rsaResult;
- #endif
-
+ UInt32 bufLen;
+ UInt8 *dst;
+ bool encodeLen = false;
+
if (ERR(err = SSLEncodeRSAPremasterSecret(ctx)) != 0)
return err;
- #if !_APPLE_CDSA_
- if (ERR(err = ReadyRandom(&rsaRandom, ctx)) != 0)
- return err;
- #endif
-
keyExchange->contentType = SSL_handshake;
- keyExchange->protocolVersion = SSL_Version_3_0;
-
-#if RSAREF
- peerKeyModulusLen = (ctx->peerKey.bits + 7)/8;
-#elif BSAFE
- { A_RSA_KEY *keyInfo;
+ assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
+ (ctx->negProtocolVersion == TLS_Version_1_0));
+ keyExchange->protocolVersion = ctx->negProtocolVersion;
- if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->peerKey, KI_RSAPublic)) != 0)
- return SSLUnknownErr;
- peerKeyModulusLen = keyInfo->modulus.len;
- }
-#elif _APPLE_CDSA_
peerKeyModulusLen = sslKeyLengthInBytes(ctx->peerPubKey);
-#else
-#error No Assymetric Crypto
-#endif /* RSAREF / BSAFE */
- if (ERR(err = SSLAllocBuffer(&keyExchange->contents,peerKeyModulusLen + 4,&ctx->sysCtx)) != 0)
+ bufLen = peerKeyModulusLen + 4;
+ #if RSA_CLIENT_KEY_ADD_LENGTH
+ if(ctx->negProtocolVersion >= TLS_Version_1_0) {
+ bufLen += 2;
+ encodeLen = true;
+ }
+ #endif
+ if (ERR(err = SSLAllocBuffer(&keyExchange->contents,
+ bufLen,&ctx->sysCtx)) != 0)
{
-#if RSAREF
- R_RandomFinal(&rsaRandom);
-#elif BSAFE
- B_DestroyAlgorithmObject(&rsaRandom);
-#endif
return err;
}
+ dst = keyExchange->contents.data + 4;
+ if(encodeLen) {
+ dst += 2;
+ }
keyExchange->contents.data[0] = SSL_client_key_exchange;
- SSLEncodeInt(keyExchange->contents.data + 1, peerKeyModulusLen, 3);
-#if RSAREF
- if ((rsaResult = RSAPublicEncrypt(keyExchange->contents.data+4, &outputLen,
- ctx->preMasterSecret.data, 48,
- &ctx->peerKey,&rsaRandom)) != 0)
- { R_RandomFinal(&rsaRandom);
- return ERR(SSLUnknownErr);
- }
-
- R_RandomFinal(&rsaRandom);
-
-#elif BSAFE
- { B_ALGORITHM_OBJ rsa;
- B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_ENCRYPT, 0 };
- int rsaResult;
- unsigned int encryptedOut;
-
- if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPublic, 0)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_EncryptInit(rsa, ctx->peerKey, chooser, NO_SURR)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_EncryptUpdate(rsa, keyExchange->contents.data+4,
- &encryptedOut, peerKeyModulusLen, ctx->preMasterSecret.data, 48, rsaRandom, NO_SURR)) != 0)
- return SSLUnknownErr;
- outputLen = encryptedOut;
- if ((rsaResult = B_EncryptFinal(rsa, keyExchange->contents.data+4+outputLen,
- &encryptedOut, peerKeyModulusLen-outputLen, rsaRandom, NO_SURR)) != 0)
- return SSLUnknownErr;
- outputLen += encryptedOut;
- B_DestroyAlgorithmObject(&rsa);
- }
-
- B_DestroyAlgorithmObject(&rsaRandom);
-#elif _APPLE_CDSA_
+
+ /* this is the record payload length */
+ SSLEncodeInt(keyExchange->contents.data + 1, bufLen - 4, 3);
+ if(encodeLen) {
+ /* the length of the encrypted pre_master_secret */
+ SSLEncodeInt(keyExchange->contents.data + 4,
+ peerKeyModulusLen, 2);
+ }
err = sslRsaEncrypt(ctx,
ctx->peerPubKey,
/* FIXME - maybe this should be ctx->cspHand */
ctx->peerPubKeyCsp,
ctx->preMasterSecret.data,
- 48,
- keyExchange->contents.data+4,
+ SSL_RSA_PREMASTER_SECRET_SIZE,
+ dst,
peerKeyModulusLen,
&outputLen);
if(err) {
return err;
}
-#endif
- CASSERT(outputLen + 4 == keyExchange->contents.length);
+ CASSERT(outputLen == encodeLen ?
+ keyExchange->contents.length - 6 :
+ keyExchange->contents.length - 4 );
return SSLNoErr;
}
outputLen = ctx->dhExchangePublic.length + 2;
keyExchange->contentType = SSL_handshake;
- keyExchange->protocolVersion = SSL_Version_3_0;
+ assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
+ (ctx->negProtocolVersion == TLS_Version_1_0));
+ keyExchange->protocolVersion = ctx->negProtocolVersion;
if (ERR(err = SSLAllocBuffer(&keyExchange->contents,outputLen + 4,&ctx->sysCtx)) != 0)
return err;
0, /* Secret key size */
0, /* IV size */
0, /* Block size */
- #ifdef _APPLE_CDSA_
CSSM_ALGID_NONE,
CSSM_ALGID_NONE,
CSSM_ALGMODE_NONE,
CSSM_PADDING_NONE,
- #endif /* _APPLE_CDSA */
NullInit,
NullCrypt,
NullCrypt,
#define stPrintCdsaError(o, cr)
#endif
+extern SSLErr sslSetUpSymmKey(
+ CSSM_KEY_PTR symKey,
+ CSSM_ALGORITHMS alg,
+ CSSM_KEYUSE keyUse, // CSSM_KEYUSE_ENCRYPT, etc.
+ CSSM_BOOL copyKey, // true: copy keyData false: set by reference
+ uint8 *keyData,
+ uint32 keyDataLen); // in bytes
+
extern SSLErr sslFreeKey(CSSM_CSP_HANDLE cspHand,
CSSM_KEY_PTR *key,
- #if ST_KEYCHAIN_ENABLE
- KCItemRef *kcItem);
+ #if ST_KEYCHAIN_ENABLE && ST_KC_KEYS_NEED_REF
+ SecKeychainRef *kcItem);
#else /* !ST_KEYCHAIN_ENABLE */
- /* fixme - will we need kcItem as a CL field ptr? */
void *kcItem);
#endif /* ST_KEYCHAIN_ENABLE*/
*/
SSLErr sslRsaRawSign(
SSLContext *ctx,
- const CSSM_KEY_PTR privKey,
+ const CSSM_KEY *privKey,
CSSM_CSP_HANDLE cspHand,
const UInt8 *plainText,
UInt32 plainTextLen,
SSLErr sslRsaRawVerify(
SSLContext *ctx,
- const CSSM_KEY_PTR pubKey,
+ const CSSM_KEY *pubKey,
CSSM_CSP_HANDLE cspHand,
const UInt8 *plainText,
UInt32 plainTextLen,
*/
SSLErr sslRsaEncrypt(
SSLContext *ctx,
- const CSSM_KEY_PTR pubKey,
+ const CSSM_KEY *pubKey,
CSSM_CSP_HANDLE cspHand,
const UInt8 *plainText,
UInt32 plainTextLen,
UInt32 *actualBytes); // RETURNED
SSLErr sslRsaDecrypt(
SSLContext *ctx,
- const CSSM_KEY_PTR privKey,
+ const CSSM_KEY *privKey,
CSSM_CSP_HANDLE cspHand,
const UInt8 *cipherText,
UInt32 cipherTextLen,
* Obtain size of key in bytes.
*/
extern UInt32 sslKeyLengthInBytes(
- const CSSM_KEY_PTR key);
+ const CSSM_KEY *key);
/*
* Get raw key bits from an RSA public key.
*/
SSLErr sslGetPubKeyBits(
SSLContext *ctx,
- const CSSM_KEY_PTR pubKey,
+ const CSSM_KEY *pubKey,
CSSM_CSP_HANDLE cspHand,
SSLBuffer *modulus, // data mallocd and RETURNED
SSLBuffer *exponent); // data mallocd and RETURNED
Contains: Glue layer between Apple SecureTransport and
original SSLRef code.
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
/*
File: appleSession.h
- Contains: Session storage module, _APPLE_CDSA_ version.
+ Contains: Session storage module, Apple CDSA version.
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
extern SSLErr sslAddSession (
const SSLBuffer sessionKey,
- const SSLBuffer sessionData,
- void *sessionRef);
+ const SSLBuffer sessionData);
extern SSLErr sslGetSession (
const SSLBuffer sessionKey,
- SSLBuffer *sessionData,
- void *sessionRef);
+ SSLBuffer *sessionData);
extern SSLErr sslDeleteSession (
- const SSLBuffer sessionKey,
- void *sessionRef);
+ const SSLBuffer sessionKey);
+
+extern SSLErr sslCleanupSession();
#ifdef __cplusplus
}
Contains: SSLCipherSpec declarations
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
#include <Security/CipherSuite.h>
#include "sslPriv.h"
#include "sslctx.h"
+#include "tls_hmac.h"
#ifdef __cplusplus
extern "C" {
SSLCipherSuite cipherSuite;
} SSLCipherMapping;
-/*
- * Note: we're not changing the digest mechanisms for now; BSAFE
- * doesn't provide the necessary "digest clone" op.
- */
-typedef SSLErr (*HashInit)(SSLBuffer digestCtx);
+typedef SSLErr (*HashInit)(SSLBuffer digestCtx, SSLContext *sslCtx);
typedef SSLErr (*HashUpdate)(SSLBuffer digestCtx, SSLBuffer data);
-typedef SSLErr (*HashFinal)(SSLBuffer digestCtx, SSLBuffer digest);
+/* HashFinal also does HashClose */
+typedef SSLErr (*HashFinal)(SSLBuffer digestCtx, SSLBuffer digest);
+typedef SSLErr (*HashClose)(SSLBuffer digestCtx, SSLContext *sslCtx);
typedef SSLErr (*HashClone)(SSLBuffer src, SSLBuffer dest);
-
typedef struct
{ UInt32 contextSize;
UInt32 digestSize;
HashInit init;
HashUpdate update;
HashFinal final;
+ HashClose close;
HashClone clone;
} HashReference;
-extern const HashReference SSLHashNull;
-extern const HashReference SSLHashMD5;
-extern const HashReference SSLHashSHA1;
+/*
+ * TLS extension:
+ * -- new struct HashHmacReference
+ * -- structs which used to use HashReference now use HashHmacReference
+ * -- new union HashHmacContext, used in CipherContext.
+ */
+typedef struct {
+ const HashReference *hash;
+ const HMACReference *hmac;
+} HashHmacReference;
+
+typedef union {
+ SSLBuffer hashCtx;
+ HMACContextRef hmacCtx;
+} HashHmacContext;
+
+/* these are declared in tls_hmac.c */
+extern const HashHmacReference HashHmacNull;
+extern const HashHmacReference HashHmacMD5;
+extern const HashHmacReference HashHmacSHA1;
+
+/*
+ * Hack to avoid circular dependency with tls_ssl.h.
+ */
+struct _SslTlsCallouts;
-#ifdef _APPLE_CDSA_
/*
* All symmetric ciphers go thru CDSA, but we'll keep these callouts for
- * now. The major change here is the inclusion of the CipherContext
+ * now. The major change here from SSLRef3 is the inclusion of the CipherContext
* arg, for alg/mode and key storage.
*/
struct CipherContext;
CipherContext *cipherCtx,
SSLContext *ctx);
-#else
-typedef SSLErr (*SSLKeyFunc)(UInt8 *key, UInt8 *iv, void **cipherRef, SSLContext *ctx);
-typedef SSLErr (*SSLCryptFunc)(SSLBuffer src, SSLBuffer dest, void *cipherRef, SSLContext *ctx);
-typedef SSLErr (*SSLFinishFunc)(void *cipherRef, SSLContext *ctx);
-#endif /* _APPLE_CDSA */
-
typedef enum
{ NotExportable = 0,
Exportable = 1
UInt8 secretKeySize;
UInt8 ivSize;
UInt8 blockSize;
- #ifdef _APPLE_CDSA_
CSSM_ALGORITHMS keyAlg; /* CSSM_ALGID_DES, etc. */
CSSM_ALGORITHMS encrAlg; /* ditto */
CSSM_ENCRYPT_MODE encrMode; /* CSSM_ALGMODE_CBCPadIV8, etc. */
CSSM_PADDING encrPad;
- #endif /* _APPLE_CDSA */
SSLKeyFunc initialize;
SSLCryptFunc encrypt;
SSLCryptFunc decrypt;
#define MAX_DIGEST_SIZE 20 /* SHA digest size = 160 bits */
#define MAX_MAC_PADDING 48 /* MD5 MAC padding size = 48 bytes */
#define MASTER_SECRET_LEN 48 /* master secret = 3 x MD5 hashes concatenated */
-#ifdef __APPLE__
+
/* SSL V2 - mac secret is the size of symmetric key, not digest */
#define MAX_SYMKEY_SIZE 24
-#endif /* __APPLE__ */
typedef enum
{ SSL_NULL_auth,
SSLCipherSuite cipherSpec;
Exportability isExportable;
KeyExchangeMethod keyExchangeMethod;
- const HashReference *macAlgorithm;
+ const HashHmacReference *macAlgorithm;
const SSLSymmetricCipher *cipher;
} SSLCipherSpec;
Contains: HashReference declarations
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
#ifndef _DIGESTS_H_
#define _DIGESTS_H_ 1
+#include "cryptType.h"
+
#ifdef __cplusplus
extern "C" {
#endif
-extern HashReference SSLHashNull;
-extern HashReference SSLHashMD5;
-extern HashReference SSLHashSHA1;
+/*
+ * These numbers show up all over the place...might as well hard code 'em once.
+ */
+#define SSL_MD5_DIGEST_LEN 16
+#define SSL_SHA1_DIGEST_LEN 20
+#define SSL_MAX_DIGEST_LEN 20
+
+extern const HashReference SSLHashNull;
+extern const HashReference SSLHashMD5;
+extern const HashReference SSLHashSHA1;
extern void SSLInitMACPads(void);
extern SSLErr CloneHashState(
const HashReference *ref,
SSLBuffer *state,
SSLContext *ctx);
-
+extern SSLErr CloseHash(
+ const HashReference *ref,
+ SSLBuffer *state,
+ SSLContext *ctx);
#ifdef __cplusplus
}
Contains: convenience header, including public and private parts
of original ssl.h
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
#endif
/*
- * This flags functional changes, within SSLRef3 source, made to
- * accomodate the Apple SecureTransport library.
+ * general Keychain functionality.
*/
-#define _APPLE_CDSA_ 1
+
+#define ST_KEYCHAIN_ENABLE 1
/*
* Work around the Netscape Server Key Exchange bug. When this is
* -- an export-grade ciphersuite has been negotiated, and
* -- an encryptPrivKey is present in the context
*/
-#define SSL_SERVER_KEYEXCH_HACK 1
+#define SSL_SERVER_KEYEXCH_HACK 0
/*
* RSA functions which use a public key to do encryption force
*/
#define APPLE_DOMESTIC_CSP_REQUIRED 1
+/*
+ * CSSM_KEYs obtained from Keychain require a SecKeychainRef to be freed/released.
+ * True on 9, false on X.
+ */
+#define ST_KC_KEYS_NEED_REF 0
+
+/*
+ * Initial bringup of server/keychain on X: the certRefs argument of
+ * SSLSetCertificate() contains one DLDBHandle, not a number of
+ * SecIdentityRefs. The DLDB contains exactly one private key, and a
+ * cert with PrintName which matches that key. Public key is obtained
+ * from the cert. We have to manually attach to the CSPDL in this case.
+ */
+#define ST_FAKE_KEYCHAIN 0
+
+/*
+ * Flags need for manually attaching to CSPDL for configuration which
+ * does not contain a working SecKeychainGetCSPHandle().
+ */
+#define ST_FAKE_GET_CSPDL_HANDLE 0
+
+/*
+ * We manage trusted certs and pass them to the TP.
+ * -- OS 9 - true
+ * -- OS 10, 10.1 - false
+ * -- Jaguar - TBD. SSLSetNewRootKC and SSLSetTrustedRootCertKC deleted for now.
+ */
+#define ST_MANAGES_TRUSTED_ROOTS 0
+
/* debugging flags */
#ifdef NDEBUG
#define SSL_DEBUG 0
#define LOG_VIA_PRINTF 1
#include <stdio.h>
+#include <stdlib.h>
#if !LOG_VIA_PRINTF
/* log handshake messages */
#define LOG_HDSK_MSG 0
-/* log negotiated handshake paramters */
+/* log negotiated handshake parameters */
#define LOG_NEGOTIATE 0
/* log received protocol messsages */
#define LOG_RX_PROTOCOL 0
+/* log resumable session info */
+#define LOG_RESUM_SESSION 0
+
#else /* !SSL_DEBUG - normal build - all flags disabled */
#define LOG_HDSK_STATE 0
-#define LOG_HDSK_MSG 0
+#define LOG_HDSK_MSG 0
#define LOG_NEGOTIATE 0
+#define LOG_RX_PROTOCOL 0
+#define LOG_RESUM_SESSION 0
#endif /* SSL_DEBUG */
#if LOG_HDSK_STATE
#define SSLLogHdskMsg(msg, sent)
#endif /* LOG_HDSK_STATE */
+#if LOG_RESUM_SESSION
+#define SSLLogResumSess(m) printf(m)
+#else
+#define SSLLogResumSess(m)
+#endif /* LOG_RESUM_SESSION */
+
/*
* A crufty little routine to write cert blobs to disk.
* Implemented in appleCdsa.c.
Contains: Apple Keychain routines
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
#include "sslctx.h"
#endif
-#include <CoreFoundation/CFData.h>
-#include <CoreFoundation/CFArray.h>
-
-#if ST_KEYCHAIN_ENABLE
-#include <MacTypes.h>
-#include <Keychain.h>
-#endif /* ST_KEYCHAIN_ENABLE */
-
#ifdef __cplusplus
extern "C" {
#endif
SSLCertificate **destCert, /* &ctx->{localCert,encryptCert} */
CSSM_KEY_PTR *pubKey, /* &ctx->signingPubKey, etc. */
CSSM_KEY_PTR *privKey, /* &ctx->signingPrivKey, etc. */
- CSSM_CSP_HANDLE *cspHand, /* &ctx->signingKeyCsp, etc. */
- KCItemRef *privKeyRef); /* &ctx->signingKeyRef, etc. */
+ CSSM_CSP_HANDLE *cspHand /* &ctx->signingKeyCsp, etc. */
+ #if ST_KC_KEYS_NEED_REF
+ ,
+ SecKeychainRef *privKeyRef); /* &ctx->signingKeyRef, etc. */
+ #else
+ );
+ #endif ST_KC_KEYS_NEED_REF
+
#endif /* (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION) */
/*
addBuiltInCerts (
SSLContextRef ctx);
-#if ST_KEYCHAIN_ENABLE
+#if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS
+
/*
* Given an open Keychain:
* -- Get raw cert data, add to array of CSSM_DATAs in
OSStatus
parseTrustedKeychain(
SSLContextRef ctx,
- KCRef keyChainRef);
+ SecKeychainRef keyChainRef);
/*
* Given a newly encountered root cert (obtained from a peer's cert chain),
SSLContext *ctx,
const CSSM_DATA_PTR rootCert);
-#endif /* ST_KEYCHAIN_ENABLE */
+#endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */
#ifdef __cplusplus
}
} SSLProtocolSide;
typedef enum
-{ SSL_Version_Undetermined = 0,
+{
+ /* These values never appear in the actual protocol */
+ SSL_Version_Undetermined = 0,
SSL_Version_3_0_With_2_0_Hello = 100,
SSL_Version_3_0_Only = 101,
+ TLS_Version_1_0_Only = 202,
+ /* actual protocol values */
SSL_Version_2_0 = 0x0002,
- SSL_Version_3_0 = 0x0300
+ SSL_Version_3_0 = 0x0300,
+ TLS_Version_1_0 = 0x0301 /* TLS 1.0 == SSL 3.1 */
} SSLProtocolVersion;
/*
*/
typedef struct SSLContext SSLContext;
+/*
+ * Some hard-coded constants.
+ */
+
+/* The size of of client- and server-generated random numbers in hello messages. */
+#define SSL_CLIENT_SRVR_RAND_SIZE 32
+
+/* The size of the pre-master and master secrets. */
+#define SSL_RSA_PREMASTER_SECRET_SIZE 48
+#define SSL_MASTER_SECRET_SIZE 48
#ifdef __cplusplus
}
{ alert_close_notify = 0,
alert_unexpected_message = 10,
alert_bad_record_mac = 20,
+ alert_decryption_failed = 21, /* TLS */
+ alert_record_overflow = 22, /* TLS */
alert_decompression_failure = 30,
alert_handshake_failure = 40,
alert_no_certificate = 41,
- alert_bad_certificate = 42,
+ alert_bad_certificate = 42, /* SSLv3 only */
alert_unsupported_certificate = 43,
alert_certificate_revoked = 44,
alert_certificate_expired = 45,
alert_certificate_unknown = 46,
- alert_illegal_parameter = 47
+ alert_illegal_parameter = 47,
+ /* remainder are TLS addenda */
+ alert_unknown_ca = 48,
+ alert_access_denied = 49,
+ alert_decode_error = 50,
+ alert_decrypt_error = 51,
+ alert_export_restriction = 60,
+ alert_protocol_version = 70,
+ alert_insufficient_security = 71,
+ alert_internal_error = 80,
+ alert_user_canceled = 90,
+ alert_no_renegotiation = 100
} AlertDescription;
SSLErr SSLProcessAlert(SSLRecord rec, SSLContext *ctx);
Contains: memory allocator declarations
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
SSLErr SSLFreeBuffer(SSLBuffer *buf, const SystemContext *ctx);
SSLErr SSLReallocBuffer(SSLBuffer *buf, UInt32 newSize, const SystemContext *ctx);
-/*
- * Set up/tear down CF allocators.
- */
-OSStatus cfSetUpAllocators(SSLContext *ctx);
-void cfTearDownAllocators(SSLContext *ctx);
-
/*
* Convenience routines.
*/
UInt8 *sslAllocCopy(const UInt8 *src, UInt32 len);
+SSLErr SSLAllocCopyBuffer(
+ const SSLBuffer *src,
+ SSLBuffer **dst); // buffer itself and data mallocd and returned
+SSLErr SSLCopyBuffer(
+ const SSLBuffer *src,
+ SSLBuffer *dst); // dataÊmallocd and returned
#ifdef __cplusplus
}
#include <Security/SecureTransport.h>
#include "sslBuildFlags.h"
-
-#ifdef _APPLE_CDSA_
-
#include <Security/cssmtype.h>
-#if ST_KEYCHAIN_ENABLE
-#include <Keychain.h>
-#endif /* ST_KEYCHAIN_ENABLE */
-
-#endif /* _APPLE_CDSA_ */
-
-#ifndef _APPLE_CDSA_
-#include "sslalloc.h"
-#endif
-
#include "sslerrs.h"
#include "sslPriv.h"
-
-
-/*
- * These were originally in ssl.h; they're not exposed as client-specified
- * functions here.
- */
-#ifndef _APPLE_CDSA_
-typedef SSLErr (*SSLRandomFunc) (
- SSLBuffer data,
- void *randomRef);
-typedef SSLErr (*SSLTimeFunc) (
- UInt32 *time,
- void *timeRef);
-typedef SSLErr (*SSLConvertTimeFunc) (
- UInt32 *time,
- void *timeRef);
-typedef SSLErr (*SSLAddSessionFunc) (
- SSLBuffer sessionKey,
- SSLBuffer sessionData,
- void *sessionRef);
-typedef SSLErr (*SSLGetSessionFunc) (
- SSLBuffer sessionKey,
- SSLBuffer *sessionData,
- void *sessionRef);
-typedef SSLErr (*SSLDeleteSessionFunc) (
- SSLBuffer sessionKey,
- void *sessionRef);
-typedef SSLErr (*SSLCheckCertificateFunc) (
- int certCount,
- SSLBuffer *derCerts,
- void *checkCertificateRef);
-#endif /* _APPLE_CDSA_ */
+#include "tls_ssl.h"
typedef struct
{ SSLReadFunc read;
struct SystemContext
{
- /* FIXME - this probably goes away; we keep it as a struct due
- * to its pervasive use in calls to SSLAllocBuffer. We have to
- * have *an* element in it for compiler reasons.
+ /*
+ * This struct is a remnant of the original SSLRef implementation; it
+ * held things like caller-provided memory allocator callbacks.
+ * We'll keep the struct (and an instance of it in SSLContext, below)
+ * around in case we want to use it in SSLAllocBuffer and its siblings.
*/
- #ifdef _APPLE_CDSA_
int foo;
- #else
- SSLAllocFunc alloc;
- SSLFreeFunc free;
- SSLReallocFunc realloc;
- void *allocRef;
- SSLTimeFunc time;
- SSLConvertTimeFunc convertTime;
- void *timeRef;
- SSLRandomFunc random;
- void *randomRef;
- #endif /* _APPLE_CDSA_ */
};
typedef struct SystemContext SystemContext;
-typedef struct
-{
- #ifndef _APPLE_CDSA_
- /* these functions are hard-coded */
- SSLAddSessionFunc addSession;
- SSLGetSessionFunc getSession;
- SSLDeleteSessionFunc deleteSession;
- #endif
- void *sessionRef;
-} SessionContext;
-
-#ifndef _APPLE_CDSA_
-/* not used, cert functions via CDSA */
-typedef struct
-{ SSLCheckCertificateFunc checkCertFunc;
- void *checkCertRef;
-} CertificateContext;
-#endif
-
/*
* A carryover from original SSLRef 3.0 - we'll store the DER-encoded
* certs in an SSLCertificate this way for now; there's a lot of code
{
struct SSLCertificate *next;
SSLBuffer derCert;
- #ifndef _APPLE_CDSA_
- /* but not decoded...we never do that! */
- X509Cert cert;
- #endif /* _APPLE_CDSA_ */
} SSLCertificate;
#include "cryptType.h"
+/*
+ * An SSLContext contains four of these - one for each of {read,write} and for
+ * {current, pending}.
+ */
struct CipherContext
-{ const HashReference *hash;
- const SSLSymmetricCipher *symCipher;
-
- #ifdef _APPLE_CDSA_
-
+{
+
+ const HashHmacReference *macRef; /* HMAC (TLS) or digest (SSL) */
+ const SSLSymmetricCipher *symCipher;
+
+ /* this is a context which is reused once per record */
+ HashHmacContext macCtx;
+
/*
* symKey is obtained from the CSP at cspHand. Normally this
* cspHand is the same as ctx->cspHand; some day they might differ.
/* needed in CDSASymmInit */
uint8 encrypting;
- #else
- void *symCipherState;
- #endif /* _APPLE_CDSA_*/
sslUint64 sequenceNum;
uint8 ready;
- #ifdef __APPLE__
+
/* in SSL2 mode, the macSecret is the same size as the
- * cipher key - which is 24 bytes in the 3DDES case. */
+ * cipher key - which is 24 bytes in the 3DES case. */
uint8 macSecret[MAX_SYMKEY_SIZE];
- #else
- uint8 macSecret[MAX_DIGEST_SIZE];
- #endif /* __APPLE__ */
};
/* typedef in cryptType.h */
struct SSLContext
{
/*
- * For _APPLE_CDSA_, SystemContext is empty; we'll leave it in for now
- * 'cause it gets passed around so often for SSLAllocBuffer().
+ * For Apple CDSA version, SystemContext is empty; we'll leave it in for now
+ * because it gets passed around so often for SSLAllocBuffer().
*/
SystemContext sysCtx;
IOContext ioCtx;
- SessionContext sessionCtx;
- #ifndef _APPLE_CDSA_
- CertificateContext certCtx;
- #endif
+ /*
+ * For the first two, SSL_Version_Undetermined means "get the best we
+ * can, up to macProtocolVersion".
+ */
SSLProtocolVersion reqProtocolVersion; /* requested by app */
SSLProtocolVersion negProtocolVersion; /* negotiated */
+ SSLProtocolVersion maxProtocolVersion; /* max allowed by app */
SSLProtocolSide protocolSide;
-
- #ifdef _APPLE_CDSA_
-
+ const struct _SslTlsCallouts *sslTslCalls; /* selects between SSLv3 and TLSv1 */
+
/* crypto state in CDSA-centric terms */
- CSSM_KEY_PTR signingPrivKey; /* our private signing key */
+ CSSM_KEY_PTR signingPrivKey;/* our private signing key */
CSSM_KEY_PTR signingPubKey; /* our public signing key */
CSSM_CSP_HANDLE signingKeyCsp; /* associated DL/CSP */
- #if ST_KEYCHAIN_ENABLE
- KCItemRef signingKeyRef; /* for signingPrivKey */
+ #if ST_KEYCHAIN_ENABLE
+ #if ST_KC_KEYS_NEED_REF
+ SecKeychainRef signingKeyRef; /* for signingPrivKey */
+ #else
+ void *signingKeyRef; /* TBD */
+ #endif /* ST_KC_KEYS_NEED_REF */
#endif
/* this stuff should probably be #if ST_SERVER_MODE_ENABLE.... */
- CSSM_KEY_PTR encryptPrivKey; /* our private encrypt key, for
+ CSSM_KEY_PTR encryptPrivKey;/* our private encrypt key, for
* server-initiated key exchange */
CSSM_KEY_PTR encryptPubKey; /* public version of above */
CSSM_CSP_HANDLE encryptKeyCsp;
#if ST_KEYCHAIN_ENABLE
- /* but we'll just do this so we can compile it */
- KCItemRef encryptKeyRef; /* for encryptPrivKey */
+ #if ST_KC_KEYS_NEED_REF
+ SecKeychainRef encryptKeyRef; /* for signingPrivKey */
+ #else
+ void *encryptKeyRef; /* TBD */
+ #endif /* ST_KC_KEYS_NEED_REF */
#endif /* ST_KEYCHAIN_ENABLE */
CSSM_KEY_PTR peerPubKey;
* Keychain to which newly encountered root certs are attempted
* to be added. AccessCreds untyped for now.
*/
- #if ST_KEYCHAIN_ENABLE
- KCRef newRootCertKc;
+ #if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS
+ SecKeychainRef newRootCertKc;
void *accessCreds;
- #endif /* ST_KEYCHAIN_ENABLE */
+ #endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */
/* for symmetric cipher and RNG */
CSSM_CSP_HANDLE cspHand;
CSSM_TP_HANDLE tpHand;
CSSM_CL_HANDLE clHand;
+ #if ST_FAKE_KEYCHAIN || ST_FAKE_GET_CSPDL_HANDLE
+ /* we manually attach to this for now; eventually we get it from KC */
+ CSSM_CSP_HANDLE cspDlHand;
+ #endif
+
/* FIXME - how will we represent this? */
void *dhAnonParams;
void *peerDHParams;
- /* context and allocator for CF */
- CFAllocatorRef cfAllocatorRef;
- CFAllocatorContext lCFAllocatorContext;
-
Boolean allowExpiredCerts;
- #else
- /* from SSLRef 3.0 */
- SSLRSAPrivateKey localKey;
- SSLRSAPrivateKey exportKey;
- SSLCertificate *localCert;
- SSLCertificate *peerCert;
- SSLRSAPublicKey peerKey;
- SSLDHParams dhAnonParams;
- SSLDHParams peerDHParams;
- #endif _APPLE_CDSA_
-
SSLBuffer sessionID;
SSLBuffer dhPeerPublic;
SSLBuffer peerID;
SSLBuffer resumableSession;
+ char *peerDomainName;
+ UInt32 peerDomainNameLen;
+
CipherContext readCipher;
CipherContext writeCipher;
CipherContext readPending;
uint16 selectedCipher; /* currently selected */
const SSLCipherSpec *selectedCipherSpec; /* ditto */
- SSLCipherSpec *validCipherSpecs; /* context's valid specs */
+ SSLCipherSpec *validCipherSpecs; /* context's valid specs */
unsigned numValidCipherSpecs; /* size of validCipherSpecs */
SSLHandshakeState state;
- #ifdef _APPLE_CDSA_
#if ST_SERVER_MODE_ENABLE
SSLAuthenticate clientAuth; /* kNeverAuthenticate, etc. */
Boolean tryClientAuth;
#endif /* ST_SERVER_MODE_ENABLE */
- #else
- int requestClientCert;
- #endif
int certRequested;
int certSent;
int certReceived;
int x509Requested;
DNListElem *acceptableDNList;
- uint8 clientRandom[32];
- uint8 serverRandom[32];
+ uint8 clientRandom[SSL_CLIENT_SRVR_RAND_SIZE];
+ uint8 serverRandom[SSL_CLIENT_SRVR_RAND_SIZE];
SSLBuffer preMasterSecret;
uint8 masterSecret[48];
+ /* running digests of all handshake messages */
SSLBuffer shaState, md5State;
SSLBuffer fragmentedMessageCache;
SSLBuffer receivedDataBuffer;
uint32 receivedDataPos;
- #ifdef _APPLE_CDSA_
Boolean allowAnyRoot; // don't require known roots
#if SSL_DEBUG
char *rootCertName; // if non-null, write root cert here
#endif /* SSL_DEBUG */
- #endif /* _APPLE_CDSA_ */
};
/** hdskkeys.c **/
SSLErr SSLEncodeRSAPremasterSecret(SSLContext *ctx);
SSLErr SSLEncodeDHPremasterSecret(SSLContext *ctx);
-SSLErr SSLCalculateMasterSecret(SSLContext *ctx);
SSLErr SSLInitPendingCiphers(SSLContext *ctx);
-#ifdef _APPLE_CDSA_
-/* FIXME - TBD */
-SSLErr ReadyRandom(void *randCtx, SSLContext *ctx);
-#else
-SSLErr ReadyRandom(SSLRandomCtx *rsaRandom, SSLContext *ctx);
-#endif
#endif /* _SSLHDSHK_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: sslmd5.h
-
- Contains: public API to low-level MD5 module
-
- Written by: Doug Mitchell, based on Netscape RSARef 3.0, based on RSA code
-
- Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
-
-*/
-/* MD5.H - header file for MD5C.C
- */
-
-/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
-rights reserved.
-
-License to copy and use this software is granted provided that it
-is identified as the "RSA Data Security, Inc. MD5 Message-Digest
-Algorithm" in all material mentioning or referencing this software
-or this function.
-
-License is also granted to make and use derivative works provided
-that such works are identified as "derived from the RSA Data
-Security, Inc. MD5 Message-Digest Algorithm" in all material
-mentioning or referencing the derived work.
-
-RSA Data Security, Inc. makes no representations concerning either
-the merchantability of this software or the suitability of this
-software for any particular purpose. It is provided "as is"
-without express or implied warranty of any kind.
-
-These notices must be retained in any copies of any part of this
-documentation and/or software.
- */
-
-#ifndef _SSL_MD5_H_
-#define _SSL_MD5_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* these are from aglobal.h, which we really don't want to compile against */
-typedef unsigned long int UINT4;
-#define PROTO_LIST(x) x
-typedef unsigned char *POINTER;
-
-/* MD5 context. */
-typedef struct {
- UINT4 state[4]; /* state (ABCD) */
- UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
- unsigned char buffer[64]; /* input buffer */
-} MD5_CTX;
-
-void SSLMD5Init PROTO_LIST ((MD5_CTX *));
-void SSLMD5Update PROTO_LIST
- ((MD5_CTX *, const unsigned char *, unsigned int));
-void SSLMD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _SSL_MD5_H_ */
#define DEFAULT_BUFFER_SIZE 4096
SSLErr SSLReadRecord(SSLRecord *rec, SSLContext *ctx);
-SSLErr SSLWriteRecord(SSLRecord rec, SSLContext *ctx);
+
+SSLErr SSLVerifyMac(
+ UInt8 type,
+ SSLBuffer data,
+ UInt8 *compareMAC,
+ SSLContext *ctx);
#endif /* _SSLREC_H_ */
#define SSL_SESSION_ID_LEN 16 /* 16 <= SSL_SESSION_ID_LEN <= 32 */
-SSLErr SSLAddSessionID(const SSLContext *ctx);
-SSLErr SSLGetSessionID(SSLBuffer *sessionData, const SSLContext *ctx);
-SSLErr SSLDeleteSessionID(const SSLContext *ctx);
-SSLErr SSLRetrieveSessionIDIdentifier(
+SSLErr SSLAddSessionData(const SSLContext *ctx);
+SSLErr SSLGetSessionData(SSLBuffer *sessionData, const SSLContext *ctx);
+SSLErr SSLDeleteSessionData(const SSLContext *ctx);
+SSLErr SSLRetrieveSessionID(
const SSLBuffer sessionData,
SSLBuffer *identifier,
const SSLContext *ctx);
-SSLErr SSLRetrieveSessionIDProtocolVersion(
- const SSLBuffer sessionID,
+SSLErr SSLRetrieveSessionProtocolVersion(
+ const SSLBuffer sessionData,
SSLProtocolVersion *version,
const SSLContext *ctx);
-SSLErr SSLInstallSessionID(const SSLBuffer sessionData, SSLContext *ctx);
+SSLErr SSLInstallSessionFromData(const SSLBuffer sessionData, SSLContext *ctx);
#endif /* _SSLSESS_H_ */
UInt32 SSLDecodeInt(const unsigned char *p, int length);
unsigned char *SSLEncodeInt(unsigned char *p, UInt32 value, int length);
+UInt8* SSLEncodeUInt64(UInt8 *p, sslUint64 value);
void IncrementUInt64(sslUint64 *v);
UInt32 SSLGetCertificateChainLength(const SSLCertificate *c);
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-#ifndef SHA_H
-#define SHA_H
-
-/* NIST Secure Hash Algorithm */
-/* heavily modified from Peter C. Gutmann's implementation */
-
-/* Useful defines & typedefs */
-
-/* Possibly an unreasonable assumption, but it works */
-#ifdef WIN32
-#define LITTLE_ENDIAN 1
-#endif
-
-typedef unsigned char BYTE;
-typedef unsigned long LONG;
-
-#define SHA_BLOCKSIZE 64
-#define SHA_DIGESTSIZE 20
-
-typedef struct {
- LONG digest[5]; /* message digest */
- LONG count_lo, count_hi; /* 64-bit bit count */
- LONG data[16]; /* SHA data buffer */
-} SHA_INFO;
-
-void sha_init(SHA_INFO *);
-void sha_update(SHA_INFO *, BYTE *, int);
-void sha_final(SHA_INFO *);
-
-void sha_stream(SHA_INFO *, FILE *);
-void sha_print(SHA_INFO *);
-
-#define USE_MODIFIED_SHA 1
-
-#endif /* SHA_H */
Contains: CDSA-based symmetric cipher module
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: tls_hmac.h
+
+ Contains: Declarations of HMAC routines used by TLS
+
+ Written by: Doug Mitchell
+*/
+
+#ifndef _TLS_HMAC_H_
+#define _TLS_HMAC_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "ssl.h"
+#include "sslPriv.h"
+//#include "sslctx.h"
+#include "sslerrs.h"
+
+/* forward declaration of HMAC object */
+struct HMACReference;
+
+/* Opaque reference to an HMAC session context */
+struct HMACContext;
+typedef struct HMACContext *HMACContextRef;
+
+/* The HMAC algorithms we support */
+typedef enum {
+ HA_Null = 0, // i.e., uninitialized
+ HA_SHA1,
+ HA_MD5
+} HMAC_Algs;
+
+/* For convenience..the max size of HMAC, in bytes, this module will ever return */
+#define TLS_HMAC_MAX_SIZE 20
+
+/* Create an HMAC session */
+typedef SSLErr (*HMAC_AllocFcn) (
+ const struct HMACReference *hmac,
+ SSLContext *ctx,
+ const void *keyPtr,
+ unsigned keyLen,
+ HMACContextRef *hmacCtx); // RETURNED
+
+/* Free a session */
+typedef SSLErr (*HMAC_FreeFcn) (
+ HMACContextRef hmacCtx);
+
+/* Reusable init, using same key */
+typedef SSLErr (*HMAC_InitFcn) (
+ HMACContextRef hmacCtx);
+
+/* normal crypt ops */
+typedef SSLErr (*HMAC_UpdateFcn) (
+ HMACContextRef hmacCtx,
+ const void *data,
+ unsigned dataLen);
+
+typedef SSLErr (*HMAC_FinalFcn) (
+ HMACContextRef hmacCtx,
+ void *hmac, // mallocd by caller
+ unsigned *hmacLen); // IN/OUT
+
+/* one-shot */
+typedef SSLErr (*HMAC_HmacFcn) (
+ HMACContextRef hmacCtx,
+ const void *data,
+ unsigned dataLen,
+ void *hmac, // mallocd by caller
+ unsigned *hmacLen); // IN/OUT
+
+typedef struct HMACReference {
+ UInt32 macSize;
+ HMAC_Algs alg;
+ HMAC_AllocFcn alloc;
+ HMAC_FreeFcn free;
+ HMAC_InitFcn init;
+ HMAC_UpdateFcn update;
+ HMAC_FinalFcn final;
+ HMAC_HmacFcn hmac;
+} HMACReference;
+
+extern const HMACReference TlsHmacNull;
+extern const HMACReference TlsHmacSHA1;
+extern const HMACReference TlsHmacMD5;
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* _TLS_HMAC_H_ */
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: tls_ssl.h
+
+ Contains: Declarations of callout struct to provide indirect calls to
+ SSLv3 and TLS routines.
+
+ Written by: Doug Mitchell
+*/
+
+#ifndef _TLS_SSL_H_
+#define _TLS_SSL_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "ssl.h"
+#include "sslPriv.h"
+#include "sslctx.h"
+#include "sslrec.h"
+#include "cryptType.h"
+
+/***
+ *** Each of {TLS, SSLv3} implements each of these functions.
+ ***/
+
+/* unpack, decrypt, validate one record */
+typedef SSLErr (*decryptRecordFcn) (
+ UInt8 type,
+ SSLBuffer *payload,
+ SSLContext *ctx);
+
+/* pack, encrypt, mac, queue one outgoing record */
+typedef SSLErr (*writeRecordFcn) (
+ SSLRecord rec,
+ SSLContext *ctx);
+
+/* initialize a per-CipherContext HashHmacContext for use in MACing each record */
+typedef SSLErr (*initMacFcn) (
+ CipherContext *cipherCtx, // macRef, macSecret valid on entry
+ // macCtx valid on return
+ SSLContext *ctx);
+
+/* free per-CipherContext HashHmacContext */
+typedef SSLErr (*freeMacFcn) (
+ CipherContext *cipherCtx);
+
+/* compute MAC on one record */
+typedef SSLErr (*computeMacFcn) (
+ UInt8 type,
+ SSLBuffer data,
+ SSLBuffer mac, // caller mallocs data
+ CipherContext *cipherCtx, // assumes macCtx, macRef
+ sslUint64 seqNo,
+ SSLContext *ctx);
+
+typedef SSLErr (*generateKeyMaterialFcn) (
+ SSLBuffer key, // caller mallocs and specifies length of
+ // required key material here
+ SSLContext *ctx);
+
+typedef SSLErr (*generateExportKeyAndIvFcn) (
+ SSLContext *ctx, // clientRandom, serverRandom valid
+ const SSLBuffer clientWriteKey,
+ const SSLBuffer serverWriteKey,
+ SSLBuffer finalClientWriteKey, // RETURNED, mallocd by caller
+ SSLBuffer finalServerWriteKey, // RETURNED, mallocd by caller
+ SSLBuffer finalClientIV, // RETURNED, mallocd by caller
+ SSLBuffer finalServerIV); // RETURNED, mallocd by caller
+
+/*
+ * On entry: clientRandom, serverRandom, preMasterSecret valid
+ * On return: masterSecret valid
+ */
+typedef SSLErr (*generateMasterSecretFcn) (
+ SSLContext *ctx);
+
+typedef SSLErr (*computeFinishedMacFcn) (
+ SSLContext *ctx,
+ SSLBuffer finished, // output - mallocd by caller
+ SSLBuffer shaMsgState, // clone of running digest of all handshake msgs
+ SSLBuffer md5MsgState, // ditto
+ Boolean isServer);
+
+typedef SSLErr (*computeCertVfyMacFcn) (
+ SSLContext *ctx,
+ SSLBuffer finished, // output - mallocd by caller
+ SSLBuffer shaMsgState, // clone of running digest of all handshake msgs
+ SSLBuffer md5MsgState); // ditto
+
+typedef struct _SslTlsCallouts {
+ decryptRecordFcn decryptRecord;
+ writeRecordFcn writeRecord;
+ initMacFcn initMac;
+ freeMacFcn freeMac;
+ computeMacFcn computeMac;
+ generateKeyMaterialFcn generateKeyMaterial;
+ generateExportKeyAndIvFcn generateExportKeyAndIv;
+ generateMasterSecretFcn generateMasterSecret;
+ computeFinishedMacFcn computeFinishedMac;
+ computeCertVfyMacFcn computeCertVfyMac;
+} SslTlsCallouts;
+
+/* From ssl3Callouts.c and tls1Callouts.c */
+extern const SslTlsCallouts Ssl3Callouts;
+extern const SslTlsCallouts Tls1Callouts;
+
+/* one callout routine used in common (for now) */
+SSLErr ssl3WriteRecord(
+ SSLRecord rec,
+ SSLContext *ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _TLS_SSL_H_ */
_SSLGetProtocolVersion
_SSLSetConnection
_SSLGetNegotiatedProtocolVersion
-_SSLSetExportable
-_SSLGetExportable
-_SSLSetAllowExpiredCerts
-_SSLGetAllowExpiredCerts
-_SSLSetAllowAnyRoot
-_SSLGetAllowAnyRoot
+_SSLSetAllowsExpiredCerts
+_SSLGetAllowsExpiredCerts
+_SSLSetAllowsAnyRoot
+_SSLGetAllowsAnyRoot
_SSLGetPeerCertificates
_SSLSetPeerID
_SSLGetNegotiatedCipher
MacOSError::check(SSLSetEnabledCiphers(mContext, ciphers, numCiphers));
}
-bool SecureTransportCore::allowExpiredCerts() const
+bool SecureTransportCore::allowsExpiredCerts() const
{
Boolean allow;
- MacOSError::check(SSLGetAllowExpiredCerts(mContext, &allow));
+ MacOSError::check(SSLGetAllowsExpiredCerts(mContext, &allow));
return allow;
}
-void SecureTransportCore::allowExpiredCerts(bool allow)
+void SecureTransportCore::allowsExpiredCerts(bool allow)
{
- MacOSError::check(SSLSetAllowExpiredCerts(mContext, allow));
+ MacOSError::check(SSLSetAllowsExpiredCerts(mContext, allow));
}
-bool SecureTransportCore::allowUnknownRoots() const
+bool SecureTransportCore::allowsUnknownRoots() const
{
Boolean allow;
- MacOSError::check(SSLGetAllowAnyRoot(mContext, &allow));
+ MacOSError::check(SSLGetAllowsAnyRoot(mContext, &allow));
return allow;
}
-void SecureTransportCore::allowUnknownRoots(bool allow)
+void SecureTransportCore::allowsUnknownRoots(bool allow)
{
- MacOSError::check(SSLSetAllowAnyRoot(mContext, allow));
+ MacOSError::check(SSLSetAllowsAnyRoot(mContext, allow));
+}
+
+void SecureTransportCore::peerId(const void *id, size_t length)
+{
+ MacOSError::check(SSLSetPeerID(mContext, id, length));
}
return errSSLClosedGraceful;
} else
return errSSLWouldBlock;
- } catch (UnixError &err) {
+ } catch (const UnixError &err) {
*length = 0;
if (err.error == ECONNRESET)
return errSSLClosedGraceful;
throw;
- } catch (CssmCommonError &err) {
+ } catch (const CssmCommonError &err) {
*length = 0;
return err.osStatus();
} catch (...) {
size_t lengthRequested = *length;
*length = stc->ioWrite(data, lengthRequested);
debug("sslconio", "%p wrote %ld of %ld bytes", stc, *length, lengthRequested);
- return *length == lengthRequested ? noErr : errSSLWouldBlock;
- } catch (CssmCommonError &err) {
+ return *length == lengthRequested ? OSStatus(noErr) : OSStatus(errSSLWouldBlock);
+ } catch (const CssmCommonError &err) {
*length = 0;
return err.osStatus();
} catch (...) {
void version(SSLProtocol v);
UInt32 numSupportedCiphers() const;
- void supportedCiphers(SSLCipherSuite *ciphers, UInt32 &numCiphers) const;
+ void supportedCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const;
UInt32 numEnabledCiphers() const;
- void enabledCiphers(SSLCipherSuite *ciphers, UInt32 &numCiphers) const; // get
- void enabledCiphers(SSLCipherSuite *ciphers, UInt32 numCiphers); // set
+ void enabledCiphers(SSLCipherSuite *ciphers, size_t &numCiphers) const; // get
+ void enabledCiphers(SSLCipherSuite *ciphers, size_t numCiphers); // set
- bool allowExpiredCerts() const;
- void allowExpiredCerts(bool allow);
+ bool allowsExpiredCerts() const;
+ void allowsExpiredCerts(bool allow);
- bool allowUnknownRoots() const;
- void allowUnknownRoots(bool allow);
+ bool allowsUnknownRoots() const;
+ void allowsUnknownRoots(bool allow);
+
+ void peerId(const void *data, size_t length);
+ template <class T> void peerId(const T &obj) { peerId(&obj, sizeof(obj)); }
size_t read(void *data, size_t length);
size_t write(const void *data, size_t length);
virtual bool ioAtEnd() const = 0;
private:
- static OSStatus sslReadFunc(SSLConnectionRef, void *, UInt32 *);
- static OSStatus sslWriteFunc(SSLConnectionRef, const void *, UInt32 *);
+ static OSStatus sslReadFunc(SSLConnectionRef, void *, size_t *);
+ static OSStatus sslWriteFunc(SSLConnectionRef, const void *, size_t *);
bool continueHandshake();
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* NIST Secure Hash Algorithm */
-/* heavily modified by Uwe Hollerbach uh@alumni.caltech edu */
-/* from Peter C. Gutmann's implementation as found in */
-/* Applied Cryptography by Bruce Schneier */
-
-/* NIST's proposed modification to SHA of 7/11/94 may be */
-/* activated by defining USE_MODIFIED_SHA */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include "st_sha.h"
-
-/* SHA f()-functions */
-
-#define f1(x,y,z) ((x & y) | (~x & z))
-#define f2(x,y,z) (x ^ y ^ z)
-#define f3(x,y,z) ((x & y) | (x & z) | (y & z))
-#define f4(x,y,z) (x ^ y ^ z)
-
-/* SHA constants */
-
-#define CONST1 0x5a827999L
-#define CONST2 0x6ed9eba1L
-#define CONST3 0x8f1bbcdcL
-#define CONST4 0xca62c1d6L
-
-/* 32-bit rotate */
-
-#define ROT32(x,n) ((x << n) | (x >> (32 - n)))
-
-#define FUNC(n,i) \
- temp = ROT32(A,5) + f##n(B,C,D) + E + W[i] + CONST##n; \
- E = D; D = C; C = ROT32(B,30); B = A; A = temp
-
-/* do SHA transformation */
-
-static void sha_transform(SHA_INFO *sha_info)
-{
- int i;
- LONG temp, A, B, C, D, E, W[80];
-
- for (i = 0; i < 16; ++i) {
- W[i] = sha_info->data[i];
- }
- for (i = 16; i < 80; ++i) {
- W[i] = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16];
-#ifdef USE_MODIFIED_SHA
- W[i] = ROT32(W[i], 1);
-#endif /* USE_MODIFIED_SHA */
- }
- A = sha_info->digest[0];
- B = sha_info->digest[1];
- C = sha_info->digest[2];
- D = sha_info->digest[3];
- E = sha_info->digest[4];
-#ifdef UNROLL_LOOPS
- FUNC(1, 0); FUNC(1, 1); FUNC(1, 2); FUNC(1, 3); FUNC(1, 4);
- FUNC(1, 5); FUNC(1, 6); FUNC(1, 7); FUNC(1, 8); FUNC(1, 9);
- FUNC(1,10); FUNC(1,11); FUNC(1,12); FUNC(1,13); FUNC(1,14);
- FUNC(1,15); FUNC(1,16); FUNC(1,17); FUNC(1,18); FUNC(1,19);
-
- FUNC(2,20); FUNC(2,21); FUNC(2,22); FUNC(2,23); FUNC(2,24);
- FUNC(2,25); FUNC(2,26); FUNC(2,27); FUNC(2,28); FUNC(2,29);
- FUNC(2,30); FUNC(2,31); FUNC(2,32); FUNC(2,33); FUNC(2,34);
- FUNC(2,35); FUNC(2,36); FUNC(2,37); FUNC(2,38); FUNC(2,39);
-
- FUNC(3,40); FUNC(3,41); FUNC(3,42); FUNC(3,43); FUNC(3,44);
- FUNC(3,45); FUNC(3,46); FUNC(3,47); FUNC(3,48); FUNC(3,49);
- FUNC(3,50); FUNC(3,51); FUNC(3,52); FUNC(3,53); FUNC(3,54);
- FUNC(3,55); FUNC(3,56); FUNC(3,57); FUNC(3,58); FUNC(3,59);
-
- FUNC(4,60); FUNC(4,61); FUNC(4,62); FUNC(4,63); FUNC(4,64);
- FUNC(4,65); FUNC(4,66); FUNC(4,67); FUNC(4,68); FUNC(4,69);
- FUNC(4,70); FUNC(4,71); FUNC(4,72); FUNC(4,73); FUNC(4,74);
- FUNC(4,75); FUNC(4,76); FUNC(4,77); FUNC(4,78); FUNC(4,79);
-#else /* !UNROLL_LOOPS */
- for (i = 0; i < 20; ++i) {
- FUNC(1,i);
- }
- for (i = 20; i < 40; ++i) {
- FUNC(2,i);
- }
- for (i = 40; i < 60; ++i) {
- FUNC(3,i);
- }
- for (i = 60; i < 80; ++i) {
- FUNC(4,i);
- }
-#endif /* !UNROLL_LOOPS */
- sha_info->digest[0] += A;
- sha_info->digest[1] += B;
- sha_info->digest[2] += C;
- sha_info->digest[3] += D;
- sha_info->digest[4] += E;
-}
-
-/* HACK: OS X #defines LITTLE_ENDIAN (to 1234) in many places.... */
-#ifdef __APPLE__
-#undef LITTLE_ENDIAN
-#endif
-/* end hack */
-
-#ifdef LITTLE_ENDIAN
-
-/* change endianness of data */
-
-static void byte_reverse(LONG *buffer, int count)
-{
- int i;
- BYTE ct[4], *cp;
-
- count /= sizeof(LONG);
- cp = (BYTE *) buffer;
- for (i = 0; i < count; ++i) {
- ct[0] = cp[0];
- ct[1] = cp[1];
- ct[2] = cp[2];
- ct[3] = cp[3];
- cp[0] = ct[3];
- cp[1] = ct[2];
- cp[2] = ct[1];
- cp[3] = ct[0];
- cp += sizeof(LONG);
- }
-}
-
-#endif /* LITTLE_ENDIAN */
-
-/* initialize the SHA digest */
-
-void sha_init(SHA_INFO *sha_info)
-{
- sha_info->digest[0] = 0x67452301L;
- sha_info->digest[1] = 0xefcdab89L;
- sha_info->digest[2] = 0x98badcfeL;
- sha_info->digest[3] = 0x10325476L;
- sha_info->digest[4] = 0xc3d2e1f0L;
- sha_info->count_lo = 0L;
- sha_info->count_hi = 0L;
-}
-
-/* update the SHA digest */
-
-void sha_update(SHA_INFO *sha_info, BYTE *buffer, int count)
-{
- if ((sha_info->count_lo + ((LONG) count << 3)) < sha_info->count_lo) {
- ++sha_info->count_hi;
- }
- sha_info->count_lo += (LONG) count << 3;
- sha_info->count_hi += (LONG) count >> 29;
- while (count >= SHA_BLOCKSIZE) {
- memcpy(sha_info->data, buffer, SHA_BLOCKSIZE);
-#ifdef LITTLE_ENDIAN
- byte_reverse(sha_info->data, SHA_BLOCKSIZE);
-#endif /* LITTLE_ENDIAN */
- sha_transform(sha_info);
- buffer += SHA_BLOCKSIZE;
- count -= SHA_BLOCKSIZE;
- }
- memcpy(sha_info->data, buffer, count);
-}
-
-/* finish computing the SHA digest */
-
-void sha_final(SHA_INFO *sha_info)
-{
- int count;
- LONG lo_bit_count, hi_bit_count;
-
- lo_bit_count = sha_info->count_lo;
- hi_bit_count = sha_info->count_hi;
- count = (int) ((lo_bit_count >> 3) & 0x3f);
- ((BYTE *) sha_info->data)[count++] = 0x80;
- if (count > 56) {
- memset((BYTE *) &sha_info->data + count, 0, 64 - count);
-#ifdef LITTLE_ENDIAN
- byte_reverse(sha_info->data, SHA_BLOCKSIZE);
-#endif /* LITTLE_ENDIAN */
- sha_transform(sha_info);
- memset(&sha_info->data, 0, 56);
- } else {
- memset((BYTE *) &sha_info->data + count, 0, 56 - count);
- }
-#ifdef LITTLE_ENDIAN
- byte_reverse(sha_info->data, SHA_BLOCKSIZE);
-#endif /* LITTLE_ENDIAN */
- sha_info->data[14] = hi_bit_count;
- sha_info->data[15] = lo_bit_count;
- sha_transform(sha_info);
-#ifdef LITTLE_ENDIAN
- byte_reverse(sha_info->digest, SHA_DIGESTSIZE);
-#endif /* LITTLE_ENDIAN */
-}
-
-/* compute the SHA digest of a FILE stream */
-
-#define BLOCK_SIZE 8192
-
-void sha_stream(SHA_INFO *sha_info, FILE *fin)
-{
- int i;
- BYTE data[BLOCK_SIZE];
-
- sha_init(sha_info);
- while ((i = fread(data, 1, BLOCK_SIZE, fin)) > 0) {
- sha_update(sha_info, data, i);
- }
- sha_final(sha_info);
-}
-
-/* print a SHA digest */
-
-void sha_print(SHA_INFO *sha_info)
-{
- printf("%08lx %08lx %08lx %08lx %08lx\n",
- sha_info->digest[0], sha_info->digest[1], sha_info->digest[2],
- sha_info->digest[3], sha_info->digest[4]);
-}
#endif
#include <string.h>
+#include <assert.h>
SSLErr
SSL2ProcessClientHello(SSLBuffer msg, SSLContext *ctx)
progress = msg.data;
version = (SSLProtocolVersion)SSLDecodeInt(progress, 2);
- /* FIXME - ensure client isn't slipping under a SSL_Version_3_0_Only spec... */
+ if (version > ctx->maxProtocolVersion) {
+ version = ctx->maxProtocolVersion;
+ }
+ /* FIXME - I think this needs work for a SSL_Version_2_0 server, to ensure that
+ * the client isn't establishing a v3 session. */
if (ctx->negProtocolVersion == SSL_Version_Undetermined)
- { if (version > SSL_Version_3_0)
- version = SSL_Version_3_0;
+ {
#if LOG_NEGOTIATE
dprintf1("===SSL2 server: negVersion was undetermined; is %s\n",
protocolVersStr(version));
#endif
ctx->negProtocolVersion = version;
+ if(version >= TLS_Version_1_0) {
+ ctx->sslTslCalls = &Tls1Callouts;
+ }
+ else {
+ /* default from context init */
+ assert(ctx->sslTslCalls == &Ssl3Callouts);
+ }
}
else if (ctx->negProtocolVersion == SSL_Version_3_0_With_2_0_Hello)
{ if (version < SSL_Version_3_0) {
errorLog0("SSL2ProcessClientHello: version error\n");
return ERR(SSLProtocolErr);
}
+ /* FIXME - I don't think path is ever taken - we NEVER set any
+ * protocol var to SSL_Version_3_0_With_2_0_Hello... */
#if LOG_NEGOTIATE
dprintf0("===SSL2 server: negVersion was 3_0_With_2_0_Hello; is 3_0\n");
#endif
- ctx->negProtocolVersion = SSL_Version_3_0;
+ ctx->negProtocolVersion = version;
}
progress += 2;
cipherList = progress;
selectedCipher = SSL_NO_SUCH_CIPHERSUITE;
- if (ctx->negProtocolVersion == SSL_Version_3_0) /* If we're negotiating an SSL 3.0 session, use SSL 3.0 suites first */
- { for (i = 0; i < cipherKindCount; i++)
- { cipherKind = (SSL2CipherKind)SSLDecodeInt(progress, 3);
+ if (ctx->negProtocolVersion >= SSL_Version_3_0) {
+ /* If we're negotiating an SSL 3.0 session, use SSL 3.0 suites first */
+ for (i = 0; i < cipherKindCount; i++) {
+ cipherKind = (SSL2CipherKind)SSLDecodeInt(progress, 3);
progress += 3;
if (selectedCipher != SSL_NO_SUCH_CIPHERSUITE)
continue;
if ((((UInt32)cipherKind) & 0xFF0000) != 0)
continue; /* Skip SSL 2 suites */
matchingCipher = (SSLCipherSuite)((UInt32)cipherKind & 0x00FFFF);
- for (j = 0; j<ctx->numValidCipherSpecs; j++)
- if (ctx->validCipherSpecs[j].cipherSpec == matchingCipher)
- { selectedCipher = matchingCipher;
+ for (j = 0; j<ctx->numValidCipherSpecs; j++) {
+ if (ctx->validCipherSpecs[j].cipherSpec == matchingCipher) {
+ selectedCipher = matchingCipher;
break;
}
- }
- }
-
- progress = cipherList;
- for (i = 0; i < cipherKindCount; i++)
- { cipherKind = (SSL2CipherKind)SSLDecodeInt(progress, 3);
- progress += 3;
- if (selectedCipher == SSL_NO_SUCH_CIPHERSUITE) /* After we find one, just keep advancing progress past the unused ones */
- { if ((((UInt32)cipherKind) & 0xFF0000) != 0) /* If it's a real SSL2 spec, look for it in the list */
- { matchingCipher = SSL_NO_SUCH_CIPHERSUITE;
- for (j = 0; j < SSL2CipherMapCount; j++)
- if (cipherKind == SSL2CipherMap[j].cipherKind)
- { matchingCipher = SSL2CipherMap[j].cipherSuite;
- break;
- }
- }
- else /* if the first byte is zero, it's an encoded SSL 3 CipherSuite */
- matchingCipher = (SSLCipherSuite)((UInt32)cipherKind & 0x00FFFF);
- if (matchingCipher != SSL_NO_SUCH_CIPHERSUITE)
- for (j = 0; j < ctx->numValidCipherSpecs; j++)
- if (ctx->validCipherSpecs[j].cipherSpec == matchingCipher)
- { selectedCipher = matchingCipher;
- break;
- }
- }
- }
+ } /* searching thru all our valid ciphers */
+ } /* for each client cipher */
+ } /* v3 or greater */
+
+ if(selectedCipher == SSL_NO_SUCH_CIPHERSUITE) {
+ /* try again using SSL2 ciphers only */
+ progress = cipherList;
+ for (i = 0; i < cipherKindCount; i++) {
+ cipherKind = (SSL2CipherKind)SSLDecodeInt(progress, 3);
+ progress += 3;
+ if (selectedCipher == SSL_NO_SUCH_CIPHERSUITE) {
+ /* After we find one, just keep advancing progress past
+ * the unused ones */
+ if ((((UInt32)cipherKind) & 0xFF0000) != 0) {
+ /* If it's a real SSL2 spec, look for it in the list */
+ matchingCipher = SSL_NO_SUCH_CIPHERSUITE;
+ for (j = 0; j < SSL2CipherMapCount; j++) {
+ if (cipherKind == SSL2CipherMap[j].cipherKind) {
+ matchingCipher = SSL2CipherMap[j].cipherSuite;
+ break;
+ }
+ }
+ } /* real 3-byte SSL2 suite */
+ else {
+ /* if the first byte is zero, it's an encoded SSL 3 CipherSuite */
+ matchingCipher = (SSLCipherSuite)((UInt32)cipherKind & 0x00FFFF);
+ /*
+ * One more restriction - if we've negotiated a v2 session,
+ * ignore this matching cipher if it's not in the SSL2 map.
+ */
+ if(ctx->negProtocolVersion < SSL_Version_3_0) {
+ int isInMap = 0;
+ for (j = 0; j < SSL2CipherMapCount; j++) {
+ if (matchingCipher == SSL2CipherMap[j].cipherSuite) {
+ isInMap = 1;
+ break;
+ }
+ }
+ if(!isInMap) {
+ /* Sorry, no can do */
+ matchingCipher = SSL_NO_SUCH_CIPHERSUITE;
+ }
+ } /* SSL2 check */
+ } /* two-byte suite */
+
+ /* now see if we are enabled for this cipher */
+ if (matchingCipher != SSL_NO_SUCH_CIPHERSUITE) {
+ for (j = 0; j < ctx->numValidCipherSpecs; j++) {
+ if (ctx->validCipherSpecs[j].cipherSpec == matchingCipher) {
+ selectedCipher = matchingCipher;
+ break;
+ }
+ }
+ }
+ } /* not ignoring this suite */
+ } /* for each suite in the hello msg */
+ } /* not found in SSL3 ciphersuites */
+
if (selectedCipher == SSL_NO_SUCH_CIPHERSUITE)
return ERR(SSLNegotiationErr);
progress += sessionIDLen;
ctx->ssl2ChallengeLength = challengeLen;
- memset(ctx->clientRandom, 0, 32);
- memcpy(ctx->clientRandom+32 - challengeLen, progress, challengeLen);
+ memset(ctx->clientRandom, 0, SSL_CLIENT_SRVR_RAND_SIZE);
+ memcpy(ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE - challengeLen,
+ progress, challengeLen);
progress += challengeLen;
CASSERT(progress == msg.data + msg.length);
return SSLNoErr;
}
+/*
+ * The SSL v2 spec says that the challenge string sent by the client can be
+ * between 16 and 32 bytes. However all Netscape enterprise servers actually
+ * require a 16 byte challenge. Q.v. cdnow.com, store.apple.com.
+ * Unfortunately this means that when we're trying to do a
+ * SSL_Version_3_0_With_2_0_Hello negotiation, we have to limit ourself to
+ * a 16-byte clientRandom, which we have to concatenate to 16 bytes of
+ * zeroes if we end up with a 3.0 or 3.1 connection. Thus we lose 16 bytes
+ * of entropy.
+ */
+#define SSL2_CHALLENGE_LEN 16
+
SSLErr
SSL2EncodeClientHello(SSLBuffer *msg, SSLContext *ctx)
{ SSLErr err;
case SSL_Version_3_0_With_2_0_Hello:
/* go for it, see if server can handle upgrading */
useSSL3Ciphers = 1;
- version = SSL_Version_3_0;
+ /* could be SSLv3 or TLSv1 */
+ version = ctx->maxProtocolVersion;
break;
case SSL_Version_2_0:
useSSL3Ciphers = 0;
break;
case SSL_Version_3_0_Only:
case SSL_Version_3_0:
+ case TLS_Version_1_0_Only:
+ case TLS_Version_1_0:
default:
ASSERTMSG("Bad protocol version for sending SSL 2 Client Hello");
break;
sessionIDLen = 0;
sessionIdentifier.data = 0;
if (ctx->resumableSession.data != 0)
- { if (ERR(err = SSLRetrieveSessionIDIdentifier(ctx->resumableSession, &sessionIdentifier, ctx)) != 0)
+ { if (ERR(err = SSLRetrieveSessionID(ctx->resumableSession, &sessionIdentifier, ctx)) != 0)
return err;
sessionIDLen = sessionIdentifier.length;
}
-/* msg length = 9 + 3 * totalCipherCount + sessionIDLen + 16 bytes of challenge
- * Use exactly 16 bytes of challenge because Netscape products have a bug
- * that requires this length
- */
- if (ERR(err = SSLAllocBuffer(msg, 9 + (3*totalCipherCount) + sessionIDLen + 16, &ctx->sysCtx)) != 0)
+ /* msg length = 9 + 3 * totalCipherCount + sessionIDLen + 16 bytes of challenge
+ * Use exactly 16 bytes of challenge because Netscape products have a bug
+ * that requires this length
+ */
+ if (ERR(err = SSLAllocBuffer(msg, 9 + (3*totalCipherCount) + sessionIDLen +
+ SSL2_CHALLENGE_LEN, &ctx->sysCtx)) != 0)
{ ERR(SSLFreeBuffer(&sessionIdentifier, &ctx->sysCtx));
return err;
}
progress = SSLEncodeInt(progress, version, 2);
progress = SSLEncodeInt(progress, 3*totalCipherCount, 2);
progress = SSLEncodeInt(progress, sessionIDLen, 2);
- progress = SSLEncodeInt(progress, 16, 2);
+ progress = SSLEncodeInt(progress, SSL2_CHALLENGE_LEN, 2);
-/* If we can send SSL3 ciphers, encode the two-byte cipher specs into three-byte
- * CipherKinds which have a leading 0.
- */
+ /* If we can send SSL3 ciphers, encode the two-byte cipher specs into three-byte
+ * CipherKinds which have a leading 0.
+ */
if (useSSL3Ciphers != 0)
for (i = 0; i < ctx->numValidCipherSpecs; i++)
progress = SSLEncodeInt(progress, ctx->validCipherSpecs[i].cipherSpec, 3);
-/* Now send those SSL2 specs for which we have implementations */
+ /* Now send those SSL2 specs for which we have implementations */
for (i = 0; i < SSL2CipherMapCount; i++)
for (j = 0; j < ctx->numValidCipherSpecs; j++)
if (ctx->validCipherSpecs[j].cipherSpec == SSL2CipherMap[i].cipherSuite)
}
randomData.data = progress;
- randomData.length = 16;
- #ifdef _APPLE_CDSA_
+ randomData.length = SSL2_CHALLENGE_LEN;
if ((err = sslRand(ctx, &randomData)) != 0)
- #else
- if (ERR(err = ctx->sysCtx.random(randomData, ctx->sysCtx.randomRef)) != 0)
- #endif
{ ERR(SSLFreeBuffer(msg, &ctx->sysCtx));
return err;
}
- progress += 16;
-
-/* Zero out the first 16 bytes of clientRandom, and store the challenge in the
- second 16 bytes */
- memset(ctx->clientRandom, 0, 16);
- memcpy(ctx->clientRandom+16, randomData.data, 16);
- ctx->ssl2ChallengeLength = 16;
+ progress += SSL2_CHALLENGE_LEN;
+
+ /* Zero out the first 16 bytes of clientRandom, and store
+ * the challenge in the second 16 bytes */
+ #if (SSL2_CHALLENGE_LEN == SSL_CLIENT_SRVR_RAND_SIZE)
+ /* this path verified to fail with Netscape Enterprise servers 1/16/02 */
+ memcpy(ctx->clientRandom, randomData.data, SSL2_CHALLENGE_LEN);
+ #else
+ memset(ctx->clientRandom, 0, SSL_CLIENT_SRVR_RAND_SIZE - SSL2_CHALLENGE_LEN);
+ memcpy(ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE - SSL2_CHALLENGE_LEN,
+ randomData.data, SSL2_CHALLENGE_LEN);
+ #endif
+ ctx->ssl2ChallengeLength = SSL2_CHALLENGE_LEN;
CASSERT(progress == msg->data + msg->length);
int clearLength, encryptedLength, keyArgLength;
UInt32 secretLength, localKeyModulusLen;
UInt8 *progress;
-
+ const CSSM_KEY *decryptKey;
+ CSSM_CSP_HANDLE decryptCspHand;
+
if (msg.length < 9) {
errorLog0("SSL2ProcessClientMasterKey: msg.length error 1\n");
return ERR(SSLProtocolErr);
return ERR(SSLProtocolErr);
}
-/* Master key == CLEAR_DATA || SECRET_DATA */
+ /* Master key == CLEAR_DATA || SECRET_DATA */
memcpy(ctx->masterSecret, progress, clearLength);
progress += clearLength;
-#if RSAREF
- localKeyModulusLen = (ctx->localKey.bits + 7)/8;
-#elif BSAFE
- { A_RSA_KEY *keyInfo;
- int rsaResult;
-
- if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->localKey, KI_RSAPublic)) != 0)
- return SSLUnknownErr;
- localKeyModulusLen = keyInfo->modulus.len;
- }
-#elif _APPLE_CDSA_
- CASSERT(ctx->encryptPrivKey != NULL);
- localKeyModulusLen = sslKeyLengthInBytes(ctx->encryptPrivKey);
-#else
-#error No Asymmetric crypto
-#endif /* RSAREF / BSAFE */
+ /*
+ * Just as in SSL2EncodeServerHello, which key we use depends on the
+ * app's config.
+ */
+ if(ctx->encryptPrivKey) {
+ decryptKey = ctx->encryptPrivKey;
+ CASSERT(ctx->encryptKeyCsp != 0);
+ decryptCspHand = ctx->encryptKeyCsp;
+ }
+ else if(ctx->signingPrivKey) {
+ decryptKey = ctx->signingPrivKey;
+ CASSERT(ctx->signingKeyCsp != 0);
+ decryptCspHand = ctx->signingKeyCsp;
+ }
+ else {
+ /* really should not happen... */
+ errorLog0("SSL2ProcessClientMasterKey: No server key!\n");
+ return SSLBadStateErr;
+ }
+ localKeyModulusLen = sslKeyLengthInBytes(decryptKey);
if (encryptedLength != localKeyModulusLen) {
errorLog0("SSL2ProcessClientMasterKey: encryptedLength error 1\n");
return ERR(SSLProtocolErr);
}
-/* Allocate enough room to hold any decrypted value */
+ /* Allocate enough room to hold any decrypted value */
if (ERR(err = SSLAllocBuffer(&secretData, encryptedLength, &ctx->sysCtx)) != 0)
return err;
-#if RSAREF
-/* Replace this with code to do decryption at lower level & check PKCS1 padding
- for rollback attack */
- if ((RSAPrivateDecrypt(secretData.data, &secretLength, progress, encryptedLength, &ctx->localKey)) != 0)
- { ERR(err = SSLFreeBuffer(&secretData, &ctx->sysCtx));
- return ERR(SSLUnknownErr);
- }
-#elif BSAFE
- { B_ALGORITHM_OBJ rsa;
- B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_CRT_DECRYPT, 0 };
- int rsaResult;
- unsigned int decryptLen;
-
- if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPrivate, 0)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_DecryptInit(rsa, ctx->localKey, chooser, NO_SURR)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_DecryptUpdate(rsa, secretData.data, &decryptLen, encryptedLength,
- progress, encryptedLength, 0, NO_SURR)) != 0)
- return SSLUnknownErr;
- secretLength = decryptLen;
- if ((rsaResult = B_DecryptFinal(rsa, secretData.data+secretLength,
- &decryptLen, encryptedLength-secretLength, 0, NO_SURR)) != 0)
- return SSLUnknownErr;
- secretLength += decryptLen;
- B_DestroyAlgorithmObject(&rsa);
- }
-#elif _APPLE_CDSA_
- /*
- * note we use encryptPrivKey, not signingPrivKey - this really is
- * a decrypt op. Servers have to be configured with valid encryption cert
- * chain to work with SSL2.
- */
err = sslRsaDecrypt(ctx,
- ctx->encryptPrivKey,
- ctx->encryptKeyCsp,
+ decryptKey,
+ decryptCspHand,
progress,
encryptedLength,
secretData.data,
SSLFreeBuffer(&secretData, &ctx->sysCtx);
return err;
}
-#endif /* RSAREF / BSAFE */
progress += encryptedLength;
return ERR(SSLProtocolErr);
}
-/* Stash the IV after the master key in master secret storage */
+ /* Stash the IV after the master key in master secret storage */
memcpy(ctx->masterSecret + ctx->selectedCipherSpec->cipher->keySize, progress, keyArgLength);
progress += keyArgLength;
CASSERT(progress = msg.data + msg.length);
UInt32 outputLen, peerKeyModulusLen;
SSLBuffer keyData;
UInt8 *progress;
- #ifndef _APPLE_CDSA_
- SSLRandomCtx rsaRandom;
- int rsaResult;
- #endif
-#if RSAREF
- peerKeyModulusLen = (ctx->peerKey.bits + 7)/8;
-#elif BSAFE
- { A_RSA_KEY *keyInfo;
- int rsaResult;
-
- if ((rsaResult = B_GetKeyInfo((POINTER*)&keyInfo, ctx->peerKey, KI_RSAPublic)) != 0)
- return SSLUnknownErr;
- peerKeyModulusLen = keyInfo->modulus.len;
- }
-#elif _APPLE_CDSA_
peerKeyModulusLen = sslKeyLengthInBytes(ctx->peerPubKey);
-#endif /* RSAREF / BSAFE */
-/* Length is 10 + clear key size + encrypted output size + iv size */
+ /* Length is 10 + clear key size + encrypted output size + iv size */
length = 10;
clearLen = ctx->selectedCipherSpec->cipher->keySize - ctx->selectedCipherSpec->cipher->secretKeySize;
length += clearLen;
keyData.data = ctx->masterSecret;
keyData.length = ctx->selectedCipherSpec->cipher->keySize + ctx->selectedCipherSpec->cipher->ivSize;
CASSERT(keyData.length <= 48); /* Must be able to store it in the masterSecret array */
- #ifdef _APPLE_CDSA_
if ((err = sslRand(ctx, &keyData)) != 0)
- #else
- if (ERR(err = ctx->sysCtx.random(keyData, ctx->sysCtx.randomRef)) != 0)
- #endif
return err;
memcpy(progress, ctx->masterSecret, clearLen);
progress += clearLen;
- #ifndef _APPLE_CDSA_
- if (ERR(err = ReadyRandom(&rsaRandom, ctx)) != 0)
- return err;
- #endif
-
-/* Replace this with code to do encryption at lower level & set PKCS1 padding
+ /* Replace this with code to do encryption at lower level & set PKCS1 padding
for rollback attack */
-#if RSAREF
- if ((rsaResult = RSAPublicEncrypt(progress, &outputLen,
- ctx->masterSecret + clearLen,
- ctx->selectedCipherSpec->cipher->keySize - clearLen,
- &ctx->peerKey,&rsaRandom)) != 0)
- { R_RandomFinal(&rsaRandom);
- return ERR(SSLUnknownErr);
- }
-#elif BSAFE
- { B_ALGORITHM_OBJ rsa;
- B_ALGORITHM_METHOD *chooser[] = { &AM_RSA_ENCRYPT, 0 };
- unsigned int encryptedOut;
-
- if ((rsaResult = B_CreateAlgorithmObject(&rsa)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_SetAlgorithmInfo(rsa, AI_PKCS_RSAPublic, 0)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_EncryptInit(rsa, ctx->peerKey, chooser, NO_SURR)) != 0)
- return SSLUnknownErr;
- if ((rsaResult = B_EncryptUpdate(rsa, progress,
- &encryptedOut, peerKeyModulusLen, ctx->masterSecret + clearLen,
- ctx->selectedCipherSpec->cipher->keySize - clearLen,
- rsaRandom, NO_SURR)) != 0)
- return SSLUnknownErr;
- outputLen = encryptedOut;
- if ((rsaResult = B_EncryptFinal(rsa, progress+outputLen,
- &encryptedOut, peerKeyModulusLen-outputLen, rsaRandom, NO_SURR)) != 0)
- return SSLUnknownErr;
- outputLen += encryptedOut;
- B_DestroyAlgorithmObject(&rsa);
- }
-#elif _APPLE_CDSA_
+
/*
* encrypt only the secret key portion of masterSecret, starting at
* clearLen bytes
if(err) {
return err;
}
-#endif
progress += outputLen;
-
-#if RSAREF
- R_RandomFinal(&rsaRandom);
-#elif BSAFE
- B_DestroyAlgorithmObject(&rsaRandom);
-#endif
/* copy clear IV to msg buf */
memcpy(progress, ctx->masterSecret + ctx->selectedCipherSpec->cipher->keySize,
int sessionIDMatch, certLen, cipherSpecsLen, connectionIDLen;
int i, j;
SSL2CipherKind cipherKind;
- #ifndef __APPLE__
- SSLBuffer certBuf;
- #endif
SSLCertificate *cert;
SSLCipherSuite matchingCipher = 0; // avoid compiler warning
SSLCipherSuite selectedCipher;
return ERR(SSLNegotiationErr);
cipherSpecsLen /= 3;
- #ifdef __APPLE__
cert = (SSLCertificate *)sslMalloc(sizeof(SSLCertificate));
if(cert == NULL) {
return SSLMemoryErr;
}
- #else
- if (ERR(err = SSLAllocBuffer(&certBuf, sizeof(SSLCertificate), &ctx->sysCtx)) != 0)
- return err;
- cert = (SSLCertificate*)certBuf.data;
- #endif
cert->next = 0;
if (ERR(err = SSLAllocBuffer(&cert->derCert, certLen, &ctx->sysCtx)) != 0)
{
- #ifdef __APPLE__
sslFree(cert);
- #else
- ERR(SSLFreeBuffer(&certBuf, &ctx->sysCtx));
- #endif
return err;
}
memcpy(cert->derCert.data, progress, certLen);
progress += certLen;
- #ifndef _APPLE_CDSA_
- /* not necessary */
- if (ERR(err = ASNParseX509Certificate(cert->derCert, &cert->cert, ctx)) != 0)
- { ERR(SSLFreeBuffer(&cert->derCert, &ctx->sysCtx));
- ERR(SSLFreeBuffer(&certBuf, &ctx->sysCtx));
- return err;
- }
- #endif
ctx->peerCert = cert;
- #ifdef _APPLE_CDSA_
/* This cert never gets verified in original SSLRef3 code... */
if((err = sslVerifyCertChain(ctx, ctx->peerCert)) != 0) {
return err;
&cert->derCert,
&ctx->peerPubKey,
&ctx->peerPubKeyCsp)) != 0)
- #else
- if (ERR(err = X509ExtractPublicKey(&cert->cert.pubKey, &ctx->peerKey)) != 0)
- #endif
return err;
selectedCipher = SSL_NO_SUCH_CIPHERSUITE;
return ERR(SSLNegotiationErr);
#if LOG_NEGOTIATE
dprintf1("===SSL2 client: selectedCipher 0x%x\n",
- selectedCipher);
+ (unsigned)selectedCipher);
#endif
ctx->selectedCipher = selectedCipher;
ctx->ssl2ConnectionIDLength = SSL2_CONNECTION_ID_LENGTH;
randomData.data = ctx->serverRandom;
randomData.length = ctx->ssl2ConnectionIDLength;
- #ifdef _APPLE_CDSA_
if ((err = sslRand(ctx, &randomData)) != 0)
- #else
- if (ERR(err = ctx->sysCtx.random(randomData, ctx->sysCtx.randomRef)) != 0)
- #endif
return err;
if (ctx->ssl2SessionMatch != 0)
else
{ /* First, find the last cert in the chain; it's the one we'll send */
- #if _APPLE_CDSA_
/*
- * For Apple, we require an encryptCert here - we'll be encrypting
- * with it, after all.
+ * Use encryptCert if we have it, but allow for the case of app
+ * specifying one cert which can encrypt and sign.
*/
- if(ctx->encryptCert == NULL) {
- errorLog0("SSL2EncodeServerHello: No encryptCert!\n");
+ if(ctx->encryptCert != NULL) {
+ cert = ctx->encryptCert;
+ }
+ else if(ctx->localCert != NULL) {
+ cert = ctx->localCert;
+ }
+ else {
+ /* really should not happen... */
+ errorLog0("SSL2EncodeServerHello: No server cert!\n");
return SSLBadStateErr;
}
- cert = ctx->encryptCert;
- #else
- CASSERT(ctx->localCert != 0);
- cert = ctx->localCert;
- #endif _APPLE_CDSA_
while (cert->next != 0)
cert = cert->next;
{ if (msg.length != ctx->ssl2ChallengeLength)
return ERR(SSLProtocolErr);
- if (memcmp(msg.data, ctx->clientRandom + 32 - ctx->ssl2ChallengeLength,
- ctx->ssl2ChallengeLength) != 0)
+ if (memcmp(msg.data, ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE -
+ ctx->ssl2ChallengeLength, ctx->ssl2ChallengeLength) != 0)
return ERR(SSLProtocolErr);
return SSLNoErr;
return err;
msg->data[0] = ssl2_mt_server_verify;
- memcpy(msg->data+1, ctx->clientRandom + 32 - ctx->ssl2ChallengeLength,
- ctx->ssl2ChallengeLength);
+ memcpy(msg->data+1, ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE -
+ ctx->ssl2ChallengeLength, ctx->ssl2ChallengeLength);
return SSLNoErr;
}
#include "appleCdsa.h"
#endif
+#include "digests.h"
#include <string.h>
+#include <assert.h>
#if LOG_HDSK_MSG
switch (msg)
{ case ssl2_mt_error:
- #if _APPLE_CDSA_
- /* ref code returned an unitialized local err here */
err = SSLConnectionClosedError;
- #endif
break;
case ssl2_mt_client_hello:
if (ctx->state != HandshakeServerUninit)
if (err == 0)
{ /* FIXME - use requested or negotiated protocol version here? */
- if (msg == ssl2_mt_client_hello && ctx->negProtocolVersion == SSL_Version_3_0)
+ if (msg == ssl2_mt_client_hello && (ctx->negProtocolVersion >= SSL_Version_3_0))
{ /* Promote this message to SSL 3 protocol */
if (ERR(err = SSL3ReceiveSSL2ClientHello(rec, ctx)) != 0)
return err;
SSLChangeHdskState(ctx, HandshakeServerHelloUnknownVersion);
break;
case SSL_Version_3_0_With_2_0_Hello:
- ctx->negProtocolVersion = SSL_Version_3_0;
+ assert((ctx->reqProtocolVersion == SSL_Version_3_0) ||
+ (ctx->reqProtocolVersion == TLS_Version_1_0));
+ ctx->negProtocolVersion = ctx->reqProtocolVersion;
#if LOG_NEGOTIATE
- dprintf0("===SSL client kickstart: negVersion is 3_0\n");
+ dprintf2("===SSL client kickstart: negVersion is %d_%d\n",
+ ctx->negProtocolVersion >> 8, ctx->negProtocolVersion & 0xff);
#endif
SSLChangeHdskState(ctx, HandshakeServerHello);
break;
break;
case SSL_Version_3_0_Only:
case SSL_Version_3_0:
+ case TLS_Version_1_0_Only:
+ case TLS_Version_1_0:
default:
ASSERTMSG("Bad protocol version for sending SSL 2 Client Hello");
break;
{ SSLChangeHdskState(ctx, HandshakeSSL2ClientMasterKey);
break;
}
+ SSLLogResumSess("===RESUMING SSL2 server-side session\n");
if (ERR(err = SSL2InstallSessionKey(ctx)) != 0)
return err;
/* Fall through for matching session; lame, but true */
return err;
}
else
- { if (ERR(err = SSL2InstallSessionKey(ctx)) != 0)
+ {
+ SSLLogResumSess("===RESUMING SSL2 client-side session\n");
+ if (ERR(err = SSL2InstallSessionKey(ctx)) != 0)
return err;
}
if (ERR(err = SSL2InitCiphers(ctx)) != 0)
/* Handshake is complete; turn ciphers on */
ctx->writeCipher.ready = 1;
ctx->readCipher.ready = 1;
- #if _APPLE_CDSA_
/* original code never got out of ssl2_mt_client_finished state */
CASSERT(ctx->protocolSide == SSL_ServerSide);
SSLChangeHdskState(ctx, HandshakeServerReady);
- #endif /* _APPLE_CDSA_ */
if (ctx->peerID.data != 0)
- ERR(SSLAddSessionID(ctx));
+ ERR(SSLAddSessionData(ctx));
break;
case ssl2_mt_server_verify:
SSLChangeHdskState(ctx, HandshakeSSL2ServerFinished);
/* Handshake is complete; turn ciphers on */
ctx->writeCipher.ready = 1;
ctx->readCipher.ready = 1;
- #if _APPLE_CDSA_
/* original code never got out of ssl2_mt_server_finished state */
CASSERT(ctx->protocolSide == SSL_ClientSide);
SSLChangeHdskState(ctx, HandshakeClientReady);
- #endif /* _APPLE_CDSA_ */
if (ctx->peerID.data != 0)
- ERR(SSLAddSessionID(ctx));
+ ERR(SSLAddSessionData(ctx));
break;
case ssl2_mt_error:
case ssl2_mt_client_certificate:
logSsl2Msg((SSL2MessageType)rec.contents.data[0], 1);
- if (ERR(err = SSLWriteRecord(rec, ctx)) != 0)
+ assert(ctx->sslTslCalls != NULL);
+ if (ERR(err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0)
{ ERR(SSLFreeBuffer(&rec.contents, &ctx->sysCtx));
return err;
}
if (ctx->resumableSession.data == 0)
return SSLNoErr;
- if (ERR(err = SSLRetrieveSessionIDIdentifier(ctx->resumableSession,
+ if (ERR(err = SSLRetrieveSessionID(ctx->resumableSession,
&sessionIdentifier, ctx)) != 0)
return err;
CASSERT(ctx->ssl2SessionMatch != 0);
CASSERT(ctx->resumableSession.data != 0);
- if (ERR(err = SSLInstallSessionID(ctx->resumableSession, ctx)) != 0)
+ if (ERR(err = SSLInstallSessionFromData(ctx->resumableSession, ctx)) != 0)
return err;
return SSLNoErr;
}
return err;
if (ERR(err = SSLAllocBuffer(&ctx->sessionID, SSL_SESSION_ID_LEN, &ctx->sysCtx)) != 0)
return err;
- #ifdef _APPLE_CDSA_
if ((err = sslRand(ctx, &ctx->sessionID)) != 0)
- #else
- if (ERR(err = ctx->sysCtx.random(ctx->sessionID, ctx->sysCtx.randomRef)) != 0)
- #endif
return err;
return SSLNoErr;
}
masterKey.data = ctx->masterSecret;
masterKey.length = ctx->selectedCipherSpec->cipher->keySize;
- challenge.data = ctx->clientRandom + 32 - ctx->ssl2ChallengeLength;
+ challenge.data = ctx->clientRandom + SSL_CLIENT_SRVR_RAND_SIZE -
+ ctx->ssl2ChallengeLength;
challenge.length = ctx->ssl2ChallengeLength;
connectionID.data = ctx->serverRandom;
connectionID.length = ctx->ssl2ConnectionIDLength;
while (keyMaterialLen)
{ hashDigest.data = progress;
hashDigest.length = SSLHashMD5.digestSize;
- if (ERR(err = SSLHashMD5.init(hashContext)) != 0 ||
+ if (ERR(err = SSLHashMD5.init(hashContext, ctx)) != 0 ||
ERR(err = SSLHashMD5.update(hashContext, masterKey)) != 0 ||
ERR(err = SSLHashMD5.update(hashContext, variantData)) != 0 ||
ERR(err = SSLHashMD5.update(hashContext, challenge)) != 0 ||
return err;
}
- ctx->readPending.hash = ctx->selectedCipherSpec->macAlgorithm;
- ctx->writePending.hash = ctx->selectedCipherSpec->macAlgorithm;
+ ctx->readPending.macRef = ctx->selectedCipherSpec->macAlgorithm;
+ ctx->writePending.macRef = ctx->selectedCipherSpec->macAlgorithm;
ctx->readPending.symCipher = ctx->selectedCipherSpec->cipher;
ctx->writePending.symCipher = ctx->selectedCipherSpec->cipher;
ctx->readPending.sequenceNum = ctx->readCipher.sequenceNum;
#include "digests.h"
#endif
-#ifdef _APPLE_CDSA_
#ifndef _APPLE_GLUE_H_
#include "appleGlue.h"
#endif
-#endif
#include <string.h>
case SSL_Version_2_0:
break;
case SSL_Version_3_0: /* We've negotiated a 3.0 session; we can send an alert */
+ case TLS_Version_1_0:
SSLFatalSessionAlert(alert_unexpected_message, ctx);
return SSLProtocolErr;
case SSL_Version_3_0_Only: /* We haven't yet negotiated, but we don't want to support 2.0; just die without an alert */
{ readData.length = 3 - ctx->amountRead;
readData.data = ctx->partialReadBuffer.data + ctx->amountRead;
len = readData.length;
- #ifdef _APPLE_CDSA_
err = sslIoRead(readData, &len, ctx);
if(err != 0)
- #else
- if (ERR(err = ctx->ioCtx.read(readData, &len, ctx->ioCtx.ioRef)) != 0)
- #endif
{ if (err == SSLWouldBlockErr)
ctx->amountRead += len;
if (err == SSLIOErr && ctx->amountRead == 0) /* If the session closes on a record boundary, it's graceful */
padding = progress[2];
}
- #ifdef __APPLE__
/*
* FIXME - what's the max record size?
* and why doesn't SSLReadRecord parse the 2 or 3 byte header?
if((contentLen == 0) || (contentLen > 0xffff)) {
return SSLProtocolErr;
}
- #endif
progress += headerSize;
{ readData.length = headerSize + contentLen - ctx->amountRead;
readData.data = ctx->partialReadBuffer.data + ctx->amountRead;
len = readData.length;
- #ifdef _APPLE_CDSA_
err = sslIoRead(readData, &len, ctx);
if(err != 0)
- #else
- if (ERR(err = ctx->ioCtx.read(readData, &len, ctx->ioCtx.ioRef)) != 0)
- #endif
{ if (err == SSLWouldBlockErr)
ctx->amountRead += len;
return err;
out->next = 0;
out->sent = 0;
- payloadSize = (UInt16) (rec.contents.length + ctx->writeCipher.hash->digestSize);
+ payloadSize = (UInt16)
+ (rec.contents.length + ctx->writeCipher.macRef->hash->digestSize);
blockSize = ctx->writeCipher.symCipher->blockSize;
if (blockSize > 0)
{
- #ifdef _APPLE_CDSA_
- /* HEY! this netscape code could never work with a block cipher... */
padding = blockSize - (payloadSize % blockSize);
- #else
- /* bogon */
- padding = blockSize - (payloadSize % blockSize) - 1;
- #endif
if (padding == blockSize)
padding = 0;
payloadSize += padding;
payload.length = payloadSize;
mac.data = progress;
- mac.length = ctx->writeCipher.hash->digestSize;
+ mac.length = ctx->writeCipher.macRef->hash->digestSize;
progress += mac.length;
content.data = progress;
secret.data = ctx->writeCipher.macSecret;
secret.length = ctx->writeCipher.symCipher->keySize;
if (mac.length > 0)
- if (ERR(err = SSL2CalculateMAC(secret, content, ctx->writeCipher.sequenceNum.low,
- ctx->writeCipher.hash, mac, ctx)) != 0)
+ if (ERR(err = SSL2CalculateMAC(secret, content,
+ ctx->writeCipher.sequenceNum.low,
+ ctx->writeCipher.macRef->hash, mac, ctx)) != 0)
goto fail;
/* APPLE_CDSA change...*/
ctx)) != 0)
return err;
- if (ctx->readCipher.hash->digestSize > 0) /* Optimize away MAC for null case */
- { content.data = payload->data + ctx->readCipher.hash->digestSize; /* Data is after MAC */
- content.length = payload->length - ctx->readCipher.hash->digestSize;
+ if (ctx->readCipher.macRef->hash->digestSize > 0) /* Optimize away MAC for null case */
+ { content.data = payload->data + ctx->readCipher.macRef->hash->digestSize; /* Data is after MAC */
+ content.length = payload->length - ctx->readCipher.macRef->hash->digestSize;
if (ERR(err = SSL2VerifyMAC(content, payload->data, ctx)) != 0)
return err;
/* Adjust payload to remove MAC; caller is still responsible for removing padding [if any] */
secret.data = ctx->readCipher.macSecret;
secret.length = ctx->readCipher.symCipher->keySize;
mac.data = calculatedMAC;
- mac.length = ctx->readCipher.hash->digestSize;
+ mac.length = ctx->readCipher.macRef->hash->digestSize;
if (ERR(err = SSL2CalculateMAC(secret, content, ctx->readCipher.sequenceNum.low,
- ctx->readCipher.hash, mac, ctx)) != 0)
+ ctx->readCipher.macRef->hash, mac, ctx)) != 0)
return err;
if (memcmp(mac.data, compareMAC, mac.length) != 0) {
#if IGNORE_MAC_FAILURE
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: ssl3Callouts.c
+
+ Contains: SSLv3-specific routines for SslTlsCallouts.
+
+ Written by: Doug Mitchell
+*/
+
+#include "sslalloc.h"
+#include "tls_ssl.h"
+#include "sslutil.h"
+#include "digests.h"
+#include "ssl2.h"
+#include "sslDebug.h"
+#include "sslalert.h"
+#include <assert.h>
+#include <strings.h>
+
+/*
+ * ssl3WriteRecord does not send alerts on failure, out of the assumption/fear
+ * that this might result in a loop (since sending an alert causes ssl3WriteRecord
+ * to be called).
+ *
+ * As far as I can tell, we can use this same routine for SSLv3 and TLSv1, as long
+ * as we're not trying to use the "variable length padding" feature of TLSv1.
+ * OpenSSL doesn't use that feature; for now, neither will we. Thus this routine
+ * is used for the SslTlsCallouts.writeRecord function for both protocols.
+ */
+SSLErr ssl3WriteRecord(
+ SSLRecord rec,
+ SSLContext *ctx)
+{
+ SSLErr err;
+ int padding = 0, i;
+ WaitingRecord *out, *queue;
+ SSLBuffer buf, payload, mac;
+ UInt8 *progress;
+ UInt16 payloadSize,blockSize;
+
+ switch(rec.protocolVersion) {
+ case SSL_Version_2_0:
+ return SSL2WriteRecord(rec, ctx);
+ case SSL_Version_3_0:
+ case TLS_Version_1_0:
+ break;
+ default:
+ assert(0);
+ return SSLInternalError;
+ }
+ assert(rec.contents.length <= 16384);
+
+ out = 0;
+ /* Allocate a WaitingRecord to store our ready-to-send record in */
+ if ((err = SSLAllocBuffer(&buf, sizeof(WaitingRecord), &ctx->sysCtx)) != 0)
+ return err;
+ out = (WaitingRecord*)buf.data;
+ out->next = 0;
+ out->sent = 0;
+ /* Allocate enough room for the transmitted record, which will be:
+ * 5 bytes of header +
+ * encrypted contents +
+ * macLength +
+ * padding [block ciphers only] +
+ * padding length field (1 byte) [block ciphers only]
+ */
+ payloadSize = (UInt16) (rec.contents.length + ctx->writeCipher.macRef->hash->digestSize);
+ blockSize = ctx->writeCipher.symCipher->blockSize;
+ if (blockSize > 0)
+ { padding = blockSize - (payloadSize % blockSize) - 1;
+ payloadSize += padding + 1;
+ }
+ out->data.data = 0;
+ if ((err = SSLAllocBuffer(&out->data, 5 + payloadSize, &ctx->sysCtx)) != 0)
+ goto fail;
+
+ progress = out->data.data;
+ *(progress++) = rec.contentType;
+ progress = SSLEncodeInt(progress, rec.protocolVersion, 2);
+ progress = SSLEncodeInt(progress, payloadSize, 2);
+
+ /* Copy the contents into the output buffer */
+ memcpy(progress, rec.contents.data, rec.contents.length);
+ payload.data = progress;
+ payload.length = rec.contents.length;
+
+ progress += rec.contents.length;
+ /* MAC immediately follows data */
+ mac.data = progress;
+ mac.length = ctx->writeCipher.macRef->hash->digestSize;
+ progress += mac.length;
+
+ /* MAC the data */
+ if (mac.length > 0) /* Optimize away null case */
+ {
+ assert(ctx->sslTslCalls != NULL);
+ if ((err = ctx->sslTslCalls->computeMac(rec.contentType,
+ payload,
+ mac,
+ &ctx->writeCipher,
+ ctx->writeCipher.sequenceNum,
+ ctx)) != 0)
+ goto fail;
+ }
+
+ /* Update payload to reflect encrypted data: contents, mac & padding */
+ payload.length = payloadSize;
+
+ /* Fill in the padding bytes & padding length field with the padding value; the
+ * protocol only requires the last byte,
+ * but filling them all in avoids leaking data
+ */
+ if (ctx->writeCipher.symCipher->blockSize > 0)
+ for (i = 1; i <= padding + 1; ++i)
+ payload.data[payload.length - i] = padding;
+
+ /* Encrypt the data */
+ if ((err = ctx->writeCipher.symCipher->encrypt(payload,
+ payload,
+ &ctx->writeCipher,
+ ctx)) != 0)
+ goto fail;
+ DUMP_BUFFER_NAME("encrypted data", payload);
+
+ /* Enqueue the record to be written from the idle loop */
+ if (ctx->recordWriteQueue == 0)
+ ctx->recordWriteQueue = out;
+ else
+ { queue = ctx->recordWriteQueue;
+ while (queue->next != 0)
+ queue = queue->next;
+ queue->next = out;
+ }
+
+ /* Increment the sequence number */
+ IncrementUInt64(&ctx->writeCipher.sequenceNum);
+
+ return SSLNoErr;
+
+fail:
+ /*
+ * Only for if we fail between when the WaitingRecord is allocated and when
+ * it is queued
+ */
+ SSLFreeBuffer(&out->data, &ctx->sysCtx);
+ buf.data = (UInt8*)out;
+ buf.length = sizeof(WaitingRecord);
+ SSLFreeBuffer(&buf, &ctx->sysCtx);
+ return ERR(err);
+}
+
+static SSLErr ssl3DecryptRecord(
+ UInt8 type,
+ SSLBuffer *payload,
+ SSLContext *ctx)
+{
+ SSLErr err;
+ SSLBuffer content;
+
+ if ((ctx->readCipher.symCipher->blockSize > 0) &&
+ ((payload->length % ctx->readCipher.symCipher->blockSize) != 0))
+ { SSLFatalSessionAlert(alert_unexpected_message, ctx);
+ return ERR(SSLProtocolErr);
+ }
+
+ /* Decrypt in place */
+ DUMP_BUFFER_NAME("encrypted data", (*payload));
+ if ((err = ctx->readCipher.symCipher->decrypt(*payload,
+ *payload,
+ &ctx->readCipher,
+ ctx)) != 0)
+ { SSLFatalSessionAlert(alert_close_notify, ctx);
+ return ERR(err);
+ }
+ DUMP_BUFFER_NAME("decrypted data", (*payload));
+
+ /* Locate content within decrypted payload */
+ content.data = payload->data;
+ content.length = payload->length - ctx->readCipher.macRef->hash->digestSize;
+ if (ctx->readCipher.symCipher->blockSize > 0)
+ { /* padding can't be equal to or more than a block */
+ if (payload->data[payload->length - 1] >= ctx->readCipher.symCipher->blockSize)
+ { SSLFatalSessionAlert(alert_unexpected_message, ctx);
+ errorLog1("DecryptSSLRecord: bad padding length (%d)\n",
+ (unsigned)payload->data[payload->length - 1]);
+ return ERR(SSLProtocolErr);
+ }
+ content.length -= 1 + payload->data[payload->length - 1];
+ /* Remove block size padding */
+ }
+
+ /* Verify MAC on payload */
+ if (ctx->readCipher.macRef->hash->digestSize > 0)
+ /* Optimize away MAC for null case */
+ if ((err = SSLVerifyMac(type, content,
+ payload->data + content.length, ctx)) != 0)
+ { SSLFatalSessionAlert(alert_bad_record_mac, ctx);
+ return ERR(err);
+ }
+
+ *payload = content; /* Modify payload buffer to indicate content length */
+
+ return SSLNoErr;
+}
+
+/* initialize a per-CipherContext HashHmacContext for use in MACing each record */
+static SSLErr ssl3InitMac (
+ CipherContext *cipherCtx, // macRef, macSecret valid on entry
+ // macCtx valid on return
+ SSLContext *ctx)
+{
+ const HashReference *hash;
+ SSLBuffer *hashCtx;
+ SSLErr serr;
+
+ assert(cipherCtx->macRef != NULL);
+ hash = cipherCtx->macRef->hash;
+ assert(hash != NULL);
+
+ hashCtx = &cipherCtx->macCtx.hashCtx;
+ if(hashCtx->data != NULL) {
+ SSLFreeBuffer(hashCtx, &ctx->sysCtx);
+ }
+ serr = SSLAllocBuffer(hashCtx, hash->contextSize, &ctx->sysCtx);
+ if(serr) {
+ return serr;
+ }
+ return SSLNoErr;
+}
+
+static SSLErr ssl3FreeMac (
+ CipherContext *cipherCtx)
+{
+ SSLBuffer *hashCtx;
+
+ assert(cipherCtx != NULL);
+ /* this can be called on a completely zeroed out CipherContext... */
+ if(cipherCtx->macRef == NULL) {
+ return SSLNoErr;
+ }
+ hashCtx = &cipherCtx->macCtx.hashCtx;
+ if(hashCtx->data != NULL) {
+ sslFree(hashCtx->data);
+ hashCtx->data = NULL;
+ }
+ hashCtx->length = 0;
+ return SSLNoErr;
+}
+
+static SSLErr ssl3ComputeMac (
+ UInt8 type,
+ SSLBuffer data,
+ SSLBuffer mac, // caller mallocs data
+ CipherContext *cipherCtx, // assumes macCtx, macRef
+ sslUint64 seqNo,
+ SSLContext *ctx)
+{
+ SSLErr err;
+ UInt8 innerDigestData[MAX_DIGEST_SIZE];
+ UInt8 scratchData[11], *progress;
+ SSLBuffer digest, digestCtx, scratch;
+ SSLBuffer secret;
+
+ const HashReference *hash;
+
+ assert(cipherCtx != NULL);
+ assert(cipherCtx->macRef != NULL);
+ hash = cipherCtx->macRef->hash;
+ assert(hash != NULL);
+ assert(hash->macPadSize <= MAX_MAC_PADDING);
+ assert(hash->digestSize <= MAX_DIGEST_SIZE);
+ digestCtx = cipherCtx->macCtx.hashCtx; // may be NULL, for null cipher
+ secret.data = cipherCtx->macSecret;
+ secret.length = hash->digestSize;
+
+ /* init'd early in SSLNewContext() */
+ assert(SSLMACPad1[0] == 0x36 && SSLMACPad2[0] == 0x5C);
+
+ /*
+ * MAC = hash( MAC_write_secret + pad_2 +
+ * hash( MAC_write_secret + pad_1 + seq_num + type +
+ * length + content )
+ * )
+ */
+ if ((err = hash->init(digestCtx, ctx)) != 0)
+ goto exit;
+ if ((err = hash->update(digestCtx, secret)) != 0) /* MAC secret */
+ goto exit;
+ scratch.data = SSLMACPad1;
+ scratch.length = hash->macPadSize;
+ if ((err = hash->update(digestCtx, scratch)) != 0) /* pad1 */
+ goto exit;
+ progress = scratchData;
+ progress = SSLEncodeUInt64(progress, seqNo);
+ *progress++ = type;
+ progress = SSLEncodeInt(progress, data.length, 2);
+ scratch.data = scratchData;
+ scratch.length = 11;
+ assert(progress = scratchData+11);
+ if ((err = hash->update(digestCtx, scratch)) != 0)
+ /* sequenceNo, type & length */
+ goto exit;
+ if ((err = hash->update(digestCtx, data)) != 0) /* content */
+ goto exit;
+ digest.data = innerDigestData;
+ digest.length = hash->digestSize;
+ if ((err = hash->final(digestCtx, digest)) != 0) /* figure inner digest */
+ goto exit;
+
+ if ((err = hash->init(digestCtx, ctx)) != 0)
+ goto exit;
+ if ((err = hash->update(digestCtx, secret)) != 0) /* MAC secret */
+ goto exit;
+ scratch.data = SSLMACPad2;
+ scratch.length = hash->macPadSize;
+ if ((err = hash->update(digestCtx, scratch)) != 0) /* pad2 */
+ goto exit;
+ if ((err = hash->update(digestCtx, digest)) != 0) /* inner digest */
+ goto exit;
+ if ((err = hash->final(digestCtx, mac)) != 0) /* figure the mac */
+ goto exit;
+
+ err = SSLNoErr; /* redundant, I know */
+
+exit:
+ return err;
+}
+
+#define LOG_GEN_KEY 0
+
+/*
+ * On input, the following are valid:
+ * MasterSecret[48]
+ * ClientHello.random[32]
+ * ServerHello.random[32]
+ *
+ * key_block =
+ * MD5(master_secret + SHA(`A' + master_secret +
+ * ServerHello.random +
+ * ClientHello.random)) +
+ * MD5(master_secret + SHA(`BB' + master_secret +
+ * ServerHello.random +
+ * ClientHello.random)) +
+ * MD5(master_secret + SHA(`CCC' + master_secret +
+ * ServerHello.random +
+ * ClientHello.random)) + [...];
+ */
+static SSLErr ssl3GenerateKeyMaterial (
+ SSLBuffer key, // caller mallocs and specifies length of
+ // required key material here
+ SSLContext *ctx)
+{
+ SSLErr err;
+ UInt8 leaderData[10]; /* Max of 10 hashes
+ * (* 16 bytes/hash = 160 bytes of key) */
+ UInt8 shaHashData[20], md5HashData[16];
+ SSLBuffer shaContext, md5Context;
+ UInt8 *keyProgress;
+ int i,j,remaining, satisfied;
+ SSLBuffer leader, masterSecret, serverRandom, clientRandom, shaHash, md5Hash;
+
+ #if LOG_GEN_KEY
+ printf("GenerateKey: master ");
+ for(i=0; i<SSL_MASTER_SECRET_SIZE; i++) {
+ printf("%02X ", ctx->masterSecret[i]);
+ }
+ printf("\n");
+ #endif
+
+ assert(key.length <= 16 * sizeof(leaderData));
+
+ leader.data = leaderData;
+ masterSecret.data = ctx->masterSecret;
+ masterSecret.length = SSL_MASTER_SECRET_SIZE;
+ serverRandom.data = ctx->serverRandom;
+ serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE;
+ clientRandom.data = ctx->clientRandom;
+ clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE;
+ shaHash.data = shaHashData;
+ shaHash.length = 20;
+ md5Hash.data = md5HashData;
+ md5Hash.length = 16;
+
+ md5Context.data = 0;
+ shaContext.data = 0;
+ if ((err = ReadyHash(&SSLHashMD5, &md5Context, ctx)) != 0)
+ goto fail;
+ if ((err = ReadyHash(&SSLHashSHA1, &shaContext, ctx)) != 0)
+ goto fail;
+
+ keyProgress = key.data;
+ remaining = key.length;
+
+ for (i = 0; remaining > 0; ++i)
+ { for (j = 0; j <= i; j++)
+ leaderData[j] = 0x41 + i; /* 'A', 'BB', 'CCC', etc. */
+ leader.length = i+1;
+
+ if ((err = SSLHashSHA1.update(shaContext, leader)) != 0)
+ goto fail;
+ if ((err = SSLHashSHA1.update(shaContext, masterSecret)) != 0)
+ goto fail;
+ if ((err = SSLHashSHA1.update(shaContext, serverRandom)) != 0)
+ goto fail;
+ if ((err = SSLHashSHA1.update(shaContext, clientRandom)) != 0)
+ goto fail;
+ if ((err = SSLHashSHA1.final(shaContext, shaHash)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(md5Context, masterSecret)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(md5Context, shaHash)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.final(md5Context, md5Hash)) != 0)
+ goto fail;
+
+ satisfied = 16;
+ if (remaining < 16)
+ satisfied = remaining;
+ memcpy(keyProgress, md5HashData, satisfied);
+ remaining -= satisfied;
+ keyProgress += satisfied;
+
+ if(remaining > 0) {
+ /* at top of loop, this was done in ReadyHash() */
+ if ((err = SSLHashMD5.init(md5Context, ctx)) != 0)
+ goto fail;
+ if ((err = SSLHashSHA1.init(shaContext, ctx)) != 0)
+ goto fail;
+ }
+ }
+
+ assert(remaining == 0 && keyProgress == (key.data + key.length));
+ err = SSLNoErr;
+fail:
+ SSLFreeBuffer(&md5Context, &ctx->sysCtx);
+ SSLFreeBuffer(&shaContext, &ctx->sysCtx);
+
+ #if LOG_GEN_KEY
+ printf("GenerateKey: DONE\n");
+ #endif
+ return err;
+}
+
+static SSLErr ssl3GenerateExportKeyAndIv (
+ SSLContext *ctx, // clientRandom, serverRandom valid
+ const SSLBuffer clientWriteKey,
+ const SSLBuffer serverWriteKey,
+ SSLBuffer finalClientWriteKey, // RETURNED, mallocd by caller
+ SSLBuffer finalServerWriteKey, // RETURNED, mallocd by caller
+ SSLBuffer finalClientIV, // RETURNED, mallocd by caller
+ SSLBuffer finalServerIV) // RETURNED, mallocd by caller
+{
+ SSLErr err;
+ SSLBuffer hashCtx, serverRandom, clientRandom;
+
+ /* random blobs are 32 bytes */
+ serverRandom.data = ctx->serverRandom;
+ serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE;
+ clientRandom.data = ctx->clientRandom;
+ clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE;
+
+ if ((err = SSLAllocBuffer(&hashCtx, SSLHashMD5.contextSize, &ctx->sysCtx)) != 0)
+ return err;
+ /* client write key */
+ if ((err = SSLHashMD5.init(hashCtx, ctx)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(hashCtx, clientWriteKey)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0)
+ goto fail;
+ finalClientWriteKey.length = 16;
+ if ((err = SSLHashMD5.final(hashCtx, finalClientWriteKey)) != 0)
+ goto fail;
+
+ /* optional client IV */
+ if (ctx->selectedCipherSpec->cipher->ivSize > 0)
+ { if ((err = SSLHashMD5.init(hashCtx, ctx)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0)
+ goto fail;
+ finalClientIV.length = 16;
+ if ((err = SSLHashMD5.final(hashCtx, finalClientIV)) != 0)
+ goto fail;
+ }
+
+ /* server write key */
+ if ((err = SSLHashMD5.init(hashCtx, ctx)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(hashCtx, serverWriteKey)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0)
+ goto fail;
+ finalServerWriteKey.length = 16;
+ if ((err = SSLHashMD5.final(hashCtx, finalServerWriteKey)) != 0)
+ goto fail;
+
+ /* optional server IV */
+ if (ctx->selectedCipherSpec->cipher->ivSize > 0)
+ { if ((err = SSLHashMD5.init(hashCtx, ctx)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(hashCtx, serverRandom)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(hashCtx, clientRandom)) != 0)
+ goto fail;
+ finalServerIV.length = 16;
+ if ((err = SSLHashMD5.final(hashCtx, finalServerIV)) != 0)
+ goto fail;
+ }
+
+ err = SSLNoErr;
+fail:
+ SSLFreeBuffer(&hashCtx, &ctx->sysCtx);
+ return err;
+}
+
+/*
+ * On entry: clientRandom, serverRandom, preMasterSecret valid
+ * On return: masterSecret valid
+ */
+static SSLErr ssl3GenerateMasterSecret (
+ SSLContext *ctx)
+{
+ SSLErr err;
+ SSLBuffer shaState, md5State, clientRandom,
+ serverRandom, shaHash, md5Hash, leader;
+ UInt8 *masterProgress, shaHashData[20], leaderData[3];
+ int i;
+
+ md5State.data = shaState.data = 0;
+ if ((err = SSLAllocBuffer(&md5State, SSLHashMD5.contextSize, &ctx->sysCtx)) != 0)
+ goto fail;
+ if ((err = SSLAllocBuffer(&shaState, SSLHashSHA1.contextSize, &ctx->sysCtx)) != 0)
+ goto fail;
+
+ clientRandom.data = ctx->clientRandom;
+ clientRandom.length = SSL_CLIENT_SRVR_RAND_SIZE;
+ serverRandom.data = ctx->serverRandom;
+ serverRandom.length = SSL_CLIENT_SRVR_RAND_SIZE;
+ shaHash.data = shaHashData;
+ shaHash.length = 20;
+
+ masterProgress = ctx->masterSecret;
+
+ for (i = 1; i <= 3; i++)
+ { if ((err = SSLHashMD5.init(md5State, ctx)) != 0)
+ goto fail;
+ if ((err = SSLHashSHA1.init(shaState, ctx)) != 0)
+ goto fail;
+
+ leaderData[0] = leaderData[1] = leaderData[2] = 0x40 + i; /* 'A', 'B', etc. */
+ leader.data = leaderData;
+ leader.length = i;
+
+ if ((err = SSLHashSHA1.update(shaState, leader)) != 0)
+ goto fail;
+ if ((err = SSLHashSHA1.update(shaState, ctx->preMasterSecret)) != 0)
+ goto fail;
+ if ((err = SSLHashSHA1.update(shaState, clientRandom)) != 0)
+ goto fail;
+ if ((err = SSLHashSHA1.update(shaState, serverRandom)) != 0)
+ goto fail;
+ if ((err = SSLHashSHA1.final(shaState, shaHash)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(md5State, ctx->preMasterSecret)) != 0)
+ goto fail;
+ if ((err = SSLHashMD5.update(md5State, shaHash)) != 0)
+ goto fail;
+ md5Hash.data = masterProgress;
+ md5Hash.length = 16;
+ if ((err = SSLHashMD5.final(md5State, md5Hash)) != 0)
+ goto fail;
+ masterProgress += 16;
+ }
+
+ err = SSLNoErr;
+fail:
+ SSLFreeBuffer(&shaState, &ctx->sysCtx);
+ SSLFreeBuffer(&md5State, &ctx->sysCtx);
+ return err;
+}
+
+/* common routine to compute a Mac for finished message and cert verify message */
+static SSLErr
+ssl3CalculateFinishedMessage(
+ SSLContext *ctx,
+ SSLBuffer finished, // mallocd by caller
+ SSLBuffer shaMsgState, // running total
+ SSLBuffer md5MsgState, // ditto
+ UInt32 senderID) // optional, nonzero for finished message
+{
+ SSLErr err;
+ SSLBuffer hash, input;
+ UInt8 sender[4], md5Inner[16], shaInner[20];
+
+ // assert(finished.length == 36);
+
+ if (senderID != 0) {
+ SSLEncodeInt(sender, senderID, 4);
+ input.data = sender;
+ input.length = 4;
+ if ((err = SSLHashMD5.update(md5MsgState, input)) != 0)
+ return err;
+ if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0)
+ return err;
+ }
+ input.data = ctx->masterSecret;
+ input.length = SSL_MASTER_SECRET_SIZE;
+ if ((err = SSLHashMD5.update(md5MsgState, input)) != 0)
+ return err;
+ if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0)
+ return err;
+ input.data = SSLMACPad1;
+ input.length = SSLHashMD5.macPadSize;
+ if ((err = SSLHashMD5.update(md5MsgState, input)) != 0)
+ return err;
+ input.length = SSLHashSHA1.macPadSize;
+ if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0)
+ return err;
+ hash.data = md5Inner;
+ hash.length = 16;
+ if ((err = SSLHashMD5.final(md5MsgState, hash)) != 0)
+ return err;
+ hash.data = shaInner;
+ hash.length = 20;
+ if ((err = SSLHashSHA1.final(shaMsgState, hash)) != 0)
+ return err;
+ if ((err = SSLHashMD5.init(md5MsgState, ctx)) != 0)
+ return err;
+ if ((err = SSLHashSHA1.init(shaMsgState, ctx)) != 0)
+ return err;
+ input.data = ctx->masterSecret;
+ input.length = SSL_MASTER_SECRET_SIZE;
+ if ((err = SSLHashMD5.update(md5MsgState, input)) != 0)
+ return err;
+ if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0)
+ return err;
+ input.data = SSLMACPad2;
+ input.length = SSLHashMD5.macPadSize;
+ if ((err = SSLHashMD5.update(md5MsgState, input)) != 0)
+ return err;
+ input.length = SSLHashSHA1.macPadSize;
+ if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0)
+ return err;
+ input.data = md5Inner;
+ input.length = 16;
+ if ((err = SSLHashMD5.update(md5MsgState, input)) != 0)
+ return err;
+ hash.data = finished.data;
+ hash.length = 16;
+ if ((err = SSLHashMD5.final(md5MsgState, hash)) != 0)
+ return err;
+ input.data = shaInner;
+ input.length = 20;
+ if ((err = SSLHashSHA1.update(shaMsgState, input)) != 0)
+ return err;
+ hash.data = finished.data + 16;
+ hash.length = 20;
+ if ((err = SSLHashSHA1.final(shaMsgState, hash)) != 0)
+ return err;
+ return SSLNoErr;
+}
+
+
+static SSLErr ssl3ComputeFinishedMac (
+ SSLContext *ctx,
+ SSLBuffer finished, // output - mallocd by caller
+ SSLBuffer shaMsgState, // clone of running digest of all handshake msgs
+ SSLBuffer md5MsgState, // ditto
+ Boolean isServer) // refers to message, not us
+{
+ return ssl3CalculateFinishedMessage(ctx, finished, shaMsgState, md5MsgState,
+ isServer ? SSL_Finished_Sender_Server : SSL_Finished_Sender_Client);
+}
+
+static SSLErr ssl3ComputeCertVfyMac (
+ SSLContext *ctx,
+ SSLBuffer finished, // output - mallocd by caller
+ SSLBuffer shaMsgState, // clone of running digest of all handshake msgs
+ SSLBuffer md5MsgState) // ditto
+{
+ return ssl3CalculateFinishedMessage(ctx, finished, shaMsgState, md5MsgState, 0);
+}
+
+const SslTlsCallouts Ssl3Callouts = {
+ ssl3DecryptRecord,
+ ssl3WriteRecord,
+ ssl3InitMac,
+ ssl3FreeMac,
+ ssl3ComputeMac,
+ ssl3GenerateKeyMaterial,
+ ssl3GenerateExportKeyAndIv,
+ ssl3GenerateMasterSecret,
+ ssl3ComputeFinishedMac,
+ ssl3ComputeCertVfyMac
+};
--- /dev/null
+
+/*
+ File: sslBER_Dummy.cpp
+
+ Contains: stubs of routines in sslBER.cpp to enable standalone
+ build for indexing purposes.
+
+ Written by: Doug Mitchell
+
+ Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
+
+*/
+
+#include "ssl.h"
+#include "sslalloc.h"
+#include "sslDebug.h"
+#include "sslBER.h"
+
+#include <string.h>
+
+/*
+ * Given a PKCS-1 encoded RSA public key, extract the
+ * modulus and public exponent.
+ *
+ * RSAPublicKey ::= SEQUENCE {
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER -- e }
+ */
+
+SSLErr sslDecodeRsaBlob(
+ const SSLBuffer *blob, /* PKCS-1 encoded */
+ SSLBuffer *modulus, /* data mallocd and RETURNED */
+ SSLBuffer *exponent) /* data mallocd and RETURNED */
+{
+ return SSLBadCert;
+}
+
+/*
+ * Given a raw modulus and exponent, cook up a
+ * BER-encoded RSA public key blob.
+ */
+SSLErr sslEncodeRsaBlob(
+ const SSLBuffer *modulus,
+ const SSLBuffer *exponent,
+ SSLBuffer *blob) /* data mallocd and RETURNED */
+{
+ return SSLMemoryErr;
+}
+
Contains: Apple Keychain routines
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
#include "sslDebug.h"
#include "sslKeychain.h"
#include "sslutil.h"
-
-#if ST_KEYCHAIN_ENABLE
-#include <Keychain.h>
-#include <KeychainPriv.h>
-#endif /* ST_KEYCHAIN_ENABLE */
-
#include <string.h>
+#include <assert.h>
+#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
+#include <Security/cssm.h>
+/* these are to be replaced by Security/Security.h */
+#include <Security/SecCertificate.h>
+#include <Security/SecKeychainItem.h>
+#include <Security/SecKeychain.h>
+#include <Security/SecIdentity.h>
+#include <Security/SecIdentitySearch.h>
+#include <Security/SecKey.h>
-#if ST_KEYCHAIN_ENABLE
+#if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS
static OSStatus
addCertData(
SSLContext *ctx,
KCItemRef kcItem,
CSSM_DATA_PTR certData,
Boolean *goodCert); /* RETURNED */
+#endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */
+
+#if (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION)
+#if ST_FAKE_KEYCHAIN
/*
- * Given a KCItemRef: is this item a cert?
+ * Routines which will be replaced by SecKeychainAPI.
*/
-static Boolean
-isItemACert(KCItemRef kcItem)
-{
- KCAttribute attr;
- FourCharCode itemClass;
- OSStatus ortn;
- UInt32 len;
+
+/*
+ * Given a DLDB, find the first private key in the DB. It's the application's
+ * responsibility to ensure that there is only one private key. The returned
+ * PrintName attribute will be used to search for an associated cert using
+ * TBD.
+ *
+ * Caller must free returned key and PrintName.
+ */
+static OSStatus
+findPrivateKeyInDb(
+ SSLContext *ctx,
+ CSSM_DL_DB_HANDLE dlDbHand,
+ CSSM_KEY_PTR *privKey, // mallocd and RETURNED
+ CSSM_DATA *printName) // referent mallocd and RETURNED
+{
+ CSSM_QUERY query;
+ CSSM_DB_UNIQUE_RECORD_PTR record = NULL;
+ CSSM_RETURN crtn;
+ CSSM_HANDLE resultHand;
+ CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs;
+ CSSM_DB_ATTRIBUTE_DATA theAttr;
+ CSSM_DB_ATTRIBUTE_INFO_PTR attrInfo = &theAttr.Info;
+ CSSM_DATA theData = {0, NULL};
+
+ /* search by record type, no predicates (though we do want the PrintName
+ * attr returned). */
+ query.RecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY;
+ query.Conjunctive = CSSM_DB_NONE;
+ query.NumSelectionPredicates = 0;
+ query.SelectionPredicate = NULL;
+ query.QueryLimits.TimeLimit = 0; // FIXME - meaningful?
+ query.QueryLimits.SizeLimit = 1; // FIXME - meaningful?
+ query.QueryFlags = CSSM_QUERY_RETURN_DATA; // FIXME - used?
+
+ recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY;
+ recordAttrs.SemanticInformation = 0;
+ recordAttrs.NumberOfAttributes = 1;
+ recordAttrs.AttributeData = &theAttr;
- attr.tag = kClassKCItemAttr;
- attr.length = sizeof(FourCharCode);
- attr.data = &itemClass;
+ attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ attrInfo->Label.AttributeName = "PrintName";
+ attrInfo->AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB;
- ortn = KCGetAttribute (kcItem, &attr, &len);
- if (ortn == noErr) {
- return((itemClass == kCertificateKCItemClass) ? true : false);
+ theAttr.NumberOfValues = 1;
+ theAttr.Value = NULL;
+
+ crtn = CSSM_DL_DataGetFirst(dlDbHand,
+ &query,
+ &resultHand,
+ &recordAttrs,
+ &theData,
+ &record);
+ /* terminate query only on success */
+ if(crtn == CSSM_OK) {
+ CSSM_DL_DataAbortQuery(dlDbHand, resultHand);
+ *privKey = (CSSM_KEY_PTR)theData.Data;
+ /*
+ * Both the struct and the referent are mallocd by DL. Give our
+ * caller the referent; free the struct.
+ */
+ *printName = *theAttr.Value;
+ stAppFree(theAttr.Value, NULL);
+ return noErr;
}
else {
- errorLog1("isItemACert: KCGetAttribute returned %d\n", ortn);
- return false;
+ stPrintCdsaError("CSSM_DL_DataGetFirst", crtn);
+ errorLog0("findCertInDb: cert not found\n");
+ return errSSLBadCert;
}
}
-#endif /* ST_KEYCHAIN_ENABLE */
+static OSStatus
+findCertInDb(
+ SSLContext *ctx,
+ CSSM_DL_DB_HANDLE dlDbHand,
+ const CSSM_DATA *printName, // obtained from findPrivateKeyInDb
+ CSSM_DATA *certData) // referent mallocd and RETURNED
+{
+ CSSM_QUERY query;
+ CSSM_SELECTION_PREDICATE predicate;
+ CSSM_DB_UNIQUE_RECORD_PTR record = NULL;
+ CSSM_RETURN crtn;
+ CSSM_HANDLE resultHand;
+
+ predicate.DbOperator = CSSM_DB_EQUAL;
+ predicate.Attribute.Info.AttributeNameFormat =
+ CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ predicate.Attribute.Info.Label.AttributeName = "PrintName";
+ predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB;
+ /* hope this const_cast is OK */
+ predicate.Attribute.Value = (CSSM_DATA_PTR)printName;
+ predicate.Attribute.NumberOfValues = 1;
-#if (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION)
+ query.RecordType = CSSM_DL_DB_RECORD_X509_CERTIFICATE;
+ query.Conjunctive = CSSM_DB_NONE;
+ query.NumSelectionPredicates = 1;
+ query.SelectionPredicate = &predicate;
+ query.QueryLimits.TimeLimit = 0; // FIXME - meaningful?
+ query.QueryLimits.SizeLimit = 1; // FIXME - meaningful?
+ query.QueryFlags = 0; // FIXME - used?
+
+ crtn = CSSM_DL_DataGetFirst(dlDbHand,
+ &query,
+ &resultHand,
+ NULL, // no attrs returned
+ certData,
+ &record);
+ /* terminate query only on success */
+ if(crtn == CSSM_OK) {
+ CSSM_DL_DataAbortQuery(dlDbHand, resultHand);
+ return noErr;
+ }
+ else {
+ stPrintCdsaError("CSSM_DL_DataGetFirst", crtn);
+ errorLog0("findCertInDb: cert not found\n");
+ return errSSLBadCert;
+ }
+}
+
+
+#endif /* ST_FAKE_KEYCHAIN */
/*
- * Given an array of certs (as KCItemRefs, specified by caller
+ * Given an array of certs (as SecIdentityRefs, specified by caller
* in SSLSetCertificate or SSLSetEncryptionCertificate) and a
* destination SSLCertificate:
*
* -- validate cert chain
* -- get pub, priv keys from certRef[0], store in *pubKey, *privKey
*/
+
+#if ST_FAKE_KEYCHAIN
+/*
+ * In this incarnation, the certs array actually holds one pointer to a
+ * CSSM_DL_DB_HANDLE. In that DL/DB is exactly one private key; that's
+ * our privKey. We use the KeyLabel of that key to look up a cert with
+ * the same label. We get the public key from the cert. Other certs and
+ * public keys in the DL/DB are ignored.
+ */
OSStatus
parseIncomingCerts(
SSLContext *ctx,
SSLCertificate **destCert, /* &ctx->{localCert,encryptCert} */
CSSM_KEY_PTR *pubKey, /* &ctx->signingPubKey, etc. */
CSSM_KEY_PTR *privKey, /* &ctx->signingPrivKey, etc. */
- CSSM_CSP_HANDLE *cspHand, /* &ctx->signingKeyCsp, etc. */
- KCItemRef *privKeyRef) /* &ctx->signingKeyRef, etc. */
+ CSSM_CSP_HANDLE *cspHand /* &ctx->signingKeyCsp, etc. */
+ #if ST_KC_KEYS_NEED_REF
+ ,
+ SecKeychainRef *privKeyRef) /* &ctx->signingKeyRef, etc. */
+ #else
+ )
+ #endif /* ST_KC_KEYS_NEED_REF */
{
+ CSSM_DL_DB_HANDLE_PTR dlDbHand = NULL;
CFIndex numCerts;
- CFIndex cert;
+ CSSM_KEY_PTR lookupPriv = NULL;
+ CSSM_DATA lookupLabel = {0, NULL};
+ CSSM_DATA lookupCert = {0, NULL};
+ OSStatus ortn;
SSLCertificate *certChain = NULL;
SSLCertificate *thisSslCert;
- KCItemRef kcItem;
- SSLBuffer *derSubjCert = NULL;
- UInt32 certLen;
- OSStatus ortn;
SSLErr srtn;
- FromItemGetPrivateKeyParams keyParams = {NULL, NULL};
- FromItemGetKeyInfoParams keyInfo = {NULL, NULL, 0};
- CSSM_CSP_HANDLE dummyCsp;
+ CSSM_CSP_HANDLE dummyCsp;
+
+ assert(ctx != NULL);
+ assert(destCert != NULL); /* though its referent may be NULL */
+ assert(pubKey != NULL);
+ assert(privKey != NULL);
+ assert(cspHand != NULL);
+
+ sslDeleteCertificateChain(*destCert, ctx);
+ *destCert = NULL;
+ *pubKey = NULL;
+ *privKey = NULL;
+ *cspHand = 0;
+
+ if(certs == NULL) {
+ dprintf0("parseIncomingCerts: NULL incoming cert (DLDB) array\n");
+ return errSSLBadCert;
+ }
+ numCerts = CFArrayGetCount(certs);
+ if(numCerts != 1) {
+ dprintf0("parseIncomingCerts: empty incoming cert (DLDB) array\n");
+ return errSSLBadCert;
+ }
+ dlDbHand = (CSSM_DL_DB_HANDLE_PTR)CFArrayGetValueAtIndex(certs, 0);
+ if(dlDbHand == NULL) {
+ errorLog0("parseIncomingCerts: bad cert (DLDB) array\n");
+ return paramErr;
+ }
+
+ /* get private key - app has to ensure there is only one (for now) */
+ ortn = findPrivateKeyInDb(ctx, *dlDbHand, &lookupPriv, &lookupLabel);
+ if(ortn) {
+ errorLog0("parseIncomingCerts: no private key\n");
+ return ortn;
+ }
+ assert(lookupPriv->KeyHeader.BlobType == CSSM_KEYBLOB_REFERENCE);
+ assert(lookupPriv->KeyHeader.KeyClass == CSSM_KEYCLASS_PRIVATE_KEY);
+
+ /* get associated cert */
+ ortn = findCertInDb(ctx, *dlDbHand, &lookupLabel, &lookupCert);
+ if(ortn) {
+ errorLog0("parseIncomingCerts: no cert\n");
+ return ortn;
+ }
+ sslFree(lookupLabel.Data);
+ assert(lookupCert.Length > 100); // quickie check
+
+ /*
+ * Cook up an SSLCertificate and its associated SSLBuffer.
+ */
+ thisSslCert = sslMalloc(sizeof(SSLCertificate));
+ if(thisSslCert == NULL) {
+ return memFullErr;
+ }
+ if(SSLAllocBuffer(&thisSslCert->derCert, lookupCert.Length, &ctx->sysCtx)) {
+ return memFullErr;
+ }
+
+ /* copy cert data mallocd by DL */
+ memmove(thisSslCert->derCert.data, lookupCert.Data, lookupCert.Length);
+ sslFree(lookupCert.Data);
+
+ /* enqueue onto head of cert chain */
+ thisSslCert->next = certChain;
+ certChain = thisSslCert;
+
+ /* TBD - we might fetch other certs from CFArrayRef certs here and enqueue
+ * them on certChain */
+
+ /* now the public key of the first cert, from CL */
+ srtn = sslPubKeyFromCert(ctx,
+ &certChain->derCert,
+ pubKey,
+ &dummyCsp);
+ if(srtn) {
+ errorLog1("sslPubKeyFromCert returned %d\n", srtn);
+ ortn = sslErrToOsStatus(srtn);
+ goto errOut;
+ }
+ assert((*pubKey)->KeyHeader.BlobType == CSSM_KEYBLOB_RAW);
+ assert((*pubKey)->KeyHeader.KeyClass == CSSM_KEYCLASS_PUBLIC_KEY);
+
+ /*
+ * NOTE: as of 2/7/02, the size of the extracted public key will NOT
+ * always equal the size of the private key. Non-byte-aligned key sizes
+ * for RSA keys result in the extracted public key's size to be rounded
+ * UP to the next byte boundary.
+ */
+ assert((*pubKey)->KeyHeader.LogicalKeySizeInBits ==
+ ((lookupPriv->KeyHeader.LogicalKeySizeInBits + 7) & ~7));
+
+ /* SUCCESS */
+ *destCert = certChain;
+ *privKey = lookupPriv;
+
+ /* we get this at context create time */
+ assert(ctx->cspDlHand != 0);
+ *cspHand = ctx->cspDlHand;
+ *privKeyRef = NULL; // not used
+ return noErr;
+
+errOut:
+ /* free certChain, everything in it, other vars, return ortn */
+ sslDeleteCertificateChain(certChain, ctx);
+ if(lookupPriv != NULL) {
+ sslFreeKey(ctx->cspDlHand, &lookupPriv, NULL);
+ }
+ return ortn;
+}
+
+#else /* !ST_FAKE_KEYCHAIN */
+
+/* Convert a SecCertificateRef to an SSLCertificate * */
+static OSStatus secCertToSslCert(
+ SSLContext *ctx,
+ SecCertificateRef certRef,
+ SSLCertificate **sslCert)
+{
+ CSSM_DATA certData; // struct is transient, referent owned by
+ // Sec layer
+ OSStatus ortn;
+ SSLCertificate *thisSslCert = NULL;
+
+ ortn = SecCertificateGetData(certRef, &certData);
+ if(ortn) {
+ errorLog1("SecCertificateGetData() returned %d\n", (int)ortn);
+ return ortn;
+ }
+
+ thisSslCert = sslMalloc(sizeof(SSLCertificate));
+ if(thisSslCert == NULL) {
+ return memFullErr;
+ }
+ if(SSLAllocBuffer(&thisSslCert->derCert, certData.Length,
+ &ctx->sysCtx)) {
+ return memFullErr;
+ }
+ memcpy(thisSslCert->derCert.data, certData.Data, certData.Length);
+ thisSslCert->derCert.length = certData.Length;
+ *sslCert = thisSslCert;
+ return noErr;
+}
+
+OSStatus
+parseIncomingCerts(
+ SSLContext *ctx,
+ CFArrayRef certs,
+ SSLCertificate **destCert, /* &ctx->{localCert,encryptCert} */
+ CSSM_KEY_PTR *pubKey, /* &ctx->signingPubKey, etc. */
+ CSSM_KEY_PTR *privKey, /* &ctx->signingPrivKey, etc. */
+ CSSM_CSP_HANDLE *cspHand /* &ctx->signingKeyCsp, etc. */
+ #if ST_KC_KEYS_NEED_REF
+ ,
+ SecKeychainRef *privKeyRef) /* &ctx->signingKeyRef, etc. */
+ #else
+ )
+ #endif /* ST_KC_KEYS_NEED_REF */
+{
+ CFIndex numCerts;
+ CFIndex cert;
+ SSLCertificate *certChain = NULL;
+ SSLCertificate *thisSslCert;
+ SecKeychainRef kcRef;
+ OSStatus ortn;
+ SSLErr srtn;
+ SecIdentityRef identity;
+ SecCertificateRef certRef;
+ SecKeyRef keyRef;
+ CSSM_DATA certData;
+ CSSM_CL_HANDLE clHand; // carefully derive from a SecCertificateRef
+ CSSM_RETURN crtn;
CASSERT(ctx != NULL);
CASSERT(destCert != NULL); /* though its referent may be NULL */
CASSERT(pubKey != NULL);
CASSERT(privKey != NULL);
CASSERT(cspHand != NULL);
- CASSERT(privKeyRef != NULL);
sslDeleteCertificateChain(*destCert, ctx);
*destCert = NULL;
}
/*
- * Convert: CFArray of KCItemRefs --> chain of SSLCertificates.
+ * Certs[0] is an SecIdentityRef from which we extract subject cert,
+ * privKey, pubKey, and cspHand.
+ *
+ * 1. ensure the first element is a SecIdentityRef.
+ */
+ identity = (SecIdentityRef)CFArrayGetValueAtIndex(certs, 0);
+ if(identity == NULL) {
+ errorLog0("parseIncomingCerts: bad cert array (1)\n");
+ return paramErr;
+ }
+ if(CFGetTypeID(identity) != SecIdentityGetTypeID()) {
+ errorLog0("parseIncomingCerts: bad cert array (2)\n");
+ return paramErr;
+ }
+
+ /*
+ * 2. Extract cert, keys, CSP handle and convert to local format.
+ */
+ ortn = SecIdentityCopyCertificate(identity, &certRef);
+ if(ortn) {
+ errorLog0("parseIncomingCerts: bad cert array (3)\n");
+ return ortn;
+ }
+ ortn = secCertToSslCert(ctx, certRef, &thisSslCert);
+ if(ortn) {
+ errorLog0("parseIncomingCerts: bad cert array (4)\n");
+ return ortn;
+ }
+ /* enqueue onto head of cert chain */
+ thisSslCert->next = certChain;
+ certChain = thisSslCert;
+
+ /* fetch private key from identity */
+ ortn = SecIdentityCopyPrivateKey(identity, &keyRef);
+ if(ortn) {
+ errorLog1("parseIncomingCerts: SecIdentityCopyPrivateKey err %d\n",
+ (int)ortn);
+ return ortn;
+ }
+ ortn = SecKeyGetCSSMKey(keyRef, (const CSSM_KEY **)privKey);
+ if(ortn) {
+ errorLog1("parseIncomingCerts: SecKeyGetCSSMKey err %d\n",
+ (int)ortn);
+ return ortn;
+ }
+ /* FIXME = release keyRef? */
+
+ /* obtain public key from cert */
+ ortn = SecCertificateGetCLHandle(certRef, &clHand);
+ if(ortn) {
+ errorLog1("parseIncomingCerts: SecCertificateGetCLHandle err %d\n",
+ (int)ortn);
+ return ortn;
+ }
+ certData.Data = thisSslCert->derCert.data;
+ certData.Length = thisSslCert->derCert.length;
+ crtn = CSSM_CL_CertGetKeyInfo(clHand, &certData, pubKey);
+ if(crtn) {
+ errorLog0("parseIncomingCerts: CSSM_CL_CertGetKeyInfo err\n");
+ return (OSStatus)crtn;
+ }
+
+ #if ST_FAKE_GET_CSPDL_HANDLE
+ /* we get this at context create time until SecKeychainGetCSPHandle
+ * is working */
+ assert(ctx->cspDlHand != 0);
+ *cspHand = ctx->cspDlHand;
+ #else /* ST_FAKE_GET_CSPDL_HANDLE */
+ /* obtain keychain from key, CSP handle from keychain */
+ ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)keyRef, &kcRef);
+ if(ortn) {
+ errorLog1("parseIncomingCerts: SecKeychainItemCopyKeychain err %d\n",
+ (int)ortn);
+ return ortn;
+ }
+ ortn = SecKeychainGetCSPHandle(kcRef, cspHand);
+ if(ortn) {
+ errorLog1("parseIncomingCerts: SecKeychainGetCSPHandle err %d\n",
+ (int)ortn);
+ return ortn;
+ }
+ #endif /* ST_FAKE_GET_CSPDL_HANDLE */
+
+ /* OK, that's the subject cert. Fetch optional remaining certs. */
+ /*
+ * Convert: CFArray of SecCertificateRefs --> chain of SSLCertificates.
* Incoming certs have root last; SSLCertificate chain has root
* first.
*/
- for(cert=0; cert<numCerts; cert++) {
- kcItem = (KCItemRef)CFArrayGetValueAtIndex(certs, cert);
- if(kcItem == NULL) {
- errorLog0("parseIncomingCerts: bad cert array\n");
+ for(cert=1; cert<numCerts; cert++) {
+ certRef = (SecCertificateRef)CFArrayGetValueAtIndex(certs, cert);
+ if(certRef == NULL) {
+ errorLog0("parseIncomingCerts: bad cert array (5)\n");
return paramErr;
}
- if(!isItemACert(kcItem)) {
- /* client app error, not ours */
+ if(CFGetTypeID(certRef) != SecCertificateGetTypeID()) {
+ errorLog0("parseIncomingCerts: bad cert array (6)\n");
return paramErr;
}
- /*
- * OK, cook up an SSLCertificate and its associated SSLBuffer.
- * First the size of the actual cert data...
- */
- ortn = KCGetData(kcItem, 0, NULL, &certLen);
- if(ortn != noErr) {
- errorLog1("parseIncomingCerts: KCGetData(1) returned %d\n", ortn);
- return ortn;
- }
- thisSslCert = sslMalloc(sizeof(SSLCertificate));
- if(thisSslCert == NULL) {
- return memFullErr;
- }
- if(SSLAllocBuffer(&thisSslCert->derCert, certLen, &ctx->sysCtx)) {
- return memFullErr;
- }
-
- /* now the data itself */
- ortn = KCGetData (kcItem,
- certLen,
- thisSslCert->derCert.data,
- &certLen);
+ /* Extract cert, convert to local format.
+ */
+ ortn = secCertToSslCert(ctx, certRef, &thisSslCert);
if(ortn) {
- errorLog1("parseIncomingCerts: KCGetData(2) returned %d\n", ortn);
- SSLFreeBuffer(&thisSslCert->derCert, &ctx->sysCtx);
+ errorLog0("parseIncomingCerts: bad cert array (7)\n");
return ortn;
}
-
/* enqueue onto head of cert chain */
thisSslCert->next = certChain;
certChain = thisSslCert;
-
- if(derSubjCert == NULL) {
- /* Save this ptr for obtaining public key */
- derSubjCert = &thisSslCert->derCert;
- }
}
/* validate the whole mess */
ortn = sslErrToOsStatus(srtn);
goto errOut;
}
-
- /*
- * Get privKey, pubKey, KCItem of certs[0].
- * First, the private key, from the Keychain, using crufy private API.
- */
- keyParams.item = (KCItemRef)CFArrayGetValueAtIndex(certs, 0);
- ortn = KCDispatch(kKCFromItemGetPrivateKey, &keyParams);
- if(ortn) {
- errorLog1("KCDispatch(kKCFromItemGetPrivateKey) returned %d\n", ortn);
- goto errOut;
- }
- keyInfo.item = keyParams.privateKeyItem;
- ortn = KCDispatch(kKCFromItemGetKeyInfo, &keyInfo);
- if(ortn) {
- errorLog1("KCDispatch(kKCFromItemGetKeyInfo) returned %d\n", ortn);
- goto errOut;
- }
- *privKey = (CSSM_KEY_PTR)keyInfo.keyPtr;
- *cspHand = keyInfo.cspHandle;
- *privKeyRef = keyParams.privateKeyItem;
-
- /* now the public key, from CL */
- /* FIXME - what if this CSP differs from the one we got from KC??? */
- srtn = sslPubKeyFromCert(ctx,
- derSubjCert,
- pubKey,
- &dummyCsp);
- if(srtn) {
- errorLog1("sslPubKeyFromCert returned %d\n", srtn);
- ortn = sslErrToOsStatus(srtn);
- goto errOut;
- }
-
+
/* SUCCESS */
*destCert = certChain;
return noErr;
errOut:
/* free certChain, everything in it, other vars, return ortn */
sslDeleteCertificateChain(certChain, ctx);
- if(keyInfo.keyPtr != NULL) {
- sslFreeKey(keyInfo.cspHandle, &keyInfo.keyPtr, NULL);
- }
- if(keyParams.privateKeyItem != NULL) {
- KCReleaseItem(&keyParams.privateKeyItem);
- }
+ /* FIXME - anything else? */
return ortn;
}
+#endif /* ST_FAKE_KEYCHAIN */
#endif /* (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION) */
/*
*/
OSStatus addBuiltInCerts (SSLContextRef ctx)
{
- #if ST_KEYCHAIN_ENABLE
+ #if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS
OSStatus ortn;
KCRef kc = nil;
#else
/* nothing for now */
return noErr;
- #endif /* ST_KEYCHAIN_ENABLE */
+ #endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */
}
-#if ST_KEYCHAIN_ENABLE
+#if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS
/*
* Given an open Keychain:
}
/*
- * Given a cert as a KCItemRef:
+ * Given a (supposedly) root cert as a KCItemRef:
* -- verify that the cert self-verifies
* -- add its DER-encoded data *certData.
* -- Add its subjectName to acceptableDNList.
return SSLNoErr;
}
-#endif /* ST_KEYCHAIN_ENABLE */
+#endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */
#include "sslDebug.h"
#endif
+#include <assert.h>
+
SSLErr
SSLProcessAlert(SSLRecord rec, SSLContext *ctx)
{ SSLErr err = SSLNoErr;
*/
if (level == alert_fatal)
{
- SSLDeleteSessionID(ctx);
+ SSLDeleteSessionData(ctx);
dprintf1("***Fatal alert %d received", desc);
return SSLFatalAlert;
}
/* These must always be fatal; if we got here, the level is warning;
* die anyway
*/
- SSLDeleteSessionID(ctx);
+ SSLDeleteSessionData(ctx);
err = SSLFatalAlert;
break;
case alert_close_notify:
{ SSLRecord rec;
SSLErr err;
- CASSERT((ctx->negProtocolVersion == SSL_Version_3_0) ||
- (ctx->negProtocolVersion == SSL_Version_Undetermined) ||
- (ctx->negProtocolVersion == SSL_Version_3_0_Only));
+ CASSERT((ctx->negProtocolVersion != SSL_Version_2_0));
if ((err = SSLEncodeAlert(&rec, level, desc, ctx)) != 0)
return err;
- if ((err = SSLWriteRecord(rec, ctx)) != 0)
+ assert(ctx->sslTslCalls != NULL);
+ if ((err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0)
return err;
if ((err = SSLFreeBuffer(&rec.contents, &ctx->sysCtx)) != 0)
return err;
{ SSLErr err;
rec->contentType = SSL_alert;
- rec->protocolVersion = SSL_Version_3_0;
+ CASSERT((ctx->negProtocolVersion != SSL_Version_2_0));
+ if(ctx->negProtocolVersion == SSL_Version_Undetermined) {
+ /* error while negotiating */
+ rec->protocolVersion = ctx->maxProtocolVersion;
+ }
+ else {
+ rec->protocolVersion = ctx->negProtocolVersion;
+ }
rec->contents.length = 2;
if ((err = SSLAllocBuffer(&rec->contents, 2, &ctx->sysCtx)) != 0)
return err;
/* Make session unresumable; I'm not stopping if I get an error,
because I'd like to attempt to send the alert anyway */
- err1 = SSLDeleteSessionID(ctx);
+ err1 = SSLDeleteSessionData(ctx);
/* Second, send the alert */
err2 = SSLSendAlert(alert_fatal, desc, ctx);
Contains: memory allocator implementation
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
#include "sslctx.h"
#include "sslDebug.h"
-#ifdef _APPLE_CDSA_
-
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
-#pragma mark *** CF Allocators ***
-
-/* copied from CSSMCFUtilities in the AppleCSP:CSPLib project.... */
-
-static void* cfAllocate(CFIndex size, CFOptionFlags hint, void *info)
-{
- return sslMalloc((Size)size);
-}
-
-static void* cfReallocate(void *ptr, CFIndex newsize, CFOptionFlags hint, void *info)
-{
- return sslRealloc(ptr, (Size)newsize, (Size)newsize);
-}
-
-static void cfDeallocate(void *ptr, void *info)
-{
- sslFree(ptr);
-}
-
-/*
- * Set up/tear down CF allocators.
- */
-OSStatus cfSetUpAllocators(SSLContext *ctx)
-{
- /* Initialize gCFAllocatorContext with the system default
- allocator context. */
- CFAllocatorGetContext(kCFAllocatorSystemDefault, &ctx->lCFAllocatorContext);
-
- ctx->lCFAllocatorContext.allocate = cfAllocate;
- ctx->lCFAllocatorContext.reallocate = cfReallocate;
- ctx->lCFAllocatorContext.deallocate = cfDeallocate;
-
- ctx->cfAllocatorRef = CFAllocatorCreate(kCFAllocatorUseContext,
- &ctx->lCFAllocatorContext);
- if (!ctx->cfAllocatorRef)
- return memFullErr;
-
- return noErr;
-}
-
-void cfTearDownAllocators(SSLContext *ctx)
-{
- if (ctx->cfAllocatorRef != NULL)
- CFRelease(ctx->cfAllocatorRef);
-}
-
#pragma mark *** Basic low-level malloc/free ***
/*
return realloc(oldPtr, newLen);
}
-#endif
-
#pragma mark *** SSLBuffer-level alloc/free ***
-SSLErr
-SSLAllocBuffer(SSLBuffer *buf, UInt32 length, const SystemContext *ctx)
+SSLErr SSLAllocBuffer(
+ SSLBuffer *buf,
+ UInt32 length,
+ const SystemContext *ctx)
{
buf->data = sslMalloc(length);
if(buf->data == NULL) {
memmove(dst, src, len);
return dst;
}
+
+SSLErr SSLAllocCopyBuffer(
+ const SSLBuffer *src,
+ SSLBuffer **dst) // buffer and data mallocd and returned
+{
+ SSLErr serr;
+
+ SSLBuffer *rtn = sslMalloc(sizeof(SSLBuffer));
+ if(rtn == NULL) {
+ return SSLMemoryErr;
+ }
+ serr = SSLCopyBuffer(src, rtn);
+ if(serr) {
+ sslFree(rtn);
+ }
+ else {
+ *dst = rtn;
+ }
+ return serr;
+}
+
+SSLErr SSLCopyBuffer(
+ const SSLBuffer *src,
+ SSLBuffer *dst) // data mallocd and returned
+{
+ dst->data = sslAllocCopy(src->data, src->length);
+ if(dst->data == NULL) {
+ return SSLMemoryErr;
+ }
+ dst->length = src->length;
+ return SSLNoErr;
+}
Contains: SSLContext accessors
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
#include "sslKeychain.h"
#include "sslutil.h"
#include "cipherSpecs.h"
-
+#include "appleSession.h"
#include <string.h>
+#include <Security/SecCertificate.h>
static void sslFreeDnList(
SSLContext *ctx)
return SSLNoErr;
}
+/*
+ * Default attempted version.
+ */
+#define DEFAULT_MAX_VERSION TLS_Version_1_0
+
OSStatus
SSLNewContext (Boolean isServer,
SSLContextRef *contextPtr) /* RETURNED */
/* different defaults for client and server ... */
if(isServer) {
ctx->protocolSide = SSL_ServerSide;
- ctx->reqProtocolVersion = SSL_Version_3_0;
+ ctx->reqProtocolVersion = DEFAULT_MAX_VERSION;
}
else {
ctx->protocolSide = SSL_ClientSide;
ctx->reqProtocolVersion = SSL_Version_Undetermined;
}
ctx->negProtocolVersion = SSL_Version_Undetermined;
+ ctx->maxProtocolVersion = DEFAULT_MAX_VERSION;
+ /* Default value so we can send and receive hello msgs */
+ ctx->sslTslCalls = &Ssl3Callouts;
/* Initialize the cipher state to NULL_WITH_NULL_NULL */
- ctx->selectedCipherSpec = &SSL_NULL_WITH_NULL_NULL_CipherSpec;
- ctx->selectedCipher = ctx->selectedCipherSpec->cipherSpec;
- ctx->writeCipher.hash = ctx->selectedCipherSpec->macAlgorithm;
- ctx->readCipher.hash = ctx->selectedCipherSpec->macAlgorithm;
- ctx->readCipher.symCipher = ctx->selectedCipherSpec->cipher;
+ ctx->selectedCipherSpec = &SSL_NULL_WITH_NULL_NULL_CipherSpec;
+ ctx->selectedCipher = ctx->selectedCipherSpec->cipherSpec;
+ ctx->writeCipher.macRef = ctx->selectedCipherSpec->macAlgorithm;
+ ctx->readCipher.macRef = ctx->selectedCipherSpec->macAlgorithm;
+ ctx->readCipher.symCipher = ctx->selectedCipherSpec->cipher;
ctx->writeCipher.symCipher = ctx->selectedCipherSpec->cipher;
- #if _APPLE_CDSA_
/* these two are invariant */
ctx->writeCipher.encrypting = 1;
ctx->writePending.encrypting = 1;
- #endif /* _APPLE_CDSA_ */
/* this gets init'd on first call to SSLHandshake() */
ctx->validCipherSpecs = NULL;
ctx->numValidCipherSpecs = 0;
+ ctx->peerDomainName = NULL;
+ ctx->peerDomainNameLen = 0;
+
SSLInitMACPads();
- if(cfSetUpAllocators(ctx)) {
- oerr = memFullErr;
- goto errOut;
- }
/* attach to CSP, CL, TP */
serr = attachToAll(ctx);
SSLFreeBuffer(&ctx->dhExchangePublic, &ctx->sysCtx);
SSLFreeBuffer(&ctx->dhPrivate, &ctx->sysCtx);
- SSLFreeBuffer(&ctx->shaState, &ctx->sysCtx);
- SSLFreeBuffer(&ctx->md5State, &ctx->sysCtx);
+ CloseHash(&SSLHashSHA1, &ctx->shaState, ctx);
+ CloseHash(&SSLHashMD5, &ctx->md5State, ctx);
SSLFreeBuffer(&ctx->sessionID, &ctx->sysCtx);
SSLFreeBuffer(&ctx->peerID, &ctx->sysCtx);
SSLFreeBuffer(&ctx->fragmentedMessageCache, &ctx->sysCtx);
SSLFreeBuffer(&ctx->receivedDataBuffer, &ctx->sysCtx);
+ if(ctx->peerDomainName) {
+ sslFree(ctx->peerDomainName);
+ ctx->peerDomainName = NULL;
+ ctx->peerDomainNameLen = 0;
+ }
SSLDisposeCipherSuite(&ctx->readCipher, ctx);
SSLDisposeCipherSuite(&ctx->writeCipher, ctx);
SSLDisposeCipherSuite(&ctx->readPending, ctx);
ctx->numValidCipherSpecs = 0;
/* free APPLE_CDSA stuff */
- #if ST_KEYCHAIN_ENABLE
+ #if 0
+ /* As of 5/3/02, we don't need to free these keys; they belong
+ * to SecKeychain */
+ #if ST_KEYCHAIN_ENABLE && ST_KC_KEYS_NEED_REF
sslFreeKey(ctx->signingKeyCsp, &ctx->signingPrivKey, &ctx->signingKeyRef);
sslFreeKey(ctx->encryptKeyCsp, &ctx->encryptPrivKey, &ctx->encryptKeyRef);
#else
- sslFreeKey(ctx->signingKeyCsp, &ctx->signingPrivKey, NULL);
- sslFreeKey(ctx->encryptKeyCsp, &ctx->encryptPrivKey, NULL);
- #endif /* ST_KEYCHAIN_ENABLE */
+ sslFreeKey(ctx->signingKeyCsp, (CSSM_KEY_PTR *)&ctx->signingPrivKey, NULL);
+ sslFreeKey(ctx->encryptKeyCsp, (CSSM_KEY_PTR *)&ctx->encryptPrivKey, NULL);
+ #endif /* ST_KEYCHAIN_ENABLE && ST_KC_KEYS_NEED_REF */
+ #endif /* 0 */
+
+ /*
+ * NOTE: currently, all public keys come from the CL via CSSM_CL_CertGetKeyInfo.
+ * We really don't know what CSP the CL used to generate a public key (in fact,
+ * it uses the raw CSP only to get LogicalKeySizeInBits, but we can't know
+ * that). Thus using e.g. signingKeyCsp (or any other CSP) to free
+ * signingPubKey is not tecnically accurate. However, our public keys
+ * are all raw keys, and all Apple CSPs dispose of raw keys in the same
+ * way.
+ */
sslFreeKey(ctx->signingKeyCsp, &ctx->signingPubKey, NULL);
sslFreeKey(ctx->encryptKeyCsp, &ctx->encryptPubKey, NULL);
sslFreeKey(ctx->peerPubKeyCsp, &ctx->peerPubKey, NULL);
detachFromAll(ctx);
- cfTearDownAllocators(ctx);
memset(ctx, 0, sizeof(SSLContext));
sslFree(ctx);
- return noErr;
+ sslCleanupSession();
+ return noErr;
}
/*
return noErr;
}
+OSStatus
+SSLSetPeerDomainName (SSLContextRef ctx,
+ const char *peerName,
+ size_t peerNameLen)
+{
+ if(ctx == NULL) {
+ return paramErr;
+ }
+ if(sslIsSessionActive(ctx)) {
+ /* can't do this with an active session */
+ return badReqErr;
+ }
+
+ /* free possible existing name */
+ if(ctx->peerDomainName) {
+ sslFree(ctx->peerDomainName);
+ }
+
+ /* copy in */
+ ctx->peerDomainName = sslMalloc(peerNameLen);
+ if(ctx->peerDomainName == NULL) {
+ return memFullErr;
+ }
+ memmove(ctx->peerDomainName, peerName, peerNameLen);
+ ctx->peerDomainNameLen = peerNameLen;
+ return noErr;
+}
+
+/*
+ * Determine the buffer size needed for SSLGetPeerDomainName().
+ */
+OSStatus
+SSLGetPeerDomainNameLength (SSLContextRef ctx,
+ size_t *peerNameLen) // RETURNED
+{
+ if(ctx == NULL) {
+ return paramErr;
+ }
+ *peerNameLen = ctx->peerDomainNameLen;
+ return noErr;
+}
+
+OSStatus
+SSLGetPeerDomainName (SSLContextRef ctx,
+ char *peerName, // returned here
+ size_t *peerNameLen) // IN/OUT
+{
+ if(ctx == NULL) {
+ return paramErr;
+ }
+ if(*peerNameLen < ctx->peerDomainNameLen) {
+ return errSSLBufferOverflow;
+ }
+ memmove(peerName, ctx->peerDomainName, ctx->peerDomainNameLen);
+ *peerNameLen = ctx->peerDomainNameLen;
+ return noErr;
+}
+
OSStatus
SSLSetProtocolVersion (SSLContextRef ctx,
SSLProtocol version)
{
SSLProtocolVersion versInt;
+ SSLProtocolVersion versMax;
if(ctx == NULL) {
return paramErr;
switch(version) {
case kSSLProtocolUnknown:
versInt = SSL_Version_Undetermined;
+ versMax = DEFAULT_MAX_VERSION;
break;
case kSSLProtocol2:
- versInt = SSL_Version_2_0;
+ versInt = versMax = SSL_Version_2_0;
break;
case kSSLProtocol3:
/* this tells us to do our best but allows 2.0 */
versInt = SSL_Version_Undetermined;
+ versMax = SSL_Version_3_0;
break;
case kSSLProtocol3Only:
versInt = SSL_Version_3_0_Only;
+ versMax = SSL_Version_3_0;
+ break;
+ case kTLSProtocol1:
+ /* this tells us to do our best but allows 2.0 */
+ versInt = SSL_Version_Undetermined;
+ versMax = TLS_Version_1_0;
+ break;
+ case kTLSProtocol1Only:
+ versInt = TLS_Version_1_0_Only;
+ versMax = TLS_Version_1_0;
break;
default:
return paramErr;
}
ctx->reqProtocolVersion = ctx->negProtocolVersion = versInt;
+ ctx->maxProtocolVersion = versMax;
return noErr;
}
return kSSLProtocol2;
case SSL_Version_3_0:
return kSSLProtocol3;
+ case TLS_Version_1_0_Only:
+ return kTLSProtocol1Only;
+ case TLS_Version_1_0:
+ return kTLSProtocol1;
+ /* this can happen in an intermediate state while negotiation
+ * is in progress...right? */
case SSL_Version_3_0_With_2_0_Hello:
- sslPanic("How did we get SSL_Version_3_0_With_2_0_Hello?");
+ return kSSLProtocolUnknown;
default:
sslPanic("convertProtToExtern: bad prot");
}
}
OSStatus
-SSLSetAllowExpiredCerts (SSLContextRef ctx,
+SSLSetAllowsExpiredCerts(SSLContextRef ctx,
Boolean allowExpired)
{
if(ctx == NULL) {
}
OSStatus
-SSLGetAllowExpiredCerts (SSLContextRef ctx,
+SSLGetAllowsExpiredCerts (SSLContextRef ctx,
Boolean *allowExpired)
{
if(ctx == NULL) {
return noErr;
}
-OSStatus SSLSetAllowAnyRoot(
+OSStatus SSLSetAllowsAnyRoot(
SSLContextRef ctx,
Boolean anyRoot)
{
}
OSStatus
-SSLGetAllowAnyRoot(
+SSLGetAllowsAnyRoot(
SSLContextRef ctx,
Boolean *anyRoot)
{
&ctx->localCert,
&ctx->signingPubKey,
&ctx->signingPrivKey,
- &ctx->signingKeyCsp,
- &ctx->signingKeyRef);
+ &ctx->signingKeyCsp
+ #if ST_KC_KEYS_NEED_REF
+ ,
+ &ctx->signingKeyRef
+ #else
+ );
+ #endif
}
#endif /* (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION) */
&ctx->encryptCert,
&ctx->encryptPubKey,
&ctx->encryptPrivKey,
- &ctx->encryptKeyCsp,
+ &ctx->encryptKeyCsp
+ #if ST_KC_KEYS_NEED_REF
+ ,
&ctx->encryptKeyRef);
+ #else
+ );
+ #endif
}
#endif /* ST_SERVER_MODE_ENABLE*/
-#if ST_KEYCHAIN_ENABLE
+#if ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS
/*
* Add (optional, additional) trusted root certs.
ctx->accessCreds = accessCreds;
return noErr;
}
-#endif /* ST_KEYCHAIN_ENABLE */
+#endif /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */
OSStatus
SSLSetPeerID (SSLContext *ctx,
- CFDataRef peerID)
+ const void *peerID,
+ size_t peerIDLen)
{
SSLErr serr;
- uint32 len;
/* copy peerId to context->peerId */
if((ctx == NULL) ||
(peerID == NULL) ||
- ((len = CFDataGetLength(peerID)) == 0)) {
+ (peerIDLen == 0)) {
return paramErr;
}
if(sslIsSessionActive(ctx)) {
return badReqErr;
}
SSLFreeBuffer(&ctx->peerID, &ctx->sysCtx);
- serr = SSLAllocBuffer(&ctx->peerID, len, &ctx->sysCtx);
+ serr = SSLAllocBuffer(&ctx->peerID, peerIDLen, &ctx->sysCtx);
if(serr) {
return sslErrToOsStatus(serr);
}
- memmove(ctx->peerID.data, CFDataGetBytePtr(peerID), len);
- ctx->peerID.length = len;
+ memmove(ctx->peerID.data, peerID, peerIDLen);
+ return noErr;
+}
+
+OSStatus
+SSLGetPeerID (SSLContextRef ctx,
+ const void **peerID,
+ size_t *peerIDLen)
+{
+ *peerID = ctx->peerID.data; // may be NULL
+ *peerIDLen = ctx->peerID.length;
return noErr;
}
* it's used and sent to a client in SSLEncodeCertificateRequest();
* but the list is never used to decide what certs to send!
*
- * Also FIXME - this allocation of dnBufs is total horseshit. The
+ * Also FIXME - this allocation of dnBufs is preposterous. The
* SSLBufs can never get freed. Why not just allocate the
* raw DNListElems? Sheesh.
*/
uint32 numCerts;
CFMutableArrayRef ca;
CFIndex i;
- CFDataRef cfd;
+ SecCertificateRef cfd;
+ OSStatus ortn;
+ CSSM_DATA certData;
SSLCertificate *scert;
if(ctx == NULL) {
if(numCerts == 0) {
return noErr;
}
- ca = CFArrayCreateMutable(ctx->cfAllocatorRef,
+ ca = CFArrayCreateMutable(kCFAllocatorDefault,
(CFIndex)numCerts, &kCFTypeArrayCallBacks);
if(ca == NULL) {
return memFullErr;
}
/*
- * We'll give the certs in the same order we store them -
- * caller gets root first. OK?
+ * Caller gets leaf cert first, the opposite of the way we store them.
*/
scert = ctx->peerCert;
for(i=0; i<numCerts; i++) {
CASSERT(scert != NULL); /* else SSLGetCertificateChainLength
* broken */
- cfd = CFDataCreate(ctx->cfAllocatorRef,
- scert->derCert.data,
- scert->derCert.length);
- if(cfd == NULL) {
+ SSLBUF_TO_CSSM(&scert->derCert, &certData);
+ ortn = SecCertificateCreateFromData(&certData,
+ CSSM_CERT_X_509v3,
+ CSSM_CERT_ENCODING_DER,
+ &cfd);
+ if(ortn) {
CFRelease(ca);
- return memFullErr;
+ return ortn;
}
- CFArrayAppendValue(ca, cfd);
+ /* insert at head of array */
+ CFArrayInsertValueAtIndex(ca, 0, cfd);
scert = scert->next;
}
*certs = ca;
Contains: SSL 3.0 handshake state machine.
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
#include "appleCdsa.h"
#endif
+#include "digests.h"
#include <string.h>
+#include <assert.h>
#define REQUEST_CERT_CORRECT 0
ERR(err = SSLProcessCertificateRequest(message.contents, ctx));
break;
case SSL_server_key_exchange:
- #if _APPLE_CDSA_
/*
* Since this message is optional, and completely at the
* server's discretion, we need to be able to handle this
default:
goto wrongMessage;
}
- #else
- if (ctx->state != HandshakeKeyExchange)
- goto wrongMessage;
- #endif /* _APPLE_CDSA_ */
ERR(err = SSLProcessServerKeyExchange(message.contents, ctx));
break;
case SSL_server_hello_done:
CASSERT(ctx->protocolSide == SSL_ServerSide);
if (ctx->sessionID.data != 0) /* If session ID != 0, client is trying to resume */
{ if (ctx->resumableSession.data != 0)
- { if (ERR(err = SSLRetrieveSessionIDIdentifier(ctx->resumableSession, &sessionIdentifier, ctx)) != 0)
+ { if (ERR(err = SSLRetrieveSessionID(ctx->resumableSession, &sessionIdentifier, ctx)) != 0)
return err;
if (sessionIdentifier.length == ctx->sessionID.length &&
memcmp(sessionIdentifier.data, ctx->sessionID.data, ctx->sessionID.length) == 0)
{ /* Everything matches; resume the session */
//DEBUGMSG("Using resumed SSL3 Session");
- if (ERR(err = SSLInstallSessionID(ctx->resumableSession, ctx)) != 0)
+ SSLLogResumSess("===RESUMING SSL3 server-side session\n");
+ if (ERR(err = SSLInstallSessionFromData(ctx->resumableSession,
+ ctx)) != 0)
{ ERR(SSLFatalSessionAlert(alert_close_notify, ctx));
return err;
}
SSLChangeHdskState(ctx, HandshakeChangeCipherSpec);
break;
}
+ else {
+ SSLLogResumSess(
+ "===FAILED TO RESUME SSL3 server-side session\n");
+ }
if (ERR(err = SSLFreeBuffer(&sessionIdentifier, &ctx->sysCtx)) != 0 ||
- ERR(err = SSLDeleteSessionID(ctx)) != 0)
+ ERR(err = SSLDeleteSessionData(ctx)) != 0)
{ ERR(SSLFatalSessionAlert(alert_close_notify, ctx));
return err;
}
ERR(err = SSLAllocBuffer(&ctx->sessionID, SSL_SESSION_ID_LEN, &ctx->sysCtx));
if (err == 0)
{
- #ifdef _APPLE_CDSA_
if((err = sslRand(ctx, &ctx->sessionID)) != 0)
- #else
- if (ERR(err = ctx->sysCtx.random(ctx->sessionID, ctx->sysCtx.randomRef)) != 0)
- #endif
{ ERR(SSLFatalSessionAlert(alert_close_notify, ctx));
return err;
}
return err;
break;
}
- #ifdef _APPLE_CDSA_
- /*
- * At this point we decide whether to send a server key exchange
- * method. For Apple servers, I think we'll ALWAYS do this, because
- * of key usage restrictions (can't decrypt and sign with the same
- * private key), but conceptually in this code, we do it if
- * enabled by the presence of encryptPrivKey.
- */
- #if SSL_SERVER_KEYEXCH_HACK
- /*
- * This is currently how we work with Netscape. It requires
- * a CSP which can handle private keys which can both
- * sign and decrypt.
- */
- if((ctx->selectedCipherSpec->keyExchangeMethod != SSL_RSA) &&
- (ctx->encryptPrivKey != NULL)) {
- err = SSLPrepareAndQueueMessage(SSLEncodeServerKeyExchange, ctx);
- if(err) {
- return err;
- }
- }
- #else /* !SSL_SERVER_KEYEXCH_HACK */
- /*
- * This is, I believe the "right" way, but Netscape doesn't
- * work this way.
- */
- if (ctx->encryptPrivKey != NULL) {
- err = SSLPrepareAndQueueMessage(SSLEncodeServerKeyExchange, ctx);
- if(err) {
- return err;
- }
+ /*
+ * At this point we decide whether to send a server key exchange
+ * method. For Apple servers, I think we'll ALWAYS do this, because
+ * of key usage restrictions (can't decrypt and sign with the same
+ * private key), but conceptually in this code, we do it if
+ * enabled by the presence of encryptPrivKey.
+ */
+ #if SSL_SERVER_KEYEXCH_HACK
+ /*
+ * This is currently how we work with Netscape. It requires
+ * a CSP which can handle private keys which can both
+ * sign and decrypt.
+ */
+ if((ctx->selectedCipherSpec->keyExchangeMethod != SSL_RSA) &&
+ (ctx->encryptPrivKey != NULL)) {
+ err = SSLPrepareAndQueueMessage(SSLEncodeServerKeyExchange, ctx);
+ if(err) {
+ return err;
+ }
+ }
+ #else /* !SSL_SERVER_KEYEXCH_HACK */
+ /*
+ * This is, I believe the "right" way, but Netscape doesn't
+ * work this way.
+ */
+ if (ctx->encryptPrivKey != NULL) {
+ err = SSLPrepareAndQueueMessage(SSLEncodeServerKeyExchange, ctx);
+ if(err) {
+ return err;
}
- #endif /* SSL_SERVER_KEYEXCH_HACK */
- #else /* !_APPLE_CDSA_ */
- /* original SSLRef3.... */
- if (ctx->selectedCipherSpec->keyExchangeMethod != SSL_RSA)
- if (ERR(err = SSLPrepareAndQueueMessage(SSLEncodeServerKeyExchange, ctx)) != 0)
- return err;
- #endif /* _APPLE_CDSA_ */
+ }
+ #endif /* SSL_SERVER_KEYEXCH_HACK */
+
#if ST_SERVER_MODE_ENABLE
if (ctx->tryClientAuth)
{ if (ERR(err = SSLPrepareAndQueueMessage(SSLEncodeCertificateRequest, ctx)) != 0)
break;
case SSL_server_hello:
if (ctx->resumableSession.data != 0 && ctx->sessionID.data != 0)
- { if (ERR(err = SSLRetrieveSessionIDIdentifier(ctx->resumableSession, &sessionIdentifier, ctx)) != 0)
+ { if (ERR(err = SSLRetrieveSessionID(ctx->resumableSession, &sessionIdentifier, ctx)) != 0)
{ ERR(SSLFatalSessionAlert(alert_close_notify, ctx));
return err;
}
if (sessionIdentifier.length == ctx->sessionID.length &&
memcmp(sessionIdentifier.data, ctx->sessionID.data, ctx->sessionID.length) == 0)
{ /* Everything matches; resume the session */
- if (ERR(err = SSLInstallSessionID(ctx->resumableSession, ctx)) != 0 ||
+ SSLLogResumSess("===RESUMING SSL3 client-side session\n");
+ if (ERR(err = SSLInstallSessionFromData(ctx->resumableSession,
+ ctx)) != 0 ||
ERR(err = SSLInitPendingCiphers(ctx)) != 0 ||
ERR(err = SSLFreeBuffer(&sessionIdentifier, &ctx->sysCtx)) != 0)
{ ERR(SSLFatalSessionAlert(alert_close_notify, ctx));
SSLChangeHdskState(ctx, HandshakeChangeCipherSpec);
break;
}
+ else {
+ SSLLogResumSess("===FAILED TO RESUME SSL3 client-side session\n");
+ }
if (ERR(err = SSLFreeBuffer(&sessionIdentifier, &ctx->sysCtx)) != 0)
{ ERR(SSLFatalSessionAlert(alert_close_notify, ctx));
return err;
if (ctx->state == HandshakeCertificate)
switch (ctx->selectedCipherSpec->keyExchangeMethod)
{ case SSL_RSA:
- #ifdef _APPLE_CDSA_
/*
* I really think the two RSA cases should be
* handled the same here - the server key exchange is
* we're a client here.
*/
case SSL_RSA_EXPORT:
- #endif
case SSL_DH_DSS:
case SSL_DH_DSS_EXPORT:
case SSL_DH_RSA:
case SSL_DH_RSA_EXPORT:
SSLChangeHdskState(ctx, HandshakeHelloDone);
break;
- #ifndef _APPLE_CDSA_
- case SSL_RSA_EXPORT:
- #endif
case SSL_DHE_DSS:
case SSL_DHE_DSS_EXPORT:
case SSL_DHE_RSA:
}
if (ERR(err = SSLPrepareAndQueueMessage(SSLEncodeKeyExchange, ctx)) != 0)
return err;
- if (ERR(err = SSLCalculateMasterSecret(ctx)) != 0 ||
+ assert(ctx->sslTslCalls != NULL);
+ if (ERR(err = ctx->sslTslCalls->generateMasterSecret(ctx)) != 0 ||
ERR(err = SSLInitPendingCiphers(ctx)) != 0)
{ ERR(SSLFatalSessionAlert(alert_close_notify, ctx));
return err;
}
+ memset(ctx->preMasterSecret.data, 0, ctx->preMasterSecret.length);
if (ERR(err = SSLFreeBuffer(&ctx->preMasterSecret, &ctx->sysCtx)) != 0)
return err;
if (ctx->certSent)
return err;
}
ctx->writeCipher = ctx->writePending;
- ctx->writeCipher.ready = 0; /* Can't send data until Finished is sent */
- memset(&ctx->writePending, 0, sizeof(CipherContext)); /* Zero out old data */
+ /* Can't send data until Finished is sent */
+ ctx->writeCipher.ready = 0;
+
+ /* Zero out old data */
+ memset(&ctx->writePending, 0, sizeof(CipherContext));
if (ERR(err = SSLPrepareAndQueueMessage(SSLEncodeFinishedMessage, ctx)) != 0)
return err;
/* Finished has been sent; enable data dransfer on write channel */
SSLChangeHdskState(ctx, HandshakeChangeCipherSpec);
break;
case SSL_client_key_exchange:
- if (ERR(err = SSLCalculateMasterSecret(ctx)) != 0 ||
+ assert(ctx->sslTslCalls != NULL);
+ if (ERR(err = ctx->sslTslCalls->generateMasterSecret(ctx)) != 0 ||
ERR(err = SSLInitPendingCiphers(ctx)) != 0)
{ ERR(SSLFatalSessionAlert(alert_close_notify, ctx));
return err;
}
+ memset(ctx->preMasterSecret.data, 0, ctx->preMasterSecret.length);
if (ERR(err = SSLFreeBuffer(&ctx->preMasterSecret, &ctx->sysCtx)) != 0)
return err;
if (ctx->certReceived) {
SSLChangeHdskState(ctx, HandshakeClientReady);
}
if (ctx->peerID.data != 0)
- ERR(SSLAddSessionID(ctx));
+ ERR(SSLAddSessionData(ctx));
break;
default:
ASSERTMSG("Unknown State");
SSLLogHdskMsg((SSLHandshakeType)rec.contents.data[0], 1);
}
- if (ERR(err = SSLWriteRecord(rec, ctx)) != 0)
+ assert(ctx->sslTslCalls != NULL);
+ if (ERR(err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0)
goto fail;
err = SSLNoErr;
hdskMsgToStr(msg), (sent ? "sent" : "recv"));
}
-#endif /* LOG_HDSK_MSG */
\ No newline at end of file
+#endif /* LOG_HDSK_MSG */
+
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* sslmd5.c - RSA Data Security, Inc., MD5 message-digest algorithm
- */
-
-/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
-rights reserved.
-
-License to copy and use this software is granted provided that it
-is identified as the "RSA Data Security, Inc. MD5 Message-Digest
-Algorithm" in all material mentioning or referencing this software
-or this function.
-
-License is also granted to make and use derivative works provided
-that such works are identified as "derived from the RSA Data
-Security, Inc. MD5 Message-Digest Algorithm" in all material
-mentioning or referencing the derived work.
-
-RSA Data Security, Inc. makes no representations concerning either
-the merchantability of this software or the suitability of this
-software for any particular purpose. It is provided "as is"
-without express or implied warranty of any kind.
-
-These notices must be retained in any copies of any part of this
-documentation and/or software.
- */
-
-#if 0
-#ifdef BSAFE
-#include "aglobal.h"
-#else
-#include "global.h"
-#endif
-#endif
-#include "sslmd5.h"
-
-/* Constants for MD5Transform routine.
- */
-#define S11 7
-#define S12 12
-#define S13 17
-#define S14 22
-#define S21 5
-#define S22 9
-#define S23 14
-#define S24 20
-#define S31 4
-#define S32 11
-#define S33 16
-#define S34 23
-#define S41 6
-#define S42 10
-#define S43 15
-#define S44 21
-
-static void MD5Transform PROTO_LIST ((UINT4 [4], const unsigned char [64]));
-static void Encode PROTO_LIST
- ((unsigned char *, UINT4 *, unsigned int));
-static void Decode PROTO_LIST
- ((UINT4 *, const unsigned char *, unsigned int));
-static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int));
-static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int));
-
-static const unsigned char PADDING[64] = {
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/* F, G, H and I are basic MD5 functions.
- */
-#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
-#define H(x, y, z) ((x) ^ (y) ^ (z))
-#define I(x, y, z) ((y) ^ ((x) | (~z)))
-
-/* ROTATE_LEFT rotates x left n bits.
- */
-#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
-
-/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
-Rotation is separate from addition to prevent recomputation.
- */
-#define FF(a, b, c, d, x, s, ac) { \
- (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define GG(a, b, c, d, x, s, ac) { \
- (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define HH(a, b, c, d, x, s, ac) { \
- (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define II(a, b, c, d, x, s, ac) { \
- (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-
-/* MD5 initialization. Begins an MD5 operation, writing a new context.
- */
-void SSLMD5Init (context)
-MD5_CTX *context; /* context */
-{
- context->count[0] = context->count[1] = 0;
- /* Load magic initialization constants.
-*/
- context->state[0] = 0x67452301;
- context->state[1] = 0xefcdab89;
- context->state[2] = 0x98badcfe;
- context->state[3] = 0x10325476;
-}
-
-/* MD5 block update operation. Continues an MD5 message-digest
- operation, processing another message block, and updating the
- context.
- */
-void SSLMD5Update (context, input, inputLen)
-MD5_CTX *context; /* context */
-unsigned const char *input; /* input block */
-unsigned int inputLen; /* length of input block */
-{
- unsigned int i, index, partLen;
-
- /* Compute number of bytes mod 64 */
- index = (unsigned int)((context->count[0] >> 3) & 0x3F);
-
- /* Update number of bits */
- if ((context->count[0] += ((UINT4)inputLen << 3)) < ((UINT4)inputLen << 3))
- context->count[1]++;
- context->count[1] += ((UINT4)inputLen >> 29);
-
- partLen = 64 - index;
-
- /* Transform as many times as possible. */
- if (inputLen >= partLen) {
- MD5_memcpy ((POINTER)&context->buffer[index], (POINTER)input, partLen);
- MD5Transform (context->state, context->buffer);
-
- for (i = partLen; i + 63 < inputLen; i += 64)
- MD5Transform (context->state, &input[i]);
-
- index = 0;
- }
- else
- i = 0;
-
- /* Buffer remaining input */
- MD5_memcpy
- ((POINTER)&context->buffer[index], (POINTER)&input[i],
- inputLen-i);
-}
-
-/* MD5 finalization. Ends an MD5 message-digest operation, writing the
- the message digest and zeroizing the context.
- */
-void SSLMD5Final (digest, context)
-unsigned char digest[16]; /* message digest */
-MD5_CTX *context; /* context */
-{
- unsigned char bits[8];
- unsigned int index, padLen;
-
- /* Save number of bits */
- Encode (bits, context->count, 8);
-
- /* Pad out to 56 mod 64.
-*/
- index = (unsigned int)((context->count[0] >> 3) & 0x3f);
- padLen = (index < 56) ? (56 - index) : (120 - index);
- SSLMD5Update (context, PADDING, padLen);
-
- /* Append length (before padding) */
- SSLMD5Update (context, bits, 8);
-
- /* Store state in digest */
- Encode (digest, context->state, 16);
-
- /* Zeroize sensitive information.
-*/
- MD5_memset ((POINTER)context, 0, sizeof (*context));
-}
-
-/* MD5 basic transformation. Transforms state based on block.
- */
-static void MD5Transform (state, block)
-UINT4 state[4];
-const unsigned char block[64];
-{
- UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
-
- Decode (x, block, 64);
-
- /* Round 1 */
- FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
- FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
- FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
- FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
- FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
- FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
- FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
- FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
- FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
- FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
- FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
- FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
- FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
- FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
- FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
- FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
-
- /* Round 2 */
- GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
- GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
- GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
- GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
- GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
- GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
- GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
- GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
- GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
- GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
- GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
- GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
- GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
- GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
- GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
- GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
-
- /* Round 3 */
- HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
- HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
- HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
- HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
- HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
- HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
- HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
- HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
- HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
- HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
- HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
- HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
- HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
- HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
- HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
- HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
-
- /* Round 4 */
- II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
- II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
- II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
- II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
- II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
- II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
- II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
- II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
- II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
- II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
- II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
- II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
- II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
- II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
- II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
- II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
-
- state[0] += a;
- state[1] += b;
- state[2] += c;
- state[3] += d;
-
- /* Zeroize sensitive information. */
- MD5_memset ((POINTER)x, 0, sizeof (x));
-}
-
-/* Encodes input (UINT4) into output (unsigned char). Assumes len is
- a multiple of 4.
- */
-static void Encode (output, input, len)
-unsigned char *output;
-UINT4 *input;
-unsigned int len;
-{
- unsigned int i, j;
-
- for (i = 0, j = 0; j < len; i++, j += 4) {
- output[j] = (unsigned char)(input[i] & 0xff);
- output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
- output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
- output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
- }
-}
-
-/* Decodes input (unsigned char) into output (UINT4). Assumes len is
- a multiple of 4.
- */
-static void Decode (output, input, len)
-UINT4 *output;
-const unsigned char *input;
-unsigned int len;
-{
- unsigned int i, j;
-
- for (i = 0, j = 0; j < len; i++, j += 4)
- output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
- (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
-}
-
-/* Note: Replace "for loop" with standard memcpy if possible.
- */
-
-static void MD5_memcpy (output, input, len)
-POINTER output;
-POINTER input;
-unsigned int len;
-{
- unsigned int i;
-
- for (i = 0; i < len; i++)
- output[i] = input[i];
-}
-
-/* Note: Replace "for loop" with standard memset if possible.
- */
-static void MD5_memset (output, value, len)
-POINTER output;
-int value;
-unsigned int len;
-{
- unsigned int i;
-
- for (i = 0; i < len; i++)
- ((char *)output)[i] = (char)value;
-}
Contains: Encryption, decryption and MACing of data
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
#include "sslutil.h"
#endif
-#ifdef _APPLE_CDSA_
-#ifndef _APPLE_GLUE_H_
#include "appleGlue.h"
-#endif
-#endif
-
#include <string.h>
+#include <assert.h>
/*
* Lots of servers fail to provide closure alerts when they disconnect.
*/
#define SSL_ALLOW_UNNOTICED_DISCONNECT 1
-static SSLErr DecryptSSLRecord(UInt8 type, SSLBuffer *payload, SSLContext *ctx);
-static SSLErr VerifyMAC(UInt8 type, SSLBuffer data, UInt8 *compareMAC, SSLContext *ctx);
-static SSLErr ComputeMAC(UInt8 type, SSLBuffer data, SSLBuffer mac, sslUint64 seqNo, SSLBuffer secret, const HashReference *macHash, SSLContext *ctx);
-static UInt8* SSLEncodeUInt64(UInt8 *p, sslUint64 value);
-
/* ReadSSLRecord
* Attempt to read & decrypt an SSL record.
*/
{ readData.length = 1 - ctx->amountRead;
readData.data = ctx->partialReadBuffer.data + ctx->amountRead;
len = readData.length;
- #ifdef _APPLE_CDSA_
err = sslIoRead(readData, &len, ctx);
if(err != 0)
- #else
- if (ERR(err = ctx->ioCtx.read(readData, &len, ctx->ioCtx.ioRef)) != 0)
- #endif
{ if (err == SSLWouldBlockErr)
ctx->amountRead += len;
else
{ readData.length = 5 - ctx->amountRead;
readData.data = ctx->partialReadBuffer.data + ctx->amountRead;
len = readData.length;
- #ifdef _APPLE_CDSA_
err = sslIoRead(readData, &len, ctx);
if(err != 0)
- #else
- if (ERR(err = ctx->ioCtx.read(readData, &len, ctx->ioCtx.ioRef)) != 0)
- #endif
{
switch(err) {
case SSLWouldBlockErr:
(len == 0) && /* nothing new */
(ctx->state == HandshakeClientReady)) { /* handshake done */
/*
- * This means that the server has discionected without
+ * This means that the server has disconnected without
* sending a closure alert notice. This is technically
* illegal per the SSL3 spec, but about half of the
* servers out there do it, so we report it as a separate
{ readData.length = 5 + contentLen - ctx->amountRead;
readData.data = ctx->partialReadBuffer.data + ctx->amountRead;
len = readData.length;
- #ifdef _APPLE_CDSA_
err = sslIoRead(readData, &len, ctx);
if(err != 0)
- #else
- if (ERR(err = ctx->ioCtx.read(readData, &len, ctx->ioCtx.ioRef)) != 0)
- #endif
{ if (err == SSLWouldBlockErr)
ctx->amountRead += len;
else
* amount of plaintext data after adjusting for the block size and removing the MAC
* (this function generates its own alerts)
*/
- if ((err = DecryptSSLRecord(rec->contentType, &cipherFragment, ctx)) != 0)
+ assert(ctx->sslTslCalls != NULL);
+ if ((err = ctx->sslTslCalls->decryptRecord(rec->contentType,
+ &cipherFragment, ctx)) != 0)
return err;
/* We appear to have sucessfully received a record; increment the sequence number */
return SSLNoErr;
}
-/* SSLWriteRecord does not send alerts on failure, out of the assumption/fear
- * that this might result in a loop (since sending an alert causes SSLWriteRecord
- * to be called).
- */
-SSLErr
-SSLWriteRecord(SSLRecord rec, SSLContext *ctx)
-{ SSLErr err;
- int padding = 0, i;
- WaitingRecord *out, *queue;
- SSLBuffer buf, payload, secret, mac;
- UInt8 *progress;
- UInt16 payloadSize,blockSize;
-
- if (rec.protocolVersion == SSL_Version_2_0)
- return SSL2WriteRecord(rec, ctx);
-
- CASSERT(rec.protocolVersion == SSL_Version_3_0);
- CASSERT(rec.contents.length <= 16384);
-
- out = 0;
- /* Allocate a WaitingRecord to store our ready-to-send record in */
- if ((err = SSLAllocBuffer(&buf, sizeof(WaitingRecord), &ctx->sysCtx)) != 0)
- return ERR(err);
- out = (WaitingRecord*)buf.data;
- out->next = 0;
- out->sent = 0;
- /* Allocate enough room for the transmitted record, which will be:
- * 5 bytes of header +
- * encrypted contents +
- * macLength +
- * padding [block ciphers only] +
- * padding length field (1 byte) [block ciphers only]
- */
- payloadSize = (UInt16) (rec.contents.length + ctx->writeCipher.hash->digestSize);
- blockSize = ctx->writeCipher.symCipher->blockSize;
- if (blockSize > 0)
- { padding = blockSize - (payloadSize % blockSize) - 1;
- payloadSize += padding + 1;
- }
- out->data.data = 0;
- if ((err = SSLAllocBuffer(&out->data, 5 + payloadSize, &ctx->sysCtx)) != 0)
- goto fail;
-
- progress = out->data.data;
- *(progress++) = rec.contentType;
- progress = SSLEncodeInt(progress, rec.protocolVersion, 2);
- progress = SSLEncodeInt(progress, payloadSize, 2);
-
- /* Copy the contents into the output buffer */
- memcpy(progress, rec.contents.data, rec.contents.length);
- payload.data = progress;
- payload.length = rec.contents.length;
-
- progress += rec.contents.length;
- /* MAC immediately follows data */
- mac.data = progress;
- mac.length = ctx->writeCipher.hash->digestSize;
- progress += mac.length;
-
- /* MAC the data */
- if (mac.length > 0) /* Optimize away null case */
- { secret.data = ctx->writeCipher.macSecret;
- secret.length = ctx->writeCipher.hash->digestSize;
- if ((err = ComputeMAC(rec.contentType, payload, mac, ctx->writeCipher.sequenceNum, secret, ctx->writeCipher.hash, ctx)) != 0)
- goto fail;
- }
-
- /* Update payload to reflect encrypted data: contents, mac & padding */
- payload.length = payloadSize;
-
- /* Fill in the padding bytes & padding length field with the padding value; the
- * protocol only requires the last byte,
- * but filling them all in avoids leaking data
- */
- if (ctx->writeCipher.symCipher->blockSize > 0)
- for (i = 1; i <= padding + 1; ++i)
- payload.data[payload.length - i] = padding;
-
- /* Encrypt the data */
- DUMP_BUFFER_NAME("cleartext data", payload);
- /* _APPLE_CDSA_ change */
- if ((err = ctx->writeCipher.symCipher->encrypt(payload,
- payload,
- &ctx->writeCipher,
- ctx)) != 0)
- goto fail;
- DUMP_BUFFER_NAME("encrypted data", payload);
-
- /* Enqueue the record to be written from the idle loop */
- if (ctx->recordWriteQueue == 0)
- ctx->recordWriteQueue = out;
- else
- { queue = ctx->recordWriteQueue;
- while (queue->next != 0)
- queue = queue->next;
- queue->next = out;
- }
-
- /* Increment the sequence number */
- IncrementUInt64(&ctx->writeCipher.sequenceNum);
-
- return SSLNoErr;
-
-fail: /* Only for if we fail between when the WaitingRecord is allocated and when it is queued */
- SSLFreeBuffer(&out->data, &ctx->sysCtx);
- buf.data = (UInt8*)out;
- buf.length = sizeof(WaitingRecord);
- SSLFreeBuffer(&buf, &ctx->sysCtx);
- return ERR(err);
-}
-
-static SSLErr
-DecryptSSLRecord(UInt8 type, SSLBuffer *payload, SSLContext *ctx)
-{ SSLErr err;
- SSLBuffer content;
-
- if ((ctx->readCipher.symCipher->blockSize > 0) &&
- ((payload->length % ctx->readCipher.symCipher->blockSize) != 0))
- { SSLFatalSessionAlert(alert_unexpected_message, ctx);
- return ERR(SSLProtocolErr);
- }
-
- /* Decrypt in place */
- DUMP_BUFFER_NAME("encrypted data", (*payload));
- /* _APPLE_CDSA_ change */
- if ((err = ctx->readCipher.symCipher->decrypt(*payload,
- *payload,
- &ctx->readCipher,
- ctx)) != 0)
- { SSLFatalSessionAlert(alert_close_notify, ctx);
- return ERR(err);
- }
- DUMP_BUFFER_NAME("decrypted data", (*payload));
-
-/* Locate content within decrypted payload */
- content.data = payload->data;
- content.length = payload->length - ctx->readCipher.hash->digestSize;
- if (ctx->readCipher.symCipher->blockSize > 0)
- { /* padding can't be equal to or more than a block */
- if (payload->data[payload->length - 1] >= ctx->readCipher.symCipher->blockSize)
- { SSLFatalSessionAlert(alert_unexpected_message, ctx);
- errorLog1("DecryptSSLRecord: bad padding length (%d)\n",
- (unsigned)payload->data[payload->length - 1]);
- return ERR(SSLProtocolErr);
- }
- content.length -= 1 + payload->data[payload->length - 1]; /* Remove block size padding */
- }
-
-/* Verify MAC on payload */
- if (ctx->readCipher.hash->digestSize > 0) /* Optimize away MAC for null case */
- if ((err = VerifyMAC(type, content, payload->data + content.length, ctx)) != 0)
- { SSLFatalSessionAlert(alert_bad_record_mac, ctx);
- return ERR(err);
- }
-
- *payload = content; /* Modify payload buffer to indicate content length */
-
- return SSLNoErr;
-}
-
-static UInt8*
-SSLEncodeUInt64(UInt8 *p, sslUint64 value)
-{ p = SSLEncodeInt(p, value.high, 4);
- return SSLEncodeInt(p, value.low, 4);
-}
-
-static SSLErr
-VerifyMAC(UInt8 type, SSLBuffer data, UInt8 *compareMAC, SSLContext *ctx)
-{ SSLErr err;
+/* common for sslv3 and tlsv1, except for the computeMac callout */
+SSLErr SSLVerifyMac(
+ UInt8 type,
+ SSLBuffer data,
+ UInt8 *compareMAC,
+ SSLContext *ctx)
+{
+ SSLErr err;
UInt8 macData[MAX_DIGEST_SIZE];
SSLBuffer secret, mac;
secret.data = ctx->readCipher.macSecret;
- secret.length = ctx->readCipher.hash->digestSize;
+ secret.length = ctx->readCipher.macRef->hash->digestSize;
mac.data = macData;
- mac.length = ctx->readCipher.hash->digestSize;
-
- if ((err = ComputeMAC(type, data, mac, ctx->readCipher.sequenceNum, secret, ctx->readCipher.hash, ctx)) != 0)
+ mac.length = ctx->readCipher.macRef->hash->digestSize;
+
+ assert(ctx->sslTslCalls != NULL);
+ if ((err = ctx->sslTslCalls->computeMac(type,
+ data,
+ mac,
+ &ctx->readCipher,
+ ctx->readCipher.sequenceNum,
+ ctx)) != 0)
return ERR(err);
if ((memcmp(mac.data, compareMAC, mac.length)) != 0) {
- errorLog0("VerifyMAC: Mac verify failure\n");
+ errorLog0("ssl3VerifyMac: Mac verify failure\n");
return ERR(SSLProtocolErr);
}
return SSLNoErr;
}
-static SSLErr
-ComputeMAC(UInt8 type, SSLBuffer data, SSLBuffer mac, sslUint64 seqNo, SSLBuffer secret,
- const HashReference *macHash, SSLContext *ctx)
-{ SSLErr err;
- UInt8 innerDigestData[MAX_DIGEST_SIZE];
- UInt8 scratchData[11], *progress;
- SSLBuffer digest,digestCtx,scratch;
-
- CASSERT(macHash->macPadSize <= MAX_MAC_PADDING);
- CASSERT(macHash->digestSize <= MAX_DIGEST_SIZE);
- CASSERT(SSLMACPad1[0] == 0x36 && SSLMACPad2[0] == 0x5C);
-
- digestCtx.data = 0;
- if ((err = SSLAllocBuffer(&digestCtx, macHash->contextSize, &ctx->sysCtx)) != 0)
- goto exit;
-
-/* MAC = hash( MAC_write_secret + pad_2 + hash( MAC_write_secret + pad_1 + seq_num + type + length + content ) ) */
- if ((err = macHash->init(digestCtx)) != 0)
- goto exit;
- if ((err = macHash->update(digestCtx, secret)) != 0) /* MAC secret */
- goto exit;
- scratch.data = SSLMACPad1;
- scratch.length = macHash->macPadSize;
- if ((err = macHash->update(digestCtx, scratch)) != 0) /* pad1 */
- goto exit;
- progress = scratchData;
- progress = SSLEncodeUInt64(progress, seqNo);
- *progress++ = type;
- progress = SSLEncodeInt(progress, data.length, 2);
- scratch.data = scratchData;
- scratch.length = 11;
- CASSERT(progress = scratchData+11);
- if ((err = macHash->update(digestCtx, scratch)) != 0) /* sequenceNo, type & length */
- goto exit;
- if ((err = macHash->update(digestCtx, data)) != 0) /* content */
- goto exit;
- digest.data = innerDigestData;
- digest.length = macHash->digestSize;
- if ((err = macHash->final(digestCtx, digest)) != 0) /* figure inner digest */
- goto exit;
-
- if ((err = macHash->init(digestCtx)) != 0)
- goto exit;
- if ((err = macHash->update(digestCtx, secret)) != 0) /* MAC secret */
- goto exit;
- scratch.data = SSLMACPad2;
- scratch.length = macHash->macPadSize;
- if ((err = macHash->update(digestCtx, scratch)) != 0) /* pad2 */
- goto exit;
- if ((err = macHash->update(digestCtx, digest)) != 0) /* inner digest */
- goto exit;
- if ((err = macHash->final(digestCtx, mac)) != 0) /* figure the mac */
- goto exit;
-
- err = SSLNoErr; /* redundant, I know */
-
-exit:
- SSLFreeBuffer(&digestCtx, &ctx->sysCtx);
- return ERR(err);
-}
+
#include "cipherSpecs.h"
#endif
-#ifdef _APPLE_CDSA_
-#ifndef _APPLE_SESSION_H_
#include "appleSession.h"
-#endif
-#endif
-
+#include <assert.h>
#include <string.h>
#include <stddef.h>
UInt8 sessionID[32];
SSLProtocolVersion protocolVersion;
UInt16 cipherSuite;
+ UInt16 padding; /* so remainder is word aligned */
UInt8 masterSecret[48];
int certCount;
UInt8 certs[1]; /* Actually, variable length */
* I don' think this is an issue...is it?
*/
SSLErr
-SSLAddSessionID(const SSLContext *ctx)
+SSLAddSessionData(const SSLContext *ctx)
{ SSLErr err;
uint32 sessionIDLen;
SSLBuffer sessionID;
session->cipherSuite = ctx->selectedCipher;
memcpy(session->masterSecret, ctx->masterSecret, 48);
session->certCount = certCount;
-
+ session->padding = 0;
+
certDest = session->certs;
cert = ctx->peerCert;
while (cert)
cert = cert->next;
}
- #ifdef _APPLE_CDSA_
- err = sslAddSession(ctx->peerID, sessionID, ctx->sessionCtx.sessionRef);
- #else
- err = ctx->sessionCtx.addSession(ctx->peerID, sessionID, ctx->sessionCtx.sessionRef);
- #endif
+ err = sslAddSession(ctx->peerID, sessionID);
SSLFreeBuffer(&sessionID, &ctx->sysCtx);
return err;
* Retrieve resumable session data, from key ctx->peerID.
*/
SSLErr
-SSLGetSessionID(SSLBuffer *sessionData, const SSLContext *ctx)
+SSLGetSessionData(SSLBuffer *sessionData, const SSLContext *ctx)
{ SSLErr err;
if (ctx->peerID.data == 0)
sessionData->data = 0;
- #ifdef _APPLE_CDSA_
- err = sslGetSession(ctx->peerID, sessionData, ctx->sessionCtx.sessionRef);
- #else
- ERR(err = ctx->sessionCtx.getSession(ctx->peerID, sessionData, ctx->sessionCtx.sessionRef));
- #endif
-
+ err = sslGetSession(ctx->peerID, sessionData);
if (sessionData->data == 0)
return ERR(SSLSessionNotFoundErr);
}
SSLErr
-SSLDeleteSessionID(const SSLContext *ctx)
+SSLDeleteSessionData(const SSLContext *ctx)
{ SSLErr err;
if (ctx->peerID.data == 0)
return SSLSessionNotFoundErr;
- #ifdef _APPLE_CDSA_
- err = sslDeleteSession(ctx->peerID, ctx->sessionCtx.sessionRef);
- #else
- err = ctx->sessionCtx.deleteSession(ctx->peerID, ctx->sessionCtx.sessionRef);
- #endif
+ err = sslDeleteSession(ctx->peerID);
return err;
}
* Given a sessionData blob, obtain the associated sessionID (NOT the key...).
*/
SSLErr
-SSLRetrieveSessionIDIdentifier(
+SSLRetrieveSessionID(
const SSLBuffer sessionData,
SSLBuffer *identifier,
const SSLContext *ctx)
* Obtain the protocol version associated with a specified resumable session blob.
*/
SSLErr
-SSLRetrieveSessionIDProtocolVersion(
- const SSLBuffer sessionID,
+SSLRetrieveSessionProtocolVersion(
+ const SSLBuffer sessionData,
SSLProtocolVersion *version,
const SSLContext *ctx)
{ ResumableSession *session;
- session = (ResumableSession*) sessionID.data;
+ session = (ResumableSession*) sessionData.data;
*version = session->protocolVersion;
return SSLNoErr;
}
/*
- * Retrieve session state. Presumably, ctx->sessionID and
+ * Retrieve session state from specified sessionData blob, install into
+ * ctx. Presumably, ctx->sessionID and
* ctx->negProtocolVersion are already init'd (from the above two functions).
*/
+
+/*
+ * Netscape Enterprise Server is known to change cipherspecs upon session resumption.
+ * For example, connecting to cdnow.com with all ciphersuites enabled results in
+ * CipherSuite 4 (SSL_RSA_WITH_RC4_128_MD5) being selected on the first session,
+ * and CipherSuite 10 (SSL_RSA_WITH_3DES_EDE_CBC_SHA) being selected on subsequent
+ * sessions. This is contrary to the SSL3.0 spec, sesion 7.6.1.3, describing the
+ * Server Hello message.
+ *
+ * This anomaly does not occur if only RC4 ciphers are enabled in the Client Hello
+ * message. It also does not happen in SSL V2.
+ */
+#define ALLOW_CIPHERSPEC_CHANGE 1
+
SSLErr
-SSLInstallSessionID(const SSLBuffer sessionData, SSLContext *ctx)
+SSLInstallSessionFromData(const SSLBuffer sessionData, SSLContext *ctx)
{ SSLErr err;
ResumableSession *session;
uint8 *storedCertProgress;
SSLCertificate *cert, *lastCert;
- #ifndef __APPLE__
- SSLBuffer certAlloc;
- #endif
int certCount;
uint32 certLen;
session = (ResumableSession*)sessionData.data;
CASSERT(ctx->negProtocolVersion == session->protocolVersion);
-
- ctx->selectedCipher = session->cipherSuite;
+
+ /*
+ * For SSLv3 and TLSv1, we know that selectedCipher has already been specified in
+ * SSLProcessServerHello(). An SSLv2 server hello message with a session
+ * ID hit contains no CipherKind field so we set it here.
+ */
+ if(ctx->negProtocolVersion == SSL_Version_2_0) {
+ if(ctx->protocolSide == SSL_ClientSide) {
+ assert(ctx->selectedCipher == 0);
+ ctx->selectedCipher = session->cipherSuite;
+ }
+ else {
+ /*
+ * Else...what if they don't match? Could never happen, right?
+ * Wouldn't that mean the client is trying to switch ciphers on us?
+ */
+ if(ctx->selectedCipher != session->cipherSuite) {
+ errorLog2("+++SSL2: CipherSpec change from %d to %d on session "
+ "resume\n",
+ session->cipherSuite, ctx->selectedCipher);
+ return SSLProtocolErr;
+ }
+ }
+ }
+ else {
+ assert(ctx->selectedCipher != 0);
+ if(ctx->selectedCipher != session->cipherSuite) {
+ #if ALLOW_CIPHERSPEC_CHANGE
+ dprintf2("+++WARNING: CipherSpec change from %d to %d on session resume\n",
+ session->cipherSuite, ctx->selectedCipher);
+ #else
+ errorLog2("+++SSL: CipherSpec change from %d to %d on session resume\n",
+ session->cipherSuite, ctx->selectedCipher);
+ return SSLProtocolErr;
+ #endif
+ }
+ }
if ((err = FindCipherSpec(ctx)) != 0) {
return err;
}
while (certCount--)
{
- #ifdef __APPLE__
cert = (SSLCertificate *)sslMalloc(sizeof(SSLCertificate));
if(cert == NULL) {
return SSLMemoryErr;
}
- #else
- if ((err = SSLAllocBuffer(&certAlloc, sizeof(SSLCertificate), &ctx->sysCtx)) != 0)
- return err;
- cert = (SSLCertificate*)certAlloc.data;
- #endif
cert->next = 0;
certLen = SSLDecodeInt(storedCertProgress, 4);
storedCertProgress += 4;
if ((err = SSLAllocBuffer(&cert->derCert, certLen, &ctx->sysCtx)) != 0)
{
- #ifdef __APPLE__
sslFree(cert);
- #else
- SSLFreeBuffer(&certAlloc,&ctx->sysCtx);
- #endif
return err;
}
memcpy(cert->derCert.data, storedCertProgress, certLen);
storedCertProgress += certLen;
- #ifndef _APPLE_CDSA_
- /* we don't decode */
- if ((err = ASNParseX509Certificate(cert->derCert, &cert->cert, ctx)) != 0)
- {
- SSLFreeBuffer(&cert->derCert,&ctx->sysCtx);
- #ifdef __APPLE__
- sslFree(cert);
- #else
- SSLFreeBuffer(&certAlloc,&ctx->sysCtx);
- #endif
- return err;
- }
- #endif
if (lastCert == 0)
ctx->peerCert = cert;
else
Contains: SSLContext transport layer
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
#include "ssl2.h"
#endif
-#ifdef _APPLE_CDSA_
#ifndef _APPLE_GLUE_H_
#include "appleGlue.h"
#endif
#endif
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
-#endif
+#include <assert.h>
#include <string.h>
#define SSL_IO_TRACE 0
else
rec.contents.length = MAX_RECORD_LENGTH;
- if (ERR(err = SSLWriteRecord(rec, ctx)) != 0)
+ assert(ctx->sslTslCalls != NULL);
+ if (ERR(err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0)
goto exit;
processed += rec.contents.length;
ctx->receivedDataPos = 0;
}
+ /*
+ * This while statement causes a hang when using nonblocking low-level I/O!
while (remaining > 0 && ctx->state != SSLGracefulClose)
+ ..what we really have to do is just return as soon as we read one
+ record. A performance hit in the nonblocking case, but that is
+ the only way this code can work in both modes...
+ */
+ if (remaining > 0 && ctx->state != SSLGracefulClose)
{ CASSERT(ctx->receivedDataBuffer.data == 0);
if (ERR(err = SSLReadRecord(&rec, ctx)) != 0)
goto exit;
return sslErrToOsStatus(err);
}
+ /* one more flush at completion of successful handshake */
+ if ((err = SSLServiceWriteQueue(ctx)) != 0) {
+ return sslErrToOsStatus(err);
+ }
return noErr;
}
}
if (ctx->peerID.data != 0)
- { ERR(SSLGetSessionID(&ctx->resumableSession, ctx));
+ { ERR(SSLGetSessionData(&ctx->resumableSession, ctx));
/* Ignore errors; just treat as uncached session */
}
-/* If we're a client, and we have a cached resumable session, we want
- * to try to negotiate the same session type we negotiated before,
- * because an SSL 3.0 session can only be resumed with an SSL 3.0
- * hello message.
- */
- if (ctx->protocolSide == SSL_ClientSide && ctx->resumableSession.data != 0)
- { if (ERR(err = SSLRetrieveSessionIDProtocolVersion(ctx->resumableSession,
- &ctx->negProtocolVersion, ctx)) != 0)
+ /*
+ * If we have a cached resumable session, blow it off if it's a higher
+ * version than the max currently allowed. Note that this means that once
+ * a process negotiates a given version with a given server/port, it won't
+ * be able to negotiate a higher version. We might want to revisit this.
+ */
+ if (ctx->resumableSession.data != 0) {
+
+ SSLProtocolVersion savedVersion;
+
+ if (ERR(err = SSLRetrieveSessionProtocolVersion(ctx->resumableSession,
+ &savedVersion, ctx)) != 0) {
return err;
+ }
+ if(savedVersion > ctx->maxProtocolVersion) {
+ SSLLogResumSess("===Resumable session protocol mismatch\n");
+ SSLFreeBuffer(&ctx->resumableSession, &ctx->sysCtx);
+ }
+ else {
+ SSLLogResumSess("===attempting to resume session\n");
+ /*
+ * A bit of a special case for server side here. If currently
+ * configged to allow for SSL3/TLS1 with an SSL2 hello, we
+ * don't want to preclude the possiblity of an SSL2 hello...
+ * so we'll just leave the negProtocolVersion alone in the server case.
+ */
+ if(ctx->protocolSide == SSL_ClientSide) {
+ ctx->negProtocolVersion = savedVersion;
+ }
+ }
}
/* If we're the client & handshake hasn't yet begun, start it by
break;
case SSL_Version_3_0_Only:
case SSL_Version_3_0:
+ case TLS_Version_1_0_Only:
+ case TLS_Version_1_0:
if (ERR(err = SSLAdvanceHandshake(SSL_hello_request, ctx)) != 0)
return err;
break;
static SSLErr
SSLServiceWriteQueue(SSLContext *ctx)
-{ SSLErr err;
- UInt32 written;
+{ SSLErr err = SSLNoErr, werr = SSLNoErr;
+ UInt32 written = 0;
SSLBuffer buf, recBuf;
WaitingRecord *rec;
-
- while ((rec = ctx->recordWriteQueue) != 0)
+
+ while (!werr && ((rec = ctx->recordWriteQueue) != 0))
{ buf.data = rec->data.data + rec->sent;
buf.length = rec->data.length - rec->sent;
- #ifdef _APPLE_CDSA_
- err = sslIoWrite(buf, &written, ctx);
- #else
- err = ctx->ioCtx.write(buf, &written, ctx->ioCtx.ioRef);
- #endif
- // FIXME - detect & abort ERR(err);
+ werr = sslIoWrite(buf, &written, ctx);
rec->sent += written;
if (rec->sent >= rec->data.length)
{ CASSERT(rec->sent == rec->data.length);
return err;
CASSERT(ctx->recordWriteQueue == 0 || ctx->recordWriteQueue->sent == 0);
}
-
- return SSLNoErr;
+
+ return werr;
}
#if LOG_RX_PROTOCOL
OSStatus
SSLClose(SSLContext *ctx)
{
- SSLErr err = SSLNoErr; /* _APPLE_CDSA_ bug fix - was uninit'd */
+ SSLErr err = SSLNoErr;
if(ctx == NULL) {
return paramErr;
}
- if (ctx->negProtocolVersion == SSL_Version_3_0)
+ if (ctx->negProtocolVersion >= SSL_Version_3_0)
ERR(err = SSLSendAlert(alert_warning, alert_close_notify, ctx));
if (err == 0)
ERR(err = SSLServiceWriteQueue(ctx));
err = SSLNoErr; /* Ignore errors related to closed streams */
return sslErrToOsStatus(err);
}
+
+/*
+ * Determine how much data the client can be guaranteed to
+ * obtain via SSLRead() without blocking or causing any low-level
+ * read operations to occur.
+ *
+ * Implemented here because the relevant info in SSLContext (receivedDataBuffer
+ * and receivedDataPos) are only used in this file.
+ */
+OSStatus
+SSLGetBufferedReadSize(SSLContextRef ctx,
+ size_t *bufSize) /* RETURNED */
+{
+ if(ctx == NULL) {
+ return paramErr;
+ }
+ if(ctx->receivedDataBuffer.data == NULL) {
+ *bufSize = 0;
+ }
+ else {
+ CASSERT(ctx->receivedDataBuffer.length >= ctx->receivedDataPos);
+ *bufSize = ctx->receivedDataBuffer.length - ctx->receivedDataPos;
+ }
+ return noErr;
+}
return retVal;
}
+UInt8*
+SSLEncodeUInt64(UInt8 *p, sslUint64 value)
+{ p = SSLEncodeInt(p, value.high, 4);
+ return SSLEncodeInt(p, value.low, 4);
+}
+
+
void
IncrementUInt64(sslUint64 *v)
{ if (++v->low == 0) /* Must have just rolled over */
case SSL_Version_3_0_Only: return "SSL_Version_3_0_Only";
case SSL_Version_2_0: return "SSL_Version_2_0";
case SSL_Version_3_0: return "SSL_Version_3_0";
+ case TLS_Version_1_0: return "TLS_Version_1_0";
+ case TLS_Version_1_0_Only: return "TLS_Version_1_0_Only";
default: sslPanic("protocolVersStr: bad prot");
}
return NULL; /* NOT REACHED */
Contains: CDSA-based symmetric cipher module
- Written by: Doug Mitchell, based on Netscape RSARef 3.0
+ Written by: Doug Mitchell, based on Netscape SSLRef 3.0
Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
CSSM_DATA_PTR ivDataPtr = NULL;
CSSM_KEY_PTR symKey = NULL;
CSSM_CC_HANDLE ccHand = 0;
- CSSM_KEYHEADER_PTR hdr;
char *op;
CASSERT(cipherCtx != NULL);
if(symKey == NULL) {
return SSLMemoryErr;
}
- memset(symKey, 0, sizeof(CSSM_KEY));
- serr = stSetUpCssmData(&symKey->KeyData, cipherCtx->symCipher->keySize);
+ serr = sslSetUpSymmKey(symKey, cipherCtx->symCipher->keyAlg,
+ CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, CSSM_TRUE,
+ key, cipherCtx->symCipher->keySize);
if(serr) {
sslFree(symKey);
return serr;
}
- memmove(symKey->KeyData.Data, key, cipherCtx->symCipher->keySize);
-
- /* set up the header */
- hdr = &symKey->KeyHeader;
- hdr->BlobType = CSSM_KEYBLOB_RAW;
- hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
- hdr->AlgorithmId = cipherCtx->symCipher->keyAlg;
- hdr->KeyClass = CSSM_KEYCLASS_SESSION_KEY;
- hdr->LogicalKeySizeInBits = cipherCtx->symCipher->keySize * 8;
- hdr->KeyAttr = CSSM_KEYATTR_MODIFIABLE | CSSM_KEYATTR_EXTRACTABLE;
- hdr->KeyUsage = CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT;
- hdr->WrapAlgorithmId = CSSM_ALGID_NONE;
cipherCtx->symKey = symKey;
{
CSSM_RETURN crtn;
CSSM_DATA ptextData;
- CSSM_DATA ctextData = {0, NULL};
+ CSSM_DATA ctextData;
uint32 bytesEncrypted;
SSLErr serr = SSLInternalError;
+ uint32 origLen = dest.length;
/*
* Valid on entry:
CASSERT(cipherCtx != NULL);
logSymmData("Symm encrypt ptext", &src, 48);
+ /* this requirement allows us to avoid a malloc and copy */
+ CASSERT(dest.length >= src.length);
+
#if SSL_DEBUG
{
unsigned blockSize = cipherCtx->symCipher->blockSize;
return SSLInternalError;
}
SSLBUF_TO_CSSM(&src, &ptextData);
+ SSLBUF_TO_CSSM(&dest, &ctextData);
crtn = CSSM_EncryptDataUpdate(cipherCtx->ccHand,
&ptextData,
1,
goto errOut;
}
- if(bytesEncrypted > dest.length) {
- /* FIXME - can this happen? Should we remalloc? */
+ if(bytesEncrypted > origLen) {
+ /* should never happen, callers always give us block-aligned
+ * plaintext and CSP padding is disabled. */
errorLog2("Symmetric encrypt overflow: bytesEncrypted %ld destLen %ld\n",
bytesEncrypted, dest.length);
serr = SSLDataOverflow;
goto errOut;
}
- if(bytesEncrypted) {
- memmove(dest.data, ctextData.Data, bytesEncrypted);
- }
dest.length = bytesEncrypted;
-
- /* CSP mallocd ctext */
- /* FIXME - once we're really sure that the caller always mallocs
- * dest.data, we should avoid this malloc/copy */
- stFreeCssmData(&ctextData, CSSM_FALSE);
-
- /* FIXME - sure we don't need to do Final()? */
-
logSymmData("Symm encrypt ctext", &dest, 48);
serr = SSLNoErr;
CSSM_DATA ctextData;
uint32 bytesDecrypted;
SSLErr serr = SSLInternalError;
-
+ uint32 origLen = dest.length;
+
/*
* Valid on entry:
* cipherCtx->cspHand
errorLog0("CDSASymmDecrypt: null args\n");
return SSLInternalError;
}
+ /* this requirement allows us to avoid a malloc and copy */
+ CASSERT(dest.length >= src.length);
#if SSL_DEBUG
{
#endif
SSLBUF_TO_CSSM(&src, &ctextData);
+ SSLBUF_TO_CSSM(&dest, &ptextData);
crtn = CSSM_DecryptDataUpdate(cipherCtx->ccHand,
&ctextData,
1,
goto errOut;
}
- if(bytesDecrypted > dest.length) {
+ if(bytesDecrypted > origLen) {
/* FIXME - can this happen? Should we remalloc? */
errorLog2("Symmetric decrypt overflow: bytesDecrypted %ld destLen %ld\n",
bytesDecrypted, dest.length);
serr = SSLDataOverflow;
goto errOut;
}
-
- if(bytesDecrypted) {
- memmove(dest.data, ptextData.Data, bytesDecrypted);
- }
-
- /* CSP mallocd ptext, remData */
- stFreeCssmData(&ptextData, CSSM_FALSE);
-
dest.length = bytesDecrypted;
serr = SSLNoErr;
logSymmData("Symm decrypt ptext(1)", &dest, 48);
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: tls1Callouts.c
+
+ Contains: TLSv1-specific routines for SslTlsCallouts.
+
+ Written by: Doug Mitchell
+*/
+
+#include "tls_ssl.h"
+#include "sslerrs.h"
+#include "sslalloc.h"
+#include "sslutil.h"
+#include "digests.h"
+#include "sslalert.h"
+#include "sslDebug.h"
+#include <assert.h>
+#include <strings.h>
+
+#define TLS_ENC_DEBUG 0
+#if TLS_ENC_DEBUG
+#define tlsDebug(format, args...) printf(format , ## args)
+static void tlsDump(const char *name, void *b, unsigned len)
+{
+ unsigned char *cp = (unsigned char *)b;
+ unsigned i, dex;
+
+ printf("%s\n", name);
+ for(dex=0; dex<len; dex++) {
+ i = cp[dex];
+ printf("%02X ", i);
+ if((dex % 16) == 15) {
+ printf("\n");
+ }
+ }
+ printf("\n");
+}
+
+#else
+#define tlsDebug(s, ...)
+#define tlsDump(name, b, len)
+#endif /* TLS_ENC_DEBUG */
+
+#pragma *** PRF label strings ***
+/*
+ * Note we could optimize away a bunch of mallocs and frees if we, like openSSL,
+ * just mallocd buffers for inputs to tlsPRF() on the stack, with "known" max
+ * values for all of the inputs.
+ *
+ * At least we hard-code string lengths here instead of calling strlen at runtime...
+ */
+#define PLS_MASTER_SECRET "master secret"
+#define PLS_MASTER_SECRET_LEN 13
+#define PLS_KEY_EXPAND "key expansion"
+#define PLS_KEY_EXPAND_LEN 13
+#define PLS_CLIENT_FINISH "client finished"
+#define PLS_CLIENT_FINISH_LEN 15
+#define PLS_SERVER_FINISH "server finished"
+#define PLS_SERVER_FINISH_LEN 15
+#define PLS_EXPORT_CLIENT_WRITE "client write key"
+#define PLS_EXPORT_CLIENT_WRITE_LEN 16
+#define PLS_EXPORT_SERVER_WRITE "server write key"
+#define PLS_EXPORT_SERVER_WRITE_LEN 16
+#define PLS_EXPORT_IV_BLOCK "IV block"
+#define PLS_EXPORT_IV_BLOCK_LEN 8
+
+#pragma mark *** private functions ***
+
+/*
+ * P_Hash function defined in RFC2246, section 5.
+ */
+static SSLErr tlsPHash(
+ SSLContext *ctx,
+ const HMACReference *hmac, // &TlsHmacSHA1, TlsHmacMD5
+ const unsigned char *secret,
+ unsigned secretLen,
+ unsigned char *seed,
+ unsigned seedLen,
+ unsigned char *out, // mallocd by caller, size >= outLen
+ unsigned outLen) // desired output size
+{
+ unsigned char aSubI[TLS_HMAC_MAX_SIZE]; /* A(i) */
+ unsigned char digest[TLS_HMAC_MAX_SIZE];
+ HMACContextRef hmacCtx;
+ SSLErr serr;
+ unsigned digestLen = hmac->macSize;
+
+ serr = hmac->alloc(hmac, ctx, secret, secretLen, &hmacCtx);
+ if(serr) {
+ return serr;
+ }
+
+ /* A(0) = seed */
+ /* A(1) := HMAC_hash(secret, seed) */
+ serr = hmac->hmac(hmacCtx, seed, seedLen, aSubI, &digestLen);
+ if(serr) {
+ goto fail;
+ }
+ assert(digestLen = hmac->macSize);
+
+ /* starting at loopNum 1... */
+ for (;;) {
+ /*
+ * This loop's chunk = HMAC_hash(secret, A(loopNum) + seed))
+ */
+ serr = hmac->init(hmacCtx);
+ if(serr) {
+ break;
+ }
+ serr = hmac->update(hmacCtx, aSubI, digestLen);
+ if(serr) {
+ break;
+ }
+ serr = hmac->update(hmacCtx, seed, seedLen);
+ if(serr) {
+ break;
+ }
+ serr = hmac->final(hmacCtx, digest, &digestLen);
+ if(serr) {
+ break;
+ }
+ assert(digestLen = hmac->macSize);
+
+ if(outLen <= digestLen) {
+ /* last time, possible partial digest */
+ memmove(out, digest, outLen);
+ break;
+ }
+
+ memmove(out, digest, digestLen);
+ out += digestLen;
+ outLen -= digestLen;
+
+ /*
+ * A(i) = HMAC_hash(secret, A(i-1))
+ * Note there is a possible optimization involving obtaining this
+ * hmac by cloning the state of hmacCtx above after updating with
+ * aSubI, and getting the final version of that here. However CDSA
+ * does not support cloning of a MAC context (only for digest contexts).
+ */
+ serr = hmac->hmac(hmacCtx, aSubI, digestLen,
+ aSubI, &digestLen);
+ if(serr) {
+ break;
+ }
+ assert(digestLen = hmac->macSize);
+ }
+fail:
+ hmac->free(hmacCtx);
+ memset(aSubI, 0, TLS_HMAC_MAX_SIZE);
+ memset(digest, 0, TLS_HMAC_MAX_SIZE);
+ return serr;
+}
+
+/*
+ * The TLS pseudorandom function, defined in RFC2246, section 5.
+ * This takes as its input a secret block, a label, and a seed, and produces
+ * a caller-specified length of pseudorandom data.
+ *
+ * Optimization TBD: make label optional, avoid malloc and two copies if it's
+ * not there, so callers can take advantage of fixed-size seeds.
+ */
+static SSLErr tlsPRF(
+ SSLContext *ctx,
+ const unsigned char *secret,
+ unsigned secretLen,
+ const unsigned char *label, // optional, NULL implies that seed contains
+ // the label
+ unsigned labelLen,
+ const unsigned char *seed,
+ unsigned seedLen,
+ unsigned char *out, // mallocd by called, length >= outLen
+ unsigned outLen)
+{
+ SSLErr serr = SSLInternalError;
+ const unsigned char *S1, *S2; // the two seeds
+ unsigned sLen; // effective length of each seed
+ unsigned char *labelSeed = NULL; // label + seed, passed to tlsPHash
+ unsigned labelSeedLen;
+ unsigned char *tmpOut = NULL; // output of P_SHA1
+ unsigned i;
+
+ /* two seeds for tlsPHash */
+ sLen = secretLen / 2; // for partitioning
+ S1 = secret;
+ S2 = &secret[sLen];
+ sLen += (secretLen & 1); // secret length odd, increment effective size
+
+ if(label != NULL) {
+ /* concatenate label and seed */
+ labelSeedLen = labelLen + seedLen;
+ labelSeed = sslMalloc(labelSeedLen);
+ if(labelSeed == NULL) {
+ return SSLMemoryErr;
+ }
+ memmove(labelSeed, label, labelLen);
+ memmove(labelSeed + labelLen, seed, seedLen);
+ }
+ else {
+ /* fast track - just use seed as is */
+ labelSeed = (unsigned char *)seed;
+ labelSeedLen = seedLen;
+ }
+
+ /* temporary output for SHA1, to be XORd with MD5 */
+ tmpOut = sslMalloc(outLen);
+ if(tmpOut == NULL) {
+ serr = SSLMemoryErr;
+ goto fail;
+ }
+ serr = tlsPHash(ctx, &TlsHmacMD5, S1, sLen, labelSeed, labelSeedLen,
+ out, outLen);
+ if(serr) {
+ goto fail;
+ }
+ serr = tlsPHash(ctx, &TlsHmacSHA1, S2, sLen, labelSeed, labelSeedLen,
+ tmpOut, outLen);
+ if(serr) {
+ goto fail;
+ }
+
+ /* XOR together to get final result */
+ for(i=0; i<outLen; i++) {
+ out[i] ^= tmpOut[i];
+ }
+ serr = SSLNoErr;
+
+fail:
+ if((labelSeed != NULL) && (label != NULL)) {
+ sslFree(labelSeed);
+ }
+ if(tmpOut != NULL) {
+ sslFree(tmpOut);
+ }
+ return serr;
+}
+
+/* not needed; encrypt/encode is the same for both protocols as long as
+ * we don't use the "variable length padding" feature. */
+#if 0
+static SSLErr tls1WriteRecord(
+ SSLRecord rec,
+ SSLContext *ctx)
+{
+ assert(0);
+ return SSLUnsupportedErr;
+}
+#endif
+
+static SSLErr tls1DecryptRecord(
+ UInt8 type,
+ SSLBuffer *payload,
+ SSLContext *ctx)
+{
+ SSLErr err;
+ SSLBuffer content;
+
+ if ((ctx->readCipher.symCipher->blockSize > 0) &&
+ ((payload->length % ctx->readCipher.symCipher->blockSize) != 0)) {
+ SSLFatalSessionAlert(alert_unexpected_message, ctx);
+ return SSLProtocolErr;
+ }
+
+ /* Decrypt in place */
+ if ((err = ctx->readCipher.symCipher->decrypt(*payload,
+ *payload,
+ &ctx->readCipher,
+ ctx)) != 0)
+ { SSLFatalSessionAlert(alert_close_notify, ctx);
+ return err;
+ }
+
+ /* Locate content within decrypted payload */
+ content.data = payload->data;
+ content.length = payload->length - ctx->readCipher.macRef->hash->digestSize;
+ if (ctx->readCipher.symCipher->blockSize > 0) {
+ /* for TLSv1, padding can be anywhere from 0 to 255 bytes */
+ UInt8 padSize = payload->data[payload->length - 1];
+ UInt8 *padChars;
+
+ /* verify that all padding bytes are equal - WARNING - OpenSSL code
+ * has a special case here dealing with some kind of bug related to
+ * even size packets...beware... */
+ if(padSize > payload->length) {
+ SSLFatalSessionAlert(alert_unexpected_message, ctx);
+ errorLog1("tls1DecryptRecord: bad padding length (%d)\n",
+ (unsigned)payload->data[payload->length - 1]);
+ return SSLProtocolErr;
+ }
+ padChars = payload->data + payload->length - padSize;
+ while(padChars < (payload->data + payload->length)) {
+ if(*padChars++ != padSize) {
+ SSLFatalSessionAlert(alert_unexpected_message, ctx);
+ errorLog0("tls1DecryptRecord: bad padding value\n");
+ return SSLProtocolErr;
+ }
+ }
+ /* Remove block size padding and its one-byte length */
+ content.length -= (1 + padSize);
+ }
+
+ /* Verify MAC on payload */
+ if (ctx->readCipher.macRef->hash->digestSize > 0)
+ /* Optimize away MAC for null case */
+ if ((err = SSLVerifyMac(type, content,
+ payload->data + content.length, ctx)) != 0)
+ { SSLFatalSessionAlert(alert_bad_record_mac, ctx);
+ return err;
+ }
+
+ *payload = content; /* Modify payload buffer to indicate content length */
+
+ return SSLNoErr;
+}
+
+/* initialize a per-CipherContext HashHmacContext for use in MACing each record */
+static SSLErr tls1InitMac (
+ CipherContext *cipherCtx, // macRef, macSecret valid on entry
+ // macCtx valid on return
+ SSLContext *ctx)
+{
+ const HMACReference *hmac;
+ SSLErr serr;
+
+ assert(cipherCtx->macRef != NULL);
+ hmac = cipherCtx->macRef->hmac;
+ assert(hmac != NULL);
+
+ if(cipherCtx->macCtx.hmacCtx != NULL) {
+ hmac->free(cipherCtx->macCtx.hmacCtx);
+ cipherCtx->macCtx.hmacCtx = NULL;
+ }
+ serr = hmac->alloc(hmac, ctx, cipherCtx->macSecret,
+ cipherCtx->macRef->hmac->macSize, &cipherCtx->macCtx.hmacCtx);
+
+ /* mac secret now stored in macCtx.hmacCtx, delete it from cipherCtx */
+ memset(cipherCtx->macSecret, 0, sizeof(cipherCtx->macSecret));
+ return serr;
+}
+
+static SSLErr tls1FreeMac (
+ CipherContext *cipherCtx)
+{
+ /* this can be called on a completely zeroed out CipherContext... */
+ if(cipherCtx->macRef == NULL) {
+ return SSLNoErr;
+ }
+ assert(cipherCtx->macRef->hmac != NULL);
+
+ if(cipherCtx->macCtx.hmacCtx != NULL) {
+ cipherCtx->macRef->hmac->free(cipherCtx->macCtx.hmacCtx);
+ cipherCtx->macCtx.hmacCtx = NULL;
+ }
+ return SSLNoErr;
+}
+
+/*
+ * mac = HMAC_hash(MAC_write_secret, seq_num + TLSCompressed.type +
+ * TLSCompressed.version + TLSCompressed.length +
+ * TLSCompressed.fragment));
+ */
+
+/* sequence, type, version, length */
+#define HDR_LENGTH (8 + 1 + 2 + 2)
+SSLErr tls1ComputeMac (
+ UInt8 type,
+ SSLBuffer data,
+ SSLBuffer mac, // caller mallocs data
+ CipherContext *cipherCtx, // assumes macCtx, macRef
+ sslUint64 seqNo,
+ SSLContext *ctx)
+{
+ unsigned char hdr[HDR_LENGTH];
+ unsigned char *p;
+ HMACContextRef hmacCtx;
+ SSLErr serr;
+ const HMACReference *hmac;
+ unsigned macLength;
+
+ assert(cipherCtx != NULL);
+ assert(cipherCtx->macRef != NULL);
+ hmac = cipherCtx->macRef->hmac;
+ assert(hmac != NULL);
+ hmacCtx = cipherCtx->macCtx.hmacCtx; // may be NULL, for null cipher
+
+ serr = hmac->init(hmacCtx);
+ if(serr) {
+ goto fail;
+ }
+ p = SSLEncodeUInt64(hdr, seqNo);
+ *p++ = type;
+ *p++ = TLS_Version_1_0 >> 8;
+ *p++ = TLS_Version_1_0 & 0xff;
+ *p++ = data.length >> 8;
+ *p = data.length & 0xff;
+ serr = hmac->update(hmacCtx, hdr, HDR_LENGTH);
+ if(serr) {
+ goto fail;
+ }
+ serr = hmac->update(hmacCtx, data.data, data.length);
+ if(serr) {
+ goto fail;
+ }
+ macLength = mac.length;
+ serr = hmac->final(hmacCtx, mac.data, &macLength);
+ if(serr) {
+ goto fail;
+ }
+ mac.length = macLength;
+fail:
+ return serr;
+}
+
+/*
+ * On input, the following are valid:
+ * MasterSecret[48]
+ * ClientHello.random[32]
+ * ServerHello.random[32]
+ *
+ * key_block = PRF(SecurityParameters.master_secret,
+ * "key expansion",
+ * SecurityParameters.server_random +
+ * SecurityParameters.client_random);
+ */
+
+#define GKM_SEED_LEN (PLS_KEY_EXPAND_LEN + (2 * SSL_CLIENT_SRVR_RAND_SIZE))
+
+SSLErr tls1GenerateKeyMaterial (
+ SSLBuffer key, // caller mallocs and specifies length of
+ // required key material here
+ SSLContext *ctx)
+{
+ unsigned char seedBuf[GKM_SEED_LEN];
+ SSLErr serr;
+
+ /* use optimized label-less PRF */
+ memmove(seedBuf, PLS_KEY_EXPAND, PLS_KEY_EXPAND_LEN);
+ memmove(seedBuf + PLS_KEY_EXPAND_LEN, ctx->serverRandom,
+ SSL_CLIENT_SRVR_RAND_SIZE);
+ memmove(seedBuf + PLS_KEY_EXPAND_LEN + SSL_CLIENT_SRVR_RAND_SIZE,
+ ctx->clientRandom, SSL_CLIENT_SRVR_RAND_SIZE);
+ serr = tlsPRF(ctx,
+ ctx->masterSecret,
+ SSL_MASTER_SECRET_SIZE,
+ NULL, // no label
+ 0,
+ seedBuf,
+ GKM_SEED_LEN,
+ key.data, // destination
+ key.length);
+ tlsDump("key expansion", key.data, key.length);
+ return serr;
+}
+
+/*
+ * final_client_write_key =
+ * PRF(SecurityParameters.client_write_key,
+ * "client write key",
+ * SecurityParameters.client_random +
+ * SecurityParameters.server_random);
+ * final_server_write_key =
+ * PRF(SecurityParameters.server_write_key,
+ * "server write key",
+ * SecurityParameters.client_random +
+ * SecurityParameters.server_random);
+ *
+ * iv_block = PRF("", "IV block", SecurityParameters.client_random +
+ * SecurityParameters.server_random);
+ *
+ * iv_block is broken up into:
+ *
+ * client_write_IV[SecurityParameters.IV_size]
+ * server_write_IV[SecurityParameters.IV_size]
+ */
+SSLErr tls1GenerateExportKeyAndIv (
+ SSLContext *ctx, // clientRandom, serverRandom valid
+ const SSLBuffer clientWriteKey,
+ const SSLBuffer serverWriteKey,
+ SSLBuffer finalClientWriteKey, // RETURNED, mallocd by caller
+ SSLBuffer finalServerWriteKey, // RETURNED, mallocd by caller
+ SSLBuffer finalClientIV, // RETURNED, mallocd by caller
+ SSLBuffer finalServerIV) // RETURNED, mallocd by caller
+{
+ unsigned char randBuf[2 * SSL_CLIENT_SRVR_RAND_SIZE];
+ SSLErr serr;
+ unsigned char *ivBlock;
+ char *nullKey = "";
+
+ /* all three PRF calls use the same seed */
+ memmove(randBuf, ctx->clientRandom, SSL_CLIENT_SRVR_RAND_SIZE);
+ memmove(randBuf + SSL_CLIENT_SRVR_RAND_SIZE,
+ ctx->serverRandom, SSL_CLIENT_SRVR_RAND_SIZE);
+
+ serr = tlsPRF(ctx,
+ clientWriteKey.data,
+ clientWriteKey.length,
+ PLS_EXPORT_CLIENT_WRITE,
+ PLS_EXPORT_CLIENT_WRITE_LEN,
+ randBuf,
+ 2 * SSL_CLIENT_SRVR_RAND_SIZE,
+ finalClientWriteKey.data, // destination
+ finalClientWriteKey.length);
+ if(serr) {
+ return serr;
+ }
+ serr = tlsPRF(ctx,
+ serverWriteKey.data,
+ serverWriteKey.length,
+ PLS_EXPORT_SERVER_WRITE,
+ PLS_EXPORT_SERVER_WRITE_LEN,
+ randBuf,
+ 2 * SSL_CLIENT_SRVR_RAND_SIZE,
+ finalServerWriteKey.data, // destination
+ finalServerWriteKey.length);
+ if(serr) {
+ return serr;
+ }
+ if((finalClientIV.length == 0) && (finalServerIV.length == 0)) {
+ /* skip remainder as optimization */
+ return SSLNoErr;
+ }
+ ivBlock = sslMalloc(finalClientIV.length + finalServerIV.length);
+ if(ivBlock == NULL) {
+ return SSLMemoryErr;
+ }
+ serr = tlsPRF(ctx,
+ nullKey,
+ 0,
+ PLS_EXPORT_IV_BLOCK,
+ PLS_EXPORT_IV_BLOCK_LEN,
+ randBuf,
+ 2 * SSL_CLIENT_SRVR_RAND_SIZE,
+ ivBlock, // destination
+ finalClientIV.length + finalServerIV.length);
+ if(serr) {
+ goto done;
+ }
+ memmove(finalClientIV.data, ivBlock, finalClientIV.length);
+ memmove(finalServerIV.data, ivBlock + finalClientIV.length, finalServerIV.length);
+done:
+ sslFree(ivBlock);
+ return serr;
+}
+
+/*
+ * On entry: clientRandom, serverRandom, preMasterSecret valid
+ * On return: masterSecret valid
+ *
+ * master_secret = PRF(pre_master_secret, "master secret",
+ * ClientHello.random + ServerHello.random)
+ * [0..47];
+ */
+
+SSLErr tls1GenerateMasterSecret (
+ SSLContext *ctx)
+{
+ unsigned char randBuf[2 * SSL_CLIENT_SRVR_RAND_SIZE];
+ SSLErr serr;
+
+ memmove(randBuf, ctx->clientRandom, SSL_CLIENT_SRVR_RAND_SIZE);
+ memmove(randBuf + SSL_CLIENT_SRVR_RAND_SIZE,
+ ctx->serverRandom, SSL_CLIENT_SRVR_RAND_SIZE);
+ serr = tlsPRF(ctx,
+ ctx->preMasterSecret.data,
+ ctx->preMasterSecret.length,
+ PLS_MASTER_SECRET,
+ PLS_MASTER_SECRET_LEN,
+ randBuf,
+ 2 * SSL_CLIENT_SRVR_RAND_SIZE,
+ ctx->masterSecret, // destination
+ SSL_MASTER_SECRET_SIZE);
+ tlsDump("master secret", ctx->masterSecret, SSL_MASTER_SECRET_SIZE);
+ return serr;
+}
+
+/*
+ * Given digests contexts representing the running total of all handshake messages,
+ * calculate mac for "finished" message.
+ *
+ * verify_data = 12 bytes =
+ * PRF(master_secret, finished_label, MD5(handshake_messages) +
+ * SHA-1(handshake_messages)) [0..11];
+ */
+SSLErr tls1ComputeFinishedMac (
+ SSLContext *ctx,
+ SSLBuffer finished, // output - mallocd by caller
+ SSLBuffer shaMsgState, // clone of running digest of all handshake msgs
+ SSLBuffer md5MsgState, // ditto
+ Boolean isServer)
+{
+ unsigned char digests[SSL_MD5_DIGEST_LEN + SSL_SHA1_DIGEST_LEN];
+ SSLBuffer digBuf;
+ unsigned char *finLabel;
+ unsigned finLabelLen;
+ SSLErr serr;
+
+ if(isServer) {
+ finLabel = PLS_SERVER_FINISH;
+ finLabelLen = PLS_SERVER_FINISH_LEN;
+ }
+ else {
+ finLabel = PLS_CLIENT_FINISH;
+ finLabelLen = PLS_CLIENT_FINISH_LEN;
+ }
+
+ /* concatenate two digest results */
+ digBuf.data = digests;
+ digBuf.length = SSL_MD5_DIGEST_LEN;
+ serr = SSLHashMD5.final(md5MsgState, digBuf);
+ if(serr) {
+ return serr;
+ }
+ digBuf.data += SSL_MD5_DIGEST_LEN;
+ digBuf.length = SSL_SHA1_DIGEST_LEN;
+ serr = SSLHashSHA1.final(shaMsgState, digBuf);
+ if(serr) {
+ return serr;
+ }
+ return tlsPRF(ctx,
+ ctx->masterSecret,
+ SSL_MASTER_SECRET_SIZE,
+ finLabel,
+ finLabelLen,
+ digests,
+ SSL_MD5_DIGEST_LEN + SSL_SHA1_DIGEST_LEN,
+ finished.data, // destination
+ finished.length);
+}
+
+/*
+ * This one is trivial.
+ *
+ * mac := MD5(handshake_messages) + SHA(handshake_messages);
+ *
+ * I don't know why this one doesn't use an HMAC or the master secret (as SSLv3
+ * does).
+ */
+SSLErr tls1ComputeCertVfyMac (
+ SSLContext *ctx,
+ SSLBuffer finished, // output - mallocd by caller
+ SSLBuffer shaMsgState, // clone of running digest of all handshake msgs
+ SSLBuffer md5MsgState) // ditto
+{
+ SSLBuffer digBuf;
+ SSLErr serr;
+
+ assert(finished.length == (SSL_MD5_DIGEST_LEN + SSL_SHA1_DIGEST_LEN));
+ digBuf.data = finished.data;
+ digBuf.length = SSL_MD5_DIGEST_LEN;
+ serr = SSLHashMD5.final(md5MsgState, digBuf);
+ if(serr) {
+ return serr;
+ }
+ digBuf.data = finished.data + SSL_MD5_DIGEST_LEN;
+ digBuf.length = SSL_SHA1_DIGEST_LEN;
+ return SSLHashSHA1.final(shaMsgState, digBuf);
+}
+
+const SslTlsCallouts Tls1Callouts = {
+ tls1DecryptRecord,
+ ssl3WriteRecord,
+ tls1InitMac,
+ tls1FreeMac,
+ tls1ComputeMac,
+ tls1GenerateKeyMaterial,
+ tls1GenerateExportKeyAndIv,
+ tls1GenerateMasterSecret,
+ tls1ComputeFinishedMac,
+ tls1ComputeCertVfyMac
+};
--- /dev/null
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: tls_hmac.c
+
+ Contains: HMAC routines used by TLS
+
+ Written by: Doug Mitchell
+*/
+
+#include "tls_hmac.h"
+#include "appleCdsa.h"
+#include "sslalloc.h"
+#include "sslerrs.h"
+#include "cryptType.h"
+#include "digests.h"
+#include <strings.h>
+#include <assert.h>
+#include <Security/cssm.h>
+
+/* Per-session state, opaque to callers; all fields set at alloc time */
+struct HMACContext {
+ SSLContext *ctx;
+ CSSM_CC_HANDLE ccHand;
+ const struct HMACReference *hmac;
+};
+
+#pragma mark *** Common CDSA_based HMAC routines ***
+
+/* Create an HMAC session */
+static SSLErr HMAC_Alloc(
+ const struct HMACReference *hmac,
+ SSLContext *ctx,
+ const void *keyPtr,
+ unsigned keyLen,
+ HMACContextRef *hmacCtx) // RETURNED
+{
+ CSSM_RETURN crtn;
+ CSSM_KEY cssmKey;
+ SSLErr serr;
+ CSSM_ALGORITHMS calg;
+ HMACContextRef href = sslMalloc(sizeof(struct HMACContext));
+
+ if(href == NULL) {
+ return SSLMemoryErr;
+ }
+ href->ctx = ctx;
+ href->ccHand = 0;
+ href->hmac = hmac;
+
+ /*
+ * Since the key is present in the CDSA context, we cook up the context now.
+ * Currently we can't reuse an HMAC context if the key changes.
+ */
+ switch(hmac->alg) {
+ case HA_SHA1:
+ calg = CSSM_ALGID_SHA1HMAC;
+ break;
+ case HA_MD5:
+ calg = CSSM_ALGID_MD5HMAC;
+ break;
+ default:
+ assert(0);
+ return SSLInternalError;
+ }
+ serr = sslSetUpSymmKey(&cssmKey,
+ calg,
+ CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY,
+ CSSM_FALSE, /* don't malloc/copy key */
+ (uint8 *)keyPtr,
+ keyLen);
+ if(serr) {
+ return serr;
+ }
+ if(attachToCsp(ctx)) {
+ return serr;
+ }
+ crtn = CSSM_CSP_CreateMacContext(ctx->cspHand,
+ calg,
+ &cssmKey,
+ &href->ccHand);
+ if(crtn) {
+ return SSLCryptoError;
+ }
+
+ /* success */
+ *hmacCtx = href;
+ return SSLNoErr;
+}
+
+/* free a session */
+static SSLErr HMAC_Free(
+ HMACContextRef hmacCtx)
+{
+ if(hmacCtx != NULL) {
+ if(hmacCtx->ccHand != 0) {
+ CSSM_DeleteContext(hmacCtx->ccHand);
+ hmacCtx->ccHand = 0;
+ }
+ sslFree(hmacCtx);
+ }
+ return SSLNoErr;
+}
+
+/* Reusable init */
+static SSLErr HMAC_Init(
+ HMACContextRef hmacCtx)
+{
+ CSSM_RETURN crtn;
+
+ if(hmacCtx == NULL) {
+ return SSLInternalError;
+ }
+ assert(hmacCtx->ctx != NULL);
+ assert(hmacCtx->hmac != NULL);
+ assert(hmacCtx->ccHand != 0);
+
+ crtn = CSSM_GenerateMacInit(hmacCtx->ccHand);
+ if(crtn) {
+ return SSLCryptoError;
+ }
+ return SSLNoErr;
+}
+
+/* normal crypt ops */
+static SSLErr HMAC_Update(
+ HMACContextRef hmacCtx,
+ const void *data,
+ unsigned dataLen)
+{
+ CSSM_RETURN crtn;
+ CSSM_DATA cdata;
+
+ if(hmacCtx == NULL) {
+ return SSLInternalError;
+ }
+ assert(hmacCtx->ctx != NULL);
+ assert(hmacCtx->hmac != NULL);
+ assert(hmacCtx->ccHand != 0);
+ cdata.Data = (uint8 *)data;
+ cdata.Length = dataLen;
+ crtn = CSSM_GenerateMacUpdate(hmacCtx->ccHand, &cdata, 1);
+ if(crtn) {
+ return SSLCryptoError;
+ }
+ return SSLNoErr;
+}
+
+static SSLErr HMAC_Final(
+ HMACContextRef hmacCtx,
+ void *hmac, // mallocd by caller
+ unsigned *hmacLen) // IN/OUT
+{
+ CSSM_RETURN crtn;
+ CSSM_DATA cdata;
+
+ if(hmacCtx == NULL) {
+ return SSLInternalError;
+ }
+ if((hmac == NULL) || (hmacLen == 0)) {
+ return SSLInternalError;
+ }
+ assert(hmacCtx->ctx != NULL);
+ assert(hmacCtx->hmac != NULL);
+ assert(hmacCtx->ccHand != 0);
+ cdata.Data = (uint8 *)hmac;
+ cdata.Length = *hmacLen;
+ crtn = CSSM_GenerateMacFinal(hmacCtx->ccHand, &cdata);
+ if(crtn) {
+ return SSLCryptoError;
+ }
+ *hmacLen = cdata.Length;
+ return SSLNoErr;
+}
+
+/* one-shot */
+static SSLErr HMAC_Hmac (
+ HMACContextRef hmacCtx,
+ const void *data,
+ unsigned dataLen,
+ void *hmac, // mallocd by caller
+ unsigned *hmacLen) // IN/OUT
+{
+ SSLErr serr;
+ const HMACReference *hmacRef;
+
+ if(hmacCtx == NULL) {
+ return SSLInternalError;
+ }
+ hmacRef = hmacCtx->hmac;
+ assert(hmacRef != NULL);
+ serr = hmacRef->init(hmacCtx);
+ if(serr) {
+ return serr;
+ }
+ serr = hmacRef->update(hmacCtx, data, dataLen);
+ if(serr) {
+ return serr;
+ }
+ return hmacRef->final(hmacCtx, hmac, hmacLen);
+}
+
+#pragma mark *** Null HMAC ***
+
+static SSLErr HMAC_AllocNull(
+ const struct HMACReference *hmac,
+ SSLContext *ctx,
+ const void *keyPtr,
+ unsigned keyLen,
+ HMACContextRef *hmacCtx) // RETURNED
+{
+ *hmacCtx = NULL;
+ return SSLNoErr;
+}
+
+static SSLErr HMAC_FreeNull(
+ HMACContextRef hmacCtx)
+{
+ return SSLNoErr;
+}
+
+static SSLErr HMAC_InitNull(
+ HMACContextRef hmacCtx)
+ {
+ return SSLNoErr;
+}
+
+static SSLErr HMAC_UpdateNull(
+ HMACContextRef hmacCtx,
+ const void *data,
+ unsigned dataLen)
+{
+ return SSLNoErr;
+}
+
+static SSLErr HMAC_FinalNull(
+ HMACContextRef hmacCtx,
+ void *hmac, // mallocd by caller
+ unsigned *hmacLen) // IN/OUT
+{
+ return SSLNoErr;
+}
+
+static SSLErr HMAC_HmacNull (
+ HMACContextRef hmacCtx,
+ const void *data,
+ unsigned dataLen,
+ void *hmac, // mallocd by caller
+ unsigned *hmacLen)
+{
+ return SSLNoErr;
+}
+
+const HMACReference TlsHmacNull = {
+ 0,
+ HA_Null,
+ HMAC_AllocNull,
+ HMAC_FreeNull,
+ HMAC_InitNull,
+ HMAC_UpdateNull,
+ HMAC_FinalNull,
+ HMAC_HmacNull
+};
+
+const HMACReference TlsHmacSHA1 = {
+ 20,
+ HA_SHA1,
+ HMAC_Alloc,
+ HMAC_Free,
+ HMAC_Init,
+ HMAC_Update,
+ HMAC_Final,
+ HMAC_Hmac
+};
+
+const HMACReference TlsHmacMD5 = {
+ 16,
+ HA_MD5,
+ HMAC_Alloc,
+ HMAC_Free,
+ HMAC_Init,
+ HMAC_Update,
+ HMAC_Final,
+ HMAC_Hmac
+};
+
+const HashHmacReference HashHmacNull = {
+ &SSLHashNull,
+ &TlsHmacNull
+};
+
+const HashHmacReference HashHmacMD5 = {
+ &SSLHashMD5,
+ &TlsHmacMD5
+};
+
+const HashHmacReference HashHmacSHA1 = {
+ &SSLHashSHA1,
+ &TlsHmacSHA1
+};
+_gGuidCssm
_gGuidAppleCSP
+_gGuidAppleFileDL
_gGuidAppleCSPDL
_gGuidAppleFileDL
_gGuidAppleX509CL
_gGuidAppleX509TP
_cssmPerror
+_MDS_Initialize
+_MDS_Terminate
+_MDS_Install
+_MDS_Uninstall
_SSLNewContext
_SSLDisposeContext
_SSLGetSessionState
_SSLSetIOFuncs
_SSLSetProtocolVersion
_SSLGetProtocolVersion
+_SSLSetCertificate
_SSLSetConnection
_SSLGetNegotiatedProtocolVersion
_SSLGetNumberSupportedCiphers
_SSLSetEnabledCiphers
_SSLGetNumberEnabledCiphers
_SSLGetEnabledCiphers
-_SSLSetAllowExpiredCerts
-_SSLGetAllowExpiredCerts
+_SSLSetAllowsExpiredCerts
+_SSLGetAllowsExpiredCerts
_SSLGetPeerCertificates
_SSLSetPeerID
+_SSLGetPeerID
+_SSLSetPeerDomainName
+_SSLGetPeerDomainNameLength
+_SSLGetPeerDomainName
_SSLGetNegotiatedCipher
+_SSLSetEncryptionCertificate
+_SSLGetBufferedReadSize
_SSLHandshake
_SSLWrite
_SSLRead
_SSLClose
-_SSLSetAllowAnyRoot
+_SSLSetAllowsAnyRoot
+_SSLGetAllowsAnyRoot
_SessionGetInfo
_SessionCreate
_checkpw
+_checkpw_internal
archiveVersion = 1;
classes = {
};
- objectVersion = 34;
+ objectVersion = 38;
objects = {
01379EAE001E00F311CD296C = {
children = (
01FA8062FFF2B54C11CD283A,
01FA806BFFF2B54C11CD283A,
01FA806CFFF2B54C11CD283A,
- 01FA806DFFF2B54C11CD283A,
01FA806EFFF2B54C11CD283A,
+ 01FA806DFFF2B54C11CD283A,
01FA806FFFF2B54C11CD283A,
01FA8070FFF2B54C11CD283A,
01FA8071FFF2B54C11CD283A,
01FA803FFFF2B54C11CD283A,
01FA8043FFF2B54C11CD283A,
01FA8044FFF2B54C11CD283A,
+ 326618CC01C6844C05CA2E77,
+ 326618CD01C6844C05CA2E77,
01FA8045FFF2B54C11CD283A,
01FA8046FFF2B54C11CD283A,
01FA8047FFF2B54C11CD283A,
);
buildSettings = {
DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
+ DYLIB_CURRENT_VERSION = 53;
FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\"";
- HEADER_SEARCH_PATHS = "\"$(SYMROOT)/BSafe.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/BSafe.framework/Headers\" \"$(SRCROOT)/AppleCSP\" \"$(SRCROOT)/AppleCSP/open_ssl\" \"\"";
+ HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/BSafe.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/BSafe.framework/Headers\" \"$(SRCROOT)/AppleCSP\" \"$(SRCROOT)/AppleCSP/open_ssl\"";
LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
+ OPTIMIZATION_CFLAGS = "-O3 -DNDEBUG";
OTHER_CFLAGS = "-DCRYPTKIT_CSP_ENABLE -DASC_CSP_ENABLE -DVDADER_RULES -DALLOW_ZERO_PASSWORD -DCRYPTKIT_DER_ENABLE";
OTHER_LDFLAGS = "";
OTHER_LIBTOOL_FLAGS = "";
52BFC30A007A6A1B7F000001,
57FCEE95007B8B3D7F000001,
57FCEE9D007B8D4F7F000001,
- 1691956A00947FD37F000001,
1691956C009480BC7F000001,
1691956E009485A47F000001,
169195B60094A63C7F000001,
28B044E50094DC627F000001,
48855E840095DC957F000001,
01D5634900974F7C7F000001,
- 127F63C60098D55A7F000001,
07E4D6E500A0CD8D7F000001,
209FCB4F00A738117F000001,
59375E6C00A848827F000001,
0149035E00A9DC487F000001,
0149035F00A9DC487F000001,
0149036500A9DF347F000001,
+ 9D8F0D2901C815A600003D05,
+ 9D2C3D0101C826C800003D05,
+ 9D2C3D0301C82F6100003D05,
+ 9D206AA701EB68F200003D05,
+ 9D291880026B504700003D05,
+ 9D291889026B56DA00003D05,
+ 9D29188B026B56DA00003D05,
+ 9D29188D026B56DA00003D05,
+ 9D291891026B8BBD00003D05,
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
014880D0005EAE4D11CD283A = {
buildActionMask = 2147483647;
0149036100A9DC487F000001,
0149036200A9DC487F000001,
0149036300A9DC487F000001,
+ 9D8F0D2A01C815A600003D05,
+ 9D8F0D2B01C815A600003D05,
+ 9D29187A026B502600003D05,
+ 9D29187B026B502600003D05,
+ 9D29187C026B502600003D05,
+ 9D29187D026B502600003D05,
+ 9D29187E026B502600003D05,
+ 9D291888026B56DA00003D05,
+ 9D29188A026B56DA00003D05,
+ 9D29188C026B56DA00003D05,
+ 9D291890026B8BBD00003D05,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
014880D1005EAE4D11CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
014880D2005EAE4D11CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
014880D4005EAE4D11CD283A = {
buildPhases = (
);
buildSettings = {
DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
+ DYLIB_CURRENT_VERSION = 53;
LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
OTHER_CFLAGS = "-DVDADER_RULES";
OTHER_LDFLAGS = "";
OTHER_LIBTOOL_FLAGS = "";
0148812E005EB04411CD283A,
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
014880D6005EAE4D11CD283A = {
buildActionMask = 2147483647;
327DDDF500D707D805CD296C,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
014880D7005EAE4D11CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
014880D8005EAE4D11CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
014880DA005EAE4D11CD283A = {
buildPhases = (
);
buildSettings = {
DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
+ DYLIB_CURRENT_VERSION = 53;
LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
OTHER_CFLAGS = "";
OTHER_LDFLAGS = "";
OTHER_LIBTOOL_FLAGS = "";
01488139005EB04411CD283A,
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
014880DC005EAE4D11CD283A = {
buildActionMask = 2147483647;
0148813A005EB04411CD283A,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
014880DD005EAE4D11CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
014880DE005EAE4D11CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
014880E0005EAE4D11CD283A = {
buildPhases = (
);
buildSettings = {
DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
+ DYLIB_CURRENT_VERSION = 53;
LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
OTHER_CFLAGS = "-DVDADER_RULES";
OTHER_LDFLAGS = "";
OTHER_LIBTOOL_FLAGS = "";
01488144005EB04411CD283A,
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
014880E2005EAE4D11CD283A = {
buildActionMask = 2147483647;
0148814F005EB04411CD283A,
01488150005EB04411CD283A,
01488151005EB04411CD283A,
+ F540EDC3027A41BF01CA2E66,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
014880E3005EAE4D11CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
014880E4005EAE4D11CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
014880E6005EAE4D11CD283A = {
buildPhases = (
);
buildSettings = {
DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
+ DYLIB_CURRENT_VERSION = 53;
LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
OTHER_CFLAGS = "-DVDADER_RULES";
OTHER_LDFLAGS = "";
OTHER_LIBTOOL_FLAGS = "";
01488159005EB04411CD283A,
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
014880E8005EAE4D11CD283A = {
buildActionMask = 2147483647;
0148815B005EB04411CD283A,
0148815C005EB04411CD283A,
0148815D005EB04411CD283A,
- 0148815E005EB04411CD283A,
- 0148815F005EB04411CD283A,
- 01488160005EB04411CD283A,
01488161005EB04411CD283A,
01488162005EB04411CD283A,
01488163005EB04411CD283A,
+ 9D4B1BC80156C2E500A17CD1,
+ 9D14AC53020093D100003D05,
+ 9D9AEFBB02B6BC6C00003D05,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
014880E9005EAE4D11CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
014880EA005EAE4D11CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
014880EC005EB04411CD283A = {
fileRef = 07A0F5EE005DAEE111CD283A;
settings = {
};
};
- 0148815E005EB04411CD283A = {
- fileRef = 07A0F6D7005DAEE111CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0148815F005EB04411CD283A = {
- fileRef = 07A0F6D9005DAEE111CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 01488160005EB04411CD283A = {
- fileRef = 07A0F6DA005DAEE111CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
01488161005EB04411CD283A = {
fileRef = 07A0F6DB005DAEE111CD283A;
isa = PBXBuildFile;
children = (
01FA8215FFF2B54C11CD283A,
01FA823BFFF2B54C11CD283A,
+ 32361F0701F4B28E05CA2E77,
01FA823CFFF2B54C11CD283A,
01FA821AFFF2B54C11CD283A,
01FA821BFFF2B54C11CD283A,
};
0177F263FFFAA2D311CD283A = {
children = (
- 0177F269FFFAA2D311CD283A,
- 0177F26AFFFAA2D311CD283A,
- 0177F27EFFFAA2D311CD283A,
- 0177F27FFFFAA2D311CD283A,
- 0177F286FFFAA2D311CD283A,
- 0177F287FFFAA2D311CD283A,
- 0177F28AFFFAA2D311CD283A,
- 0177F28BFFFAA2D311CD283A,
- 0177F290FFFAA2D311CD283A,
- 0177F291FFFAA2D311CD283A,
- 0177F292FFFAA2D311CD283A,
- 0177F293FFFAA2D311CD283A,
- 0177F29CFFFAA2D311CD283A,
- 0177F29DFFFAA2D311CD283A,
- 0177F29EFFFAA2D311CD283A,
- 0177F29FFFFAA2D311CD283A,
- 0177F2A0FFFAA2D311CD283A,
- 0177F2A1FFFAA2D311CD283A,
- 0177F2A2FFFAA2D311CD283A,
- 0177F352FFFAC61911CD283A,
- 0177F353FFFAC61911CD283A,
- 0177F2B7FFFAA2D311CD283A,
- 0177F2B8FFFAA2D311CD283A,
- 0177F2C6FFFAA2D311CD283A,
- 0177F2C7FFFAA2D311CD283A,
- 0177F2C9FFFAA2D311CD283A,
- F579CFD900E99FC401CD283A,
- 0177F2CDFFFAA2D311CD283A,
- 0177F2D1FFFAA2D311CD283A,
- 0177F2D2FFFAA2D311CD283A,
- 0177F2D3FFFAA2D311CD283A,
- 0177F2D6FFFAA2D311CD283A,
- 0177F2D7FFFAA2D311CD283A,
+ F5786181022EDE8901CA2E64,
+ F57861F9022F13DF01CA2E64,
+ F5786222022F2D9701CA2E64,
+ F5786223022F2DDB01CA2E64,
);
isa = PBXGroup;
path = Keychain;
path = "https-proxy-protocol.cpp";
refType = 4;
};
- 017A54F40094AAE57F000001 = {
- fileRef = 017A54F20094AAE57F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 017A54F50094AAE57F000001 = {
- fileRef = 017A54F30094AAE57F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
017B6CA6009748107F000001 = {
isa = PBXFileReference;
path = buffers.cpp;
path = "ftp-proxy-protocol.cpp";
refType = 4;
};
- 01827D0B008CB8707F000001 = {
- fileRef = 01827D09008CB8707F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 01827D0C008CB8707F000001 = {
- fileRef = 01827D0A008CB8707F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
01CE6B19FFF2B1BA11CD283A = {
buildRules = (
);
COPY_PHASE_STRIP = NO;
OPTIMIZATION_CFLAGS = "-O0 -fno-inline";
OTHER_CFLAGS = "\U0001 -DDEBUGDUMP";
+ SECTORDER_FLAGS = "";
};
isa = PBXBuildStyle;
name = Development;
);
buildSettings = {
COPY_PHASE_STRIP = YES;
- OPTIMIZATION_CFLAGS = "-O2";
- OTHER_CFLAGS = "\U0001-DNDEBUG";
};
isa = PBXBuildStyle;
name = Deployment;
01FA8902FFF2BCA811CD283A,
01FA8903FFF2BCA811CD283A,
01FA88F8FFF2BBEB11CD283A,
+ 9DC1DF0F0299BCB400003D05,
+ 3283A53602B96AED05CA2E77,
);
isa = PBXAggregateTarget;
name = world;
target = 0867D69CFE84028FC02AAC07;
};
01CE6B1DFFF2B33A11CD283A = {
- buildArgumentsString = "-f cdsa/generator.mk $ACTION \"SRCROOT=$SRCROOT\" \"SYMROOT=$SYMROOT\"";
+ buildArgumentsString = "-f cdsa/generator.mk $ACTION \"SRCROOT=$SRCROOT\" \"TARGET_BUILD_DIR=$TARGET_BUILD_DIR\" \"BUILT_PRODUCTS_DIR=$BUILT_PRODUCTS_DIR\"";
buildPhases = (
);
buildSettings = {
01FA8003FFF2B54C11CD283A,
01FA8025FFF2B54C11CD283A,
01FA80AAFFF2B54C11CD283A,
+ 9D518682018F278000003D05,
01FA80C6FFF2B54C11CD283A,
01FA80D6FFF2B54C11CD283A,
);
};
01FA8003FFF2B54C11CD283A = {
children = (
+ 32623CFC024BBA3B05CA2E77,
01FA8004FFF2B54C11CD283A,
01FA8005FFF2B54C11CD283A,
01FA8006FFF2B54C11CD283A,
+ 32867BAB02316C3905CA2E77,
+ 32867BAC02316C3905CA2E77,
01FA8008FFF2B54C11CD283A,
01FA8009FFF2B54C11CD283A,
01FA800AFFF2B54C11CD283A,
01FA801FFFF2B54C11CD283A,
01FA8020FFF2B54C11CD283A,
01FA8021FFF2B54C11CD283A,
+ 32867BA70231611A05CA2E77,
+ 32867BA80231611A05CA2E77,
01FA8022FFF2B54C11CD283A,
01FA8023FFF2B54C11CD283A,
);
01FA8058FFF2B54C11CD283A,
01FA8059FFF2B54C11CD283A,
01FA805AFFF2B54C11CD283A,
+ 320F609D0234113505CA2E77,
+ 320F609E0234113505CA2E77,
01FA805BFFF2B54C11CD283A,
01FA805CFFF2B54C11CD283A,
01FA805DFFF2B54C11CD283A,
01FA8064FFF2B54C11CD283A,
01FA8065FFF2B54C11CD283A,
01FA8066FFF2B54C11CD283A,
+ 32867BB202316E3305CA2E77,
+ 32867BB302316E3305CA2E77,
01FA8067FFF2B54C11CD283A,
01FA8068FFF2B54C11CD283A,
01FA8069FFF2B54C11CD283A,
01FA8079FFF2B54C11CD283A,
01FA807AFFF2B54C11CD283A,
01FA807BFFF2B54C11CD283A,
+ 9D8B6A2A015A48F500A17CD1,
01FA807CFFF2B54C11CD283A,
01FA807DFFF2B54C11CD283A,
01FA807EFFF2B54C11CD283A,
025C84BB0027360A11CD296C,
01FA80A2FFF2B54C11CD283A,
01FA80A3FFF2B54C11CD283A,
+ F559B18C01D1510A01CA2E64,
01FA80A4FFF2B54C11CD283A,
01FA80A5FFF2B54C11CD283A,
01FA80A6FFF2B54C11CD283A,
01FA80A8FFF2B54C11CD283A,
3272260D00E3C7FB05CD296C,
014259A9001645E911CD296C,
+ 3244148B0236DD2705CA2E77,
014259AA001645E911CD296C,
33BD041F00838F447F000001,
);
01FA80B8FFF2B54C11CD283A,
01FA80B9FFF2B54C11CD283A,
01FA80BDFFF2B54C11CD283A,
+ 9D64BAEF019B173900003D05,
);
isa = PBXGroup;
path = cssm;
01FA8131FFF2B54C11CD283A,
01FA8132FFF2B54C11CD283A,
01FA8133FFF2B54C11CD283A,
- 01FA8134FFF2B54C11CD283A,
01FA8135FFF2B54C11CD283A,
01FA8136FFF2B54C11CD283A,
01FA8137FFF2B54C11CD283A,
01FA8152FFF2B54C11CD283A,
01FA8153FFF2B54C11CD283A,
01FA8156FFF2B54C11CD283A,
- 01FA8157FFF2B54C11CD283A,
01FA8158FFF2B54C11CD283A,
01FA8159FFF2B54C11CD283A,
01FA815AFFF2B54C11CD283A,
01FA8165FFF2B54C11CD283A,
01FA8166FFF2B54C11CD283A,
01FA8167FFF2B54C11CD283A,
+ 9D78BC7401EBB71A00003D05,
33BD042000838F447F000001,
+ 9D78BC7801EBCA2300003D05,
+ 9D78BC7A01ECA79D00003D05,
);
isa = PBXGroup;
path = SecureTransport;
};
01FA8129FFF2B54C11CD283A = {
isa = PBXFileReference;
- path = appleSession.c;
+ path = appleSession.cpp;
refType = 4;
};
01FA812AFFF2B54C11CD283A = {
path = LICENSE.txt;
refType = 4;
};
- 01FA8134FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = sslmd5.c;
- refType = 4;
- };
01FA8135FFF2B54C11CD283A = {
isa = PBXFileReference;
path = ModuleAttacher.cpp;
01FA813CFFF2B54C11CD283A,
01FA813DFFF2B54C11CD283A,
01FA813EFFF2B54C11CD283A,
- 01FA813FFFF2B54C11CD283A,
- 01FA8140FFF2B54C11CD283A,
01FA8141FFF2B54C11CD283A,
01FA8142FFF2B54C11CD283A,
01FA8143FFF2B54C11CD283A,
01FA814FFFF2B54C11CD283A,
01FA8150FFF2B54C11CD283A,
01FA8151FFF2B54C11CD283A,
+ 9D78BC7201EBB3F900003D05,
+ 9D78BC7601EBBBED00003D05,
);
isa = PBXGroup;
path = privateInc;
path = digests.h;
refType = 4;
};
- 01FA813FFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = sslmd5.h;
- refType = 4;
- };
- 01FA8140FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = st_sha.h;
- refType = 4;
- };
01FA8141FFF2B54C11CD283A = {
isa = PBXFileReference;
path = ssl.h;
path = secureTransport.exp;
refType = 4;
};
- 01FA8157FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = sha.c;
- refType = 4;
- };
01FA8158FFF2B54C11CD283A = {
isa = PBXFileReference;
path = ssl2map.c;
01FA816EFFF2B54C11CD283A,
01FA816FFFF2B54C11CD283A,
01FA8170FFF2B54C11CD283A,
+ F540EDC4027A41E201CA2E66,
01FA8171FFF2B54C11CD283A,
01FA8172FFF2B54C11CD283A,
01FA8173FFF2B54C11CD283A,
01FA817EFFF2B54C11CD283A,
01FA817FFFF2B54C11CD283A,
01FA8180FFF2B54C11CD283A,
+ F540E6F9027A33DA01CA2E66,
01FA8181FFF2B54C11CD283A,
01FA8182FFF2B54C11CD283A,
01FA8183FFF2B54C11CD283A,
01FA818EFFF2B54C11CD283A,
01FA818FFFF2B54C11CD283A,
01FA8190FFF2B54C11CD283A,
+ F540E6F7027A33A501CA2E66,
01FA8191FFF2B54C11CD283A,
01FA8192FFF2B54C11CD283A,
01FA8193FFF2B54C11CD283A,
01FA81B2FFF2B54C11CD283A,
01FA81B3FFF2B54C11CD283A,
01FA823AFFF2B54C11CD283A,
+ 3253C16401C7D8A005CA2E77,
+ 3253C16501C7D8A005CA2E77,
+ 32361EEC01EB8FCF05CA2E77,
+ 32361EED01EB8FCF05CA2E77,
01379EAE001E00F311CD296C,
0165238D000BEC3311CD296C,
0165238E000BEC3311CD296C,
0165238F000BEC3311CD296C,
- 01FA81BEFFF2B54C11CD283A,
01FA81A6FFF2B54C11CD283A,
01FA822AFFF2B54C11CD283A,
);
01FA81A6FFF2B54C11CD283A = {
children = (
01FA81A8FFF2B54C11CD283A,
+ F5A7F718023D96EA01CA2E64,
3267644800EBF3A905CD296C,
01FA81A7FFF2B54C11CD283A,
+ F5A7F716023D96EA01CA2E64,
+ F5A7F717023D96EA01CA2E64,
01FA81A9FFF2B54C11CD283A,
01FA81AAFFF2B54C11CD283A,
01FA81ABFFF2B54C11CD283A,
01FA81ADFFF2B54C11CD283A,
01FA81AEFFF2B54C11CD283A,
01FA81AFFFF2B54C11CD283A,
+ F5A7F715023D96EA01CA2E64,
);
isa = PBXGroup;
path = Authorization;
path = key.h;
refType = 4;
};
- 01FA81BEFFF2B54C11CD283A = {
- children = (
- 32615BB000E3B46905CD296C,
- 32615BB200E3B4A105CD296C,
- 01FA81C1FFF2B54C11CD283A,
- 01FA81E3FFF2B54C11CD283A,
- 01FA81F7FFF2B54C11CD283A,
- );
- isa = PBXGroup;
- path = MacYarrow;
- refType = 4;
- };
- 01FA81C1FFF2B54C11CD283A = {
- children = (
- 01FA81C2FFF2B54C11CD283A,
- 01FA81C3FFF2B54C11CD283A,
- );
- isa = PBXGroup;
- path = testHarness;
- refType = 4;
- };
- 01FA81C2FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = clientTest.cpp;
- refType = 4;
- };
- 01FA81C3FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = serverDaemon.cpp;
- refType = 4;
- };
- 01FA81E3FFF2B54C11CD283A = {
- children = (
- 01FA81E4FFF2B54C11CD283A,
- 01FA81E5FFF2B54C11CD283A,
- 01FA81E6FFF2B54C11CD283A,
- 01FA81E7FFF2B54C11CD283A,
- 01FA81E8FFF2B54C11CD283A,
- 01FA81E9FFF2B54C11CD283A,
- 01FA81ECFFF2B54C11CD283A,
- 01FA81EDFFF2B54C11CD283A,
- 01FA81EEFFF2B54C11CD283A,
- 01FA81EFFFF2B54C11CD283A,
- 560B41E100E23FA50DCD28E8,
- 560B41E200E23FA50DCD28E8,
- );
- isa = PBXGroup;
- path = YarrowServer;
- refType = 4;
- };
- 01FA81E4FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = debug.c;
- refType = 4;
- };
- 01FA81E5FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = debug.h;
- refType = 4;
- };
- 01FA81E6FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = entropyFile.h;
- refType = 4;
- };
- 01FA81E7FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = entropyFileOS9.c;
- refType = 4;
- };
- 01FA81E8FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = entropyFileUnix.c;
- refType = 4;
- };
- 01FA81E9FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = kdebug_private.h;
- refType = 4;
- };
- 01FA81ECFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = prefixDebug.h;
- refType = 4;
- };
- 01FA81EDFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = prefixRelease.h;
- refType = 4;
- };
- 01FA81EEFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = systemEntropy.c;
- refType = 4;
- };
- 01FA81EFFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = systemEntropy.h;
- refType = 4;
- };
- 01FA81F7FFF2B54C11CD283A = {
- children = (
- 01FA81F8FFF2B54C11CD283A,
- 01FA81F9FFF2B54C11CD283A,
- 01FA81FAFFF2B54C11CD283A,
- 01FA81FBFFF2B54C11CD283A,
- 01FA81FCFFF2B54C11CD283A,
- 01FA81FDFFF2B54C11CD283A,
- 01FA81FEFFF2B54C11CD283A,
- 01FA81FFFFF2B54C11CD283A,
- 01FA8200FFF2B54C11CD283A,
- 01FA8201FFF2B54C11CD283A,
- 01FA8202FFF2B54C11CD283A,
- 01FA8203FFF2B54C11CD283A,
- 01FA8204FFF2B54C11CD283A,
- 01FA8205FFF2B54C11CD283A,
- 01FA8206FFF2B54C11CD283A,
- 01FA8207FFF2B54C11CD283A,
- 01FA8208FFF2B54C11CD283A,
- 01FA8209FFF2B54C11CD283A,
- 01FA820AFFF2B54C11CD283A,
- 01FA820BFFF2B54C11CD283A,
- 01FA820CFFF2B54C11CD283A,
- 01FA820DFFF2B54C11CD283A,
- 01FA820EFFF2B54C11CD283A,
- 01FA820FFFF2B54C11CD283A,
- 01FA8210FFF2B54C11CD283A,
- 01FA8212FFF2B54C11CD283A,
- 01FA8213FFF2B54C11CD283A,
- );
- isa = PBXGroup;
- path = zlib;
- refType = 4;
- };
- 01FA81F8FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = adler32.c;
- refType = 4;
- };
- 01FA81F9FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = algorithm.txt;
- refType = 4;
- };
- 01FA81FAFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = ChangeLog;
- refType = 4;
- };
- 01FA81FBFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = compress.c;
- refType = 4;
- };
- 01FA81FCFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = crc32.c;
- refType = 4;
- };
- 01FA81FDFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = deflate.c;
- refType = 4;
- };
- 01FA81FEFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = deflate.h;
- refType = 4;
- };
- 01FA81FFFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = infblock.c;
- refType = 4;
- };
- 01FA8200FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = infblock.h;
- refType = 4;
- };
- 01FA8201FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = infcodes.c;
- refType = 4;
- };
- 01FA8202FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = infcodes.h;
- refType = 4;
- };
- 01FA8203FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = inffast.c;
- refType = 4;
- };
- 01FA8204FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = inffast.h;
- refType = 4;
- };
- 01FA8205FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = inffixed.h;
- refType = 4;
- };
- 01FA8206FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = inflate.c;
- refType = 4;
- };
- 01FA8207FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = inftrees.c;
- refType = 4;
- };
- 01FA8208FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = inftrees.h;
- refType = 4;
- };
- 01FA8209FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = infutil.c;
- refType = 4;
- };
- 01FA820AFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = infutil.h;
- refType = 4;
- };
- 01FA820BFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = README;
- refType = 4;
- };
- 01FA820CFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = trees.c;
- refType = 4;
- };
- 01FA820DFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = trees.h;
- refType = 4;
- };
- 01FA820EFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = uncompr.c;
- refType = 4;
- };
- 01FA820FFFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = zconf.h;
- refType = 4;
- };
- 01FA8210FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = zlib.h;
- refType = 4;
- };
- 01FA8212FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = zutil.c;
- refType = 4;
- };
- 01FA8213FFF2B54C11CD283A = {
- isa = PBXFileReference;
- path = zutil.h;
- refType = 4;
- };
01FA8214FFF2B54C11CD283A = {
isa = PBXFileReference;
path = main.cpp;
settings = {
};
};
- 01FA851EFFF2B54C11CD283A = {
- fileRef = 01FA813FFFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 01FA851FFFF2B54C11CD283A = {
- fileRef = 01FA8140FFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
01FA8520FFF2B54C11CD283A = {
fileRef = 01FA8141FFF2B54C11CD283A;
isa = PBXBuildFile;
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Private,
+ Public,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Private,
+ Public,
);
};
};
);
};
};
- 01FA875BFFF2B54C11CD283A = {
- fileRef = 01FA8134FFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
01FA875CFFF2B54C11CD283A = {
fileRef = 01FA8135FFF2B54C11CD283A;
isa = PBXBuildFile;
);
};
};
- 01FA875FFFF2B54C11CD283A = {
- fileRef = 01FA8157FFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
01FA8760FFF2B54C11CD283A = {
fileRef = 01FA8158FFF2B54C11CD283A;
isa = PBXBuildFile;
};
};
01FA88F0FFF2B96911CD283A = {
- buildArgumentsString = "-f SecurityServer/Makefile $ACTION \"SYMROOT=$(SYMROOT)\" \"SRCROOT=$(SRCROOT)\"";
+ buildArgumentsString = "-f SecurityServer/Makefile $ACTION \"SRCROOT=$SRCROOT\" \"TARGET_BUILD_DIR=$TARGET_BUILD_DIR\" \"BUILT_PRODUCTS_DIR=$BUILT_PRODUCTS_DIR\"";
buildPhases = (
);
buildSettings = {
01FA8900FFF2BC5611CD283A,
);
buildSettings = {
+ CURRENT_PROJECT_VERSION = 53;
INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)";
- LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
+ LIBRARY_SEARCH_PATHS = "";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
OTHER_CFLAGS = "-DDatabase=XDatabase";
OTHER_LDFLAGS = "-twolevel_namespace -lSecurityAgentClient";
OTHER_REZFLAGS = "";
PRODUCT_NAME = SecurityServer;
REZ_EXECUTABLE = YES;
SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(SRCROOT)/SecurityServer/SecurityServer.order\" -e start";
+ VERSIONING_SYSTEM = "apple-generic";
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
};
dependencies = (
125E85C5FFF3D5ED11CD283A,
125E85C6FFF3D5ED11CD283A,
125E85C7FFF3D5ED11CD283A,
- 125E85EAFFF3D8B711CD283A,
- 125E85EBFFF3D8B711CD283A,
- 125E85ECFFF3D8B711CD283A,
- 125E85EEFFF3D8B711CD283A,
- 125E85F0FFF3D8B711CD283A,
- 125E85F1FFF3D8B711CD283A,
- 125E85F2FFF3D8B711CD283A,
- 125E85F3FFF3D8B711CD283A,
- 125E8605FFF3DAEF11CD283A,
4EB202E10058588E7F000001,
- 568640ED00E23FD90DCD28E8,
- 32615BB100E3B46A05CD296C,
+ 3253C16601C7D8A105CA2E77,
+ 32361EEE01EB8FD005CA2E77,
+ 32361F0A01F4B39505CA2E77,
+ F5A7F720023D974F01CA2E64,
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
01FA88FEFFF2BC5611CD283A = {
buildActionMask = 2147483647;
125E85CFFFF3D5ED11CD283A,
125E85D0FFF3D5ED11CD283A,
125E85D1FFF3D5ED11CD283A,
- 125E85FAFFF3D8B711CD283A,
- 125E85FBFFF3D8B711CD283A,
- 125E85FDFFF3D8B711CD283A,
- 125E85FFFFF3D8B711CD283A,
- 125E8600FFF3D8B711CD283A,
- 125E8601FFF3D8B711CD283A,
- 125E8602FFF3D8B711CD283A,
- 125E8603FFF3D8B711CD283A,
- 568640EE00E23FD90DCD28E8,
- 32615BB300E3B4A205CD296C,
+ 3253C16701C7D8A105CA2E77,
+ 32361EEF01EB8FD005CA2E77,
+ 32554D7C01F4C97405CA2E77,
+ F5A7F71F023D974E01CA2E64,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
01FA88FFFFF2BC5611CD283A = {
buildActionMask = 2147483647;
files = (
- 1A23E787009758847F000001,
1BA451B20097605B7F000001,
3949557400CC6A4511CD283A,
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
01FA8900FFF2BC5611CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
01FA8901FFF2BCA811CD283A = {
isa = PBXExecutableFileReference;
01FA890AFFF2BCA811CD283A,
);
buildSettings = {
+ CURRENT_PROJECT_VERSION = 53;
INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)";
- LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
- OTHER_CFLAGS = "$(AUX_CFLAGS)";
- OTHER_LDFLAGS = "-twolevel_namespace -lstdc++";
+ LIBRARY_SEARCH_PATHS = "";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
+ OTHER_LDFLAGS = "-twolevel_namespace";
OTHER_REZFLAGS = "";
PRODUCT_NAME = AuthorizationTrampoline;
REZ_EXECUTABLE = YES;
SECTORDER_FLAGS = "";
+ VERSIONING_SYSTEM = "apple-generic";
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
};
dependencies = (
files = (
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
01FA8906FFF2BCA811CD283A = {
buildActionMask = 2147483647;
01FA8907FFF2BCA811CD283A,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
01FA8907FFF2BCA811CD283A = {
fileRef = 01FA81ACFFF2B54C11CD283A;
01FA8908FFF2BCA811CD283A = {
buildActionMask = 2147483647;
files = (
- 1A23E788009758847F000001,
1BA451B30097605B7F000001,
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
01FA890AFFF2BCA811CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
01FA890DFFF2BD9911CD283A = {
children = (
01FA891AFFF2BE3511CD283A,
01FA891BFFF2BE3511CD283A,
01FA891CFFF2BE3511CD283A,
+ 32554D7901F4C97305CA2E77,
0177F2CCFFFAA2D311CD283A,
07A0F690005DAEE111CD283A,
);
01FA891FFFF2BE3511CD283A,
01FA8920FFF2BE3511CD283A,
01FA8926FFF2BE3511CD283A,
+ 32554D7A01F4C97305CA2E77,
);
isa = PBXGroup;
name = "derived headers";
);
buildSettings = {
DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
+ DYLIB_CURRENT_VERSION = 53;
INSTALL_PATH = /usr/local/lib;
LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
- OTHER_CFLAGS = "-DNOSA -DAGENTPATH=\\\\\\\"/System/Library/CoreServices/SecurityAgent.app\\\\\\\" -DAGENTNAME=\\\\\\\"SecurityAgent\\\\\\\"";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
+ OTHER_CFLAGS = "-DNOSA -DAGENTPATH=\\\\\\\"$(SYSTEM_LIBRARY_DIR)/CoreServices/SecurityAgent.app\\\\\\\" -DAGENTNAME=\\\\\\\"SecurityAgent\\\\\\\"";
OTHER_LDFLAGS = "";
OTHER_LIBTOOL_FLAGS = "";
OTHER_REZFLAGS = "";
files = (
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
030701E6FFF96F8511CD283A = {
buildActionMask = 2147483647;
030701EAFFF96F9911CD283A,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
030701E7FFF96F8511CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
030701E8FFF96F8511CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
030701E9FFF96F9911CD283A = {
fileRef = 01FA821CFFF2B54C11CD283A;
030701E3FFF96F8511CD283A,
325EAA3100D6B2BE05CD296C,
325EAA3200D6B2BE05CD296C,
+ F54323B4022DC91501CA2E64,
+ 9DC1DEF40299BBCD00003D05,
);
isa = PBXGroup;
name = Products;
path = "";
refType = 4;
};
- 034768DEFF38A45A11DB9C8B = {
- isa = PBXFrameworkReference;
- name = Security.framework;
- path = /System/Library/Frameworks/Security.framework;
- refType = 0;
- };
039FF1DB00724BE07F000001 = {
children = (
039FF1DC00724C3A7F000001,
0149035B00A9DC487F000001,
07A0F675005DAEE111CD283A,
07A0F674005DAEE111CD283A,
+ 9D206AA601EB68F200003D05,
);
isa = PBXGroup;
name = MiscCSPAlgs;
07A0F606005DAEE111CD283A,
07A0F66E005DAEE111CD283A,
07A0F680005DAEE111CD283A,
+ 9D291881026B56B800003D05,
07A0F685005DAEE111CD283A,
325EAA3700D6B47405CD296C,
+ 9D64BAF1019B176100003D05,
+ 9D64BAF2019B176100003D05,
+ 9D64BAF3019B176100003D05,
+ 9DA13D0401B4638200003D05,
);
isa = PBXGroup;
path = AppleCSP;
07A0F5F2005DAEE111CD283A,
07A0F5F3005DAEE111CD283A,
4AC94A7C0084BE397F000001,
+ 9D8F0D1D01C80C0C00003D05,
+ 9D2C3D0001C826C800003D05,
+ 9D8F0D1E01C80C0C00003D05,
+ 9D8F0D1F01C80C0C00003D05,
+ 9D2C3D0201C82F6000003D05,
);
isa = PBXGroup;
path = AES;
07A0F5FF005DAEE111CD283A,
07A0F600005DAEE111CD283A,
07A0F601005DAEE111CD283A,
- 1691956900947FD37F000001,
- 127F63C50098D55A7F000001,
07A0F602005DAEE111CD283A,
07A0F603005DAEE111CD283A,
1691956B009480BC7F000001,
07A0F69E005DAEE111CD283A,
07A0F69F005DAEE111CD283A,
327DDDE700D6FC1A05CD296C,
+ 9DAE2E3201A43D6B00003D05,
+ 9DAE2E3301A43D6B00003D05,
+ 9DAE2E3401A43D6B00003D05,
+ 9DAE2E3501A43D6B00003D05,
);
isa = PBXGroup;
path = AppleCSPDL;
07A0F6A9005DAEE111CD283A,
07A0F6AA005DAEE111CD283A,
3290383500D6BB3705CD296C,
+ 9DAE2E2D01A3378900003D05,
+ 9DAE2E2E01A3378900003D05,
);
isa = PBXGroup;
path = AppleDL;
07A0F6C4005DAEE111CD283A,
07A0F6C5005DAEE111CD283A,
07A0F6C6005DAEE111CD283A,
+ F540EDC2027A41BF01CA2E66,
07A0F6C7005DAEE111CD283A,
07A0F6C8005DAEE111CD283A,
07A0F6C9005DAEE111CD283A,
3290383600D6BB3705CD296C,
+ 9DAE2E2501A2E63700003D05,
+ 9DAE2E2601A2E63700003D05,
);
isa = PBXGroup;
path = AppleX509CL;
07A0F6D2005DAEE111CD283A,
07A0F6D5005DAEE111CD283A,
07A0F6D6005DAEE111CD283A,
- 07A0F6D7005DAEE111CD283A,
07A0F6D8005DAEE111CD283A,
- 07A0F6D9005DAEE111CD283A,
- 07A0F6DA005DAEE111CD283A,
07A0F6DB005DAEE111CD283A,
07A0F6DC005DAEE111CD283A,
+ 9D4B1BC70156C2E500A17CD1,
07A0F6DD005DAEE111CD283A,
07A0F6DE005DAEE111CD283A,
07A0F6DF005DAEE111CD283A,
07A0F6E0005DAEE111CD283A,
3290383700D6BB3705CD296C,
+ 9DAE2E2901A2F93200003D05,
+ 9DAE2E2A01A2F93200003D05,
+ 9D09B90701B4314500003D05,
+ 9D14AC52020093D100003D05,
+ 9D9AEFBA02B6BC6C00003D05,
);
isa = PBXGroup;
path = AppleX509TP;
path = tpdebugging.h;
refType = 4;
};
- 07A0F6D7005DAEE111CD283A = {
- isa = PBXFileReference;
- path = iSignRootCerts.c;
- refType = 4;
- };
07A0F6D8005DAEE111CD283A = {
isa = PBXFileReference;
path = rootCerts.h;
refType = 4;
};
- 07A0F6D9005DAEE111CD283A = {
+ 07A0F6DB005DAEE111CD283A = {
isa = PBXFileReference;
- path = sslRootCerts.c;
+ path = TPCertInfo.cpp;
refType = 4;
};
- 07A0F6DA005DAEE111CD283A = {
+ 07A0F6DC005DAEE111CD283A = {
isa = PBXFileReference;
- path = tpCertGroup.cpp;
- refType = 4;
- };
- 07A0F6DB005DAEE111CD283A = {
- isa = PBXFileReference;
- path = TPCertInfo.cpp;
- refType = 4;
- };
- 07A0F6DC005DAEE111CD283A = {
- isa = PBXFileReference;
- path = TPCertInfo.h;
+ path = TPCertInfo.h;
refType = 4;
};
07A0F6DD005DAEE111CD283A = {
3290381900D6BA5905CD296C,
3290382800D6BA5905CD296C,
3290382E00D6BA5905CD296C,
+ 9DC1DEF30299BBCD00003D05,
+ 322C5F3B02B9641F05CA2E77,
);
};
0867D691FE84028FC02AAC07 = {
07A0F6AB005DAEE111CD283A,
07A0F6CA005DAEE111CD283A,
F5A5E50E00FB884E01CD29D4,
+ 9DC1DEEC0299BB8F00003D05,
+ 3283A53702B96AF805CA2E77,
01FA890DFFF2BD9911CD283A,
01FA890EFFF2BD9911CD283A,
030701E1FFF95F6F11CD283A,
children = (
325EAA2900D6B23F05CD296C,
125E85ADFFF3D44A11CD283A,
- 1A23E785009758847F000001,
327DDDFA00D7E81F05CD296C,
);
isa = PBXGroup;
F5DDE3AE00B3358F01CD283A,
);
buildSettings = {
+ CURRENT_PROJECT_VERSION = 53;
DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
+ DYLIB_CURRENT_VERSION = 53;
FRAMEWORK_SEARCH_PATHS = "";
FRAMEWORK_VERSION = A;
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SYMROOT)/derived_src\"";
+ HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(BUILT_PRODUCTS_DIR)/derived_src\"";
INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks";
- LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
- OTHER_CFLAGS = "-DLIMITED_SIGNING -DBUILTIN_PLUGINS -DVDADER_RULES";
- OTHER_LDFLAGS = "-lComCryption -lCryptKit -twolevel_namespace \"-L$(SYMROOT)\" -seg_addr_table \"$(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table\"";
+ LIBRARY_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)\"";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
+ OTHER_CFLAGS = "-DLIMITED_SIGNING -DBUILTIN_PLUGINS -DVDADER_RULES -DCRYPTKIT_CSP_ENABLE -DASC_CSP_ENABLE";
+ OTHER_LDFLAGS = "-lComCryption -lCryptKit -twolevel_namespace";
PREBINDING = YES;
PRODUCT_NAME = Security;
- SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(APPLE_INTERNAL_DIR)/OrderFiles/Security.order\"";
+ SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(APPLE_INTERNAL_DIR)/OrderFiles/Security.order\" -seg_addr_table \"$(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table\"";
+ VERSIONING_SYSTEM = "apple-generic";
+ VERSION_INFO_PREFIX = Sec;
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
WRAPPER_EXTENSION = framework;
};
name = Security;
productInstallPath = "$(SYSTEM_LIBRARY_DIR)/Frameworks";
productName = Security;
- productReference = 034768DEFF38A45A11DB9C8B;
+ productReference = F54323B4022DC91501CA2E64;
productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
+<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
+<plist version=\"1.0\">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundlePackageType</key>
<string>FMWK</string>
<key>CFBundleShortVersionString</key>
- <string>1.0</string>
+ <string>1.1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>Security 1.0</string>
+ <string>53</string>
</dict>
</plist>
";
01FA851BFFF2B54C11CD283A,
01FA851CFFF2B54C11CD283A,
01FA851DFFF2B54C11CD283A,
- 01FA851EFFF2B54C11CD283A,
- 01FA851FFFF2B54C11CD283A,
01FA8520FFF2B54C11CD283A,
01FA8521FFF2B54C11CD283A,
01FA8522FFF2B54C11CD283A,
33BD0452008390257F000001,
33BD0460008390B17F000001,
33BD0464008391C07F000001,
- 0F404EDA008618137F000001,
- 0F404EDB008618137F000001,
- 0F404EDC008618137F000001,
- 0F404EDD008618137F000001,
- 0F404EDE008618137F000001,
- 0F404EE0008618137F000001,
- 0F404EE1008618137F000001,
- 0F404EE2008618137F000001,
- 0F404EE3008618137F000001,
- 0F404EE4008618137F000001,
- 0F404EE5008618137F000001,
- 0F404EE8008618137F000001,
- 2178153B008B941B7F000001,
- 01827D0B008CB8707F000001,
- 017A54F40094AAE57F000001,
+ F559B18D01D1510B01CA2E64,
017B6CA8009748107F000001,
2F4DD9A700A0A0767F000001,
- 4D37AD4200AA03857F000001,
- 4D37AD4300AA03857F000001,
- 4D37AD4400AA03857F000001,
- 4D37AD4500AA03857F000001,
- 4D37AD4600AA03857F000001,
- 3264486600D54DD305CD296C,
3290387000D6C5FE05CD296C,
327DDDE300D6F8A605CD296C,
327DDDE400D6F8A605CD296C,
3272260B00E3C75605CD296C,
3267644900EBF3AA05CD296C,
F58785CA00FB966001CD29D4,
+ 9D8B6A2B015A48F500A17CD1,
+ 9D51868D018F27B500003D05,
+ 9D51868E018F27B500003D05,
+ 9D51868F018F27B500003D05,
+ 9D1DEC1A0198777400003D05,
+ 9D69C0270198A8E100003D05,
+ 9D69C02B019AF15E00003D05,
+ 9D64BAEC019AFD7900003D05,
+ 326618CE01C6844D05CA2E77,
+ 9D8F0D2001C80C0C00003D05,
+ 32554D7B01F4C97305CA2E77,
+ 9D78BC7301EBB3F900003D05,
+ 9D78BC7701EBBBED00003D05,
+ F54323C7022DC98301CA2E64,
+ F5786217022F1DA301CA2E64,
+ F54323C9022DC98301CA2E64,
+ F57861CC022F0F3801CA2E64,
+ F5786172022EDDE501CA2E64,
+ F5786180022EDE6401CA2E64,
+ F578617A022EDE2B01CA2E64,
+ F57861F8022F12FC01CA2E64,
+ F57861C0022EEF1B01CA2E64,
+ F578617C022EDE3F01CA2E64,
+ F57861C4022EEF3401CA2E64,
+ F57861CA022F0D0A01CA2E64,
+ F5786174022EDDFB01CA2E64,
+ F5786176022EDE0501CA2E64,
+ F5786178022EDE1701CA2E64,
+ F578617E022EDE5C01CA2E64,
+ F57861C2022EEF2601CA2E64,
+ F57861C8022EFAE501CA2E64,
+ F57861C6022EEF4701CA2E64,
+ 5BA4A43101F4E3F604CA2E82,
+ F5786226022F32E001CA2E64,
+ F578622E022F37EB01CA2E64,
+ F5786233022F39A101CA2E64,
+ F578623A022F48C601CA2E64,
+ F578623D023024CC01CA2E64,
+ F55B3B480230375401CA2E64,
+ F55B3B4C02303B2A01CA2E64,
+ F55B3B500230448601CA2E64,
+ F55B3B7B02304A6001CA2E64,
+ 32867BAA0231611A05CA2E77,
+ 32867BAE02316C3905CA2E77,
+ 32867BB502316E3305CA2E77,
+ 320F60A00234113505CA2E77,
+ 8F7ACD2C02357F2503CA2E8C,
+ 8F7ACD320235805903CA2E8C,
+ 3244148A0236DD1505CA2E77,
+ 3244148F023837A505CA2E77,
+ F5A7F71D023D972201CA2E64,
+ F5394A1C0279082901CA2E64,
+ F540EDC8027A43A501CA2E66,
+ 3206D1FE029996FC05CA2E77,
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
0867D69EFE84028FC02AAC07 = {
buildActionMask = 2147483647;
files = (
01FA8609FFF2B54C11CD283A,
+ 9D64BAF0019B173900003D05,
+ 9D64BAF4019B176200003D05,
+ 9D64BAF5019B176200003D05,
+ 9D64BAF6019B176200003D05,
+ 9DAE2E2701A2E63800003D05,
+ 9DAE2E2801A2E63800003D05,
+ 9DAE2E2B01A2F93200003D05,
+ 9DAE2E2C01A2F93200003D05,
+ 9D09B90801B4314500003D05,
+ 9DAE2E2F01A3378A00003D05,
+ 9DAE2E3001A3378A00003D05,
+ 9DAE2E3601A43D6B00003D05,
+ 9DAE2E3701A43D6B00003D05,
+ 9DAE2E3801A43D6B00003D05,
+ 9DAE2E3901A43D6B00003D05,
+ 9DA13D0501B4638200003D05,
);
isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
};
0867D69FFE84028FC02AAC07 = {
buildActionMask = 2147483647;
01FA8758FFF2B54C11CD283A,
01FA8759FFF2B54C11CD283A,
01FA875AFFF2B54C11CD283A,
- 01FA875BFFF2B54C11CD283A,
01FA875CFFF2B54C11CD283A,
01FA875DFFF2B54C11CD283A,
- 01FA875FFFF2B54C11CD283A,
01FA8760FFF2B54C11CD283A,
01FA8761FFF2B54C11CD283A,
01FA8762FFF2B54C11CD283A,
33BD045D008390257F000001,
33BD0461008390B17F000001,
33BD0465008391C07F000001,
- 0F404EEA008618137F000001,
- 0F404EEB008618137F000001,
- 0F404EEC008618137F000001,
- 0F404EED008618137F000001,
- 0F404EEE008618137F000001,
- 0F404EF0008618137F000001,
- 0F404EF1008618137F000001,
- 0F404EF2008618137F000001,
- 0F404EF3008618137F000001,
- 0F404EF4008618137F000001,
- 0F404EF5008618137F000001,
- 0F404EF7008618137F000001,
- 2178153C008B941B7F000001,
- 01827D0C008CB8707F000001,
- 017A54F50094AAE57F000001,
017B6CA9009748107F000001,
2F4DD9A800A0A0767F000001,
- 4D37AD4700AA03857F000001,
- 4D37AD4800AA03857F000001,
- 4D37AD4900AA03857F000001,
- 4D37AD4A00AA03857F000001,
- 3264486700D54DD305CD296C,
3290387100D6C5FE05CD296C,
327DDDE500D6F8A605CD296C,
327DDDE600D6F8A605CD296C,
32604C2900E3C14505CD296C,
3272260C00E3C75705CD296C,
F58785CB00FB966001CD29D4,
+ 9D518690018F27B500003D05,
+ 9D518692018F27B500003D05,
+ 9D518693018F27B500003D05,
+ 9D518694018F27B500003D05,
+ 9D1DEC1C0198796200003D05,
+ 9D69C0290198AB3700003D05,
+ 9D64BAEA019AF3B800003D05,
+ 9D64BAEE019AFE3700003D05,
+ 326618CF01C6844D05CA2E77,
+ 9D78BC7501EBB71A00003D05,
+ 9D78BC7901EBCA2400003D05,
+ 9D78BC7B01ECA79D00003D05,
+ 5BA4A43301F4E3F604CA2E82,
+ F54323C6022DC98301CA2E64,
+ F54323C8022DC98301CA2E64,
+ F57861FB022F1A9301CA2E64,
+ F57861FD022F1AA001CA2E64,
+ F57861FF022F1AAB01CA2E64,
+ F5786201022F1B4001CA2E64,
+ F5786203022F1B5001CA2E64,
+ F5786205022F1B5901CA2E64,
+ F5786207022F1B6501CA2E64,
+ F5786209022F1B6F01CA2E64,
+ F578620B022F1B7901CA2E64,
+ F578620D022F1B8701CA2E64,
+ F578620F022F1B9301CA2E64,
+ F5786211022F1B9C01CA2E64,
+ F5786213022F1BA801CA2E64,
+ F5786215022F1BB601CA2E64,
+ F5786227022F32E001CA2E64,
+ F578622F022F37EB01CA2E64,
+ F5786232022F39A101CA2E64,
+ F5786239022F48C601CA2E64,
+ F578623E023024CC01CA2E64,
+ F55B3B490230375401CA2E64,
+ F55B3B4D02303B2A01CA2E64,
+ F55B3B510230448601CA2E64,
+ F55B3B7C02304A6001CA2E64,
+ 32867BA90231611A05CA2E77,
+ 32867BAD02316C3905CA2E77,
+ 32867BB402316E3305CA2E77,
+ 320F609F0234113505CA2E77,
+ 8F7ACD2D02357F2503CA2E8C,
+ 8F7ACD330235805903CA2E8C,
+ 324414890236DD1505CA2E77,
+ 3244148E023837A505CA2E77,
+ 32623CFD024BBA3B05CA2E77,
+ F540E6FA027A33DA01CA2E66,
+ 3206D1FD029996FC05CA2E77,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
0867D6A0FE84028FC02AAC07 = {
buildActionMask = 2147483647;
files = (
125E85AEFFF3D44A11CD283A,
- 1A23E786009758847F000001,
325EAA2A00D6B24005CD296C,
325EAA2B00D6B24005CD296C,
325EAA2C00D6B24005CD296C,
327DDDFB00D7E81F05CD296C,
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
0867D6A2FE84028FC02AAC07 = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
//080
//081
path = simplemanager.cpp;
refType = 4;
};
- 0F404EDA008618137F000001 = {
- fileRef = 0F404EBF008618137F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 0F404EDB008618137F000001 = {
- fileRef = 0F404ECD008618137F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 0F404EDC008618137F000001 = {
- fileRef = 0F404ECF008618137F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 0F404EDD008618137F000001 = {
- fileRef = 0F404ED1008618137F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 0F404EDE008618137F000001 = {
- fileRef = 0F404ED3008618137F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 0F404EE0008618137F000001 = {
- fileRef = 0F404EC3008618137F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 0F404EE1008618137F000001 = {
- fileRef = 0F404EC5008618137F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 0F404EE2008618137F000001 = {
- fileRef = 0F404EB9008618137F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 0F404EE3008618137F000001 = {
- fileRef = 0F404ED6008618137F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 0F404EE4008618137F000001 = {
- fileRef = 0F404EC1008618137F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 0F404EE5008618137F000001 = {
- fileRef = 0F404EBB008618137F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 0F404EE8008618137F000001 = {
- fileRef = 0F404ECA008618137F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 0F404EEA008618137F000001 = {
- fileRef = 0F404EC0008618137F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0F404EEB008618137F000001 = {
- fileRef = 0F404ECE008618137F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0F404EEC008618137F000001 = {
- fileRef = 0F404ED0008618137F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0F404EED008618137F000001 = {
- fileRef = 0F404ED2008618137F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0F404EEE008618137F000001 = {
- fileRef = 0F404ED4008618137F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0F404EF0008618137F000001 = {
- fileRef = 0F404EC4008618137F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0F404EF1008618137F000001 = {
- fileRef = 0F404EC7008618137F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0F404EF2008618137F000001 = {
- fileRef = 0F404EBA008618137F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0F404EF3008618137F000001 = {
- fileRef = 0F404ED7008618137F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0F404EF4008618137F000001 = {
- fileRef = 0F404EC2008618137F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0F404EF5008618137F000001 = {
- fileRef = 0F404EBC008618137F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0F404EF7008618137F000001 = {
- fileRef = 0F404ECB008618137F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
//0F0
//0F1
//0F2
);
buildSettings = {
DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- HEADER_SEARCH_PATHS = "\"$(SYMROOT)/include\"";
+ DYLIB_CURRENT_VERSION = 53;
+ HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/include\"";
INSTALL_PATH = /usr/local/lib;
LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
OTHER_CFLAGS = "";
OTHER_LDFLAGS = "";
OTHER_LIBTOOL_FLAGS = "";
125E8606FFF3DB3E11CD283A,
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
125E85D7FFF3D67D11CD283A = {
buildActionMask = 2147483647;
125E85D8FFF3D67D11CD283A,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
125E85D8FFF3D67D11CD283A = {
fileRef = 01FA8917FFF2BE3511CD283A;
files = (
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
125E85DAFFF3D67D11CD283A = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
125E85DCFFF3D76D11CD283A = {
isa = PBXTargetDependency;
target = 01FA88F0FFF2B96911CD283A;
};
- 125E85EAFFF3D8B711CD283A = {
- fileRef = 01FA81E5FFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 125E85EBFFF3D8B711CD283A = {
- fileRef = 01FA81E6FFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 125E85ECFFF3D8B711CD283A = {
- fileRef = 01FA81E9FFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 125E85EEFFF3D8B711CD283A = {
- fileRef = 01FA81EFFFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 125E85F0FFF3D8B711CD283A = {
- fileRef = 01FA81FEFFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 125E85F1FFF3D8B711CD283A = {
- fileRef = 01FA820DFFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 125E85F2FFF3D8B711CD283A = {
- fileRef = 01FA8210FFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 125E85F3FFF3D8B711CD283A = {
- fileRef = 01FA8213FFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 125E85FAFFF3D8B711CD283A = {
- fileRef = 01FA81E4FFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 125E85FBFFF3D8B711CD283A = {
- fileRef = 01FA81E8FFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 125E85FDFFF3D8B711CD283A = {
- fileRef = 01FA81EEFFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 125E85FFFFF3D8B711CD283A = {
- fileRef = 01FA81F8FFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 125E8600FFF3D8B711CD283A = {
- fileRef = 01FA81FBFFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 125E8601FFF3D8B711CD283A = {
- fileRef = 01FA81FDFFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 125E8602FFF3D8B711CD283A = {
- fileRef = 01FA820CFFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 125E8603FFF3D8B711CD283A = {
- fileRef = 01FA8212FFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
125E8604FFF3D96711CD283A = {
isa = PBXTargetDependency;
target = 125E85D5FFF3D67D11CD283A;
};
- 125E8605FFF3DAEF11CD283A = {
- fileRef = 01FA823CFFF2B54C11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
125E8606FFF3DB3E11CD283A = {
fileRef = 01FA821BFFF2B54C11CD283A;
isa = PBXBuildFile;
settings = {
};
};
- 127F63C50098D55A7F000001 = {
- isa = PBXFileReference;
- path = NullDigest.h;
- refType = 4;
- };
- 127F63C60098D55A7F000001 = {
- fileRef = 127F63C50098D55A7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
//120
//121
//122
//162
//163
//164
- 1691956900947FD37F000001 = {
- isa = PBXFileReference;
- name = DigestObject.h;
- path = AppleCSP/AppleCSP/DigestObject.h;
- refType = 2;
- };
- 1691956A00947FD37F000001 = {
- fileRef = 1691956900947FD37F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
1691956B009480BC7F000001 = {
isa = PBXFileReference;
name = RawSigner.h;
07E4D6E400A0CD8D7F000001,
169195F30094A8577F000001,
169195F20094A8577F000001,
+ 9D29187F026B504700003D05,
);
isa = PBXGroup;
name = openssl;
//162
//163
//164
-//1A0
-//1A1
-//1A2
-//1A3
-//1A4
- 1A23E785009758847F000001 = {
- isa = PBXFileReference;
- name = "libstdc++.a";
- path = "/usr/lib/gcc/darwin/2.95.2/libstdc++.a";
- refType = 0;
- };
- 1A23E786009758847F000001 = {
- fileRef = 1A23E785009758847F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1A23E787009758847F000001 = {
- fileRef = 1A23E785009758847F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 1A23E788009758847F000001 = {
- fileRef = 1A23E785009758847F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
-//1A0
-//1A1
-//1A2
-//1A3
-//1A4
//1B0
//1B1
//1B2
path = "http-proxy-protocol.cpp";
refType = 4;
};
- 2178153B008B941B7F000001 = {
- fileRef = 21781539008B941B7F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 2178153C008B941B7F000001 = {
- fileRef = 2178153A008B941B7F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
//210
//211
//212
//2C4
2C5247EA007A39B47F000001 = {
children = (
+ 9D291872026B4FF900003D05,
07E4D6D300A0CA617F000001,
169195D00094A6FD7F000001,
169195890094A5A87F000001,
//322
//323
//324
+ 3206D1FB029996FC05CA2E77 = {
+ isa = PBXFileReference;
+ path = TrustItem.cpp;
+ refType = 4;
+ };
+ 3206D1FC029996FC05CA2E77 = {
+ isa = PBXFileReference;
+ path = TrustItem.h;
+ refType = 4;
+ };
+ 3206D1FD029996FC05CA2E77 = {
+ fileRef = 3206D1FB029996FC05CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 3206D1FE029996FC05CA2E77 = {
+ fileRef = 3206D1FC029996FC05CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
320C8FE900EA6AD705CD296C = {
buildRules = (
);
buildSettings = {
COPY_PHASE_STRIP = NO;
- OPTIMIZATION_CFLAGS = "-O2";
- OTHER_CFLAGS = "\U0001-DNDEBUG -Wall -W -Winline -Wundef -Wno-unused -Wcast-qual -Wcast-align -Wmissing-noreturn";
+ OTHER_CFLAGS = "\U0001-Wall -W -Winline -Wundef -Wno-unused -Wcast-qual -Wcast-align -Wmissing-noreturn";
};
isa = PBXBuildStyle;
name = "Lint Screen";
};
+ 320F609D0234113505CA2E77 = {
+ isa = PBXFileReference;
+ path = cssmcert.cpp;
+ refType = 4;
+ };
+ 320F609E0234113505CA2E77 = {
+ isa = PBXFileReference;
+ path = cssmcert.h;
+ refType = 4;
+ };
+ 320F609F0234113505CA2E77 = {
+ fileRef = 320F609D0234113505CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 320F60A00234113505CA2E77 = {
+ fileRef = 320F609E0234113505CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 322C5F3B02B9641F05CA2E77 = {
+ buildArgumentsString = "-f $(SRCROOT)/keychains/Makefile $ACTION";
+ buildPhases = (
+ );
+ buildSettings = {
+ OTHER_CFLAGS = "";
+ OTHER_LDFLAGS = "";
+ OTHER_REZFLAGS = "";
+ PRODUCT_NAME = "System Keychains";
+ SECTORDER_FLAGS = "";
+ WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+ };
+ buildToolPath = /usr/bin/gnumake;
+ buildWorkingDirectory = "";
+ dependencies = (
+ );
+ isa = PBXLegacyTarget;
+ name = "System Keychains";
+ productName = "System Keychains";
+ settingsToExpand = 6;
+ settingsToPassInEnvironment = 287;
+ settingsToPassOnCommandLine = 280;
+ shouldUseHeadermap = 0;
+ };
+ 32361EEC01EB8FCF05CA2E77 = {
+ isa = PBXFileReference;
+ path = notifications.h;
+ refType = 4;
+ };
+ 32361EED01EB8FCF05CA2E77 = {
+ isa = PBXFileReference;
+ path = notifications.cpp;
+ refType = 4;
+ };
+ 32361EEE01EB8FD005CA2E77 = {
+ fileRef = 32361EEC01EB8FCF05CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 32361EEF01EB8FD005CA2E77 = {
+ fileRef = 32361EED01EB8FCF05CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 32361F0701F4B28E05CA2E77 = {
+ isa = PBXFileReference;
+ path = ucspNotify.defs;
+ refType = 4;
+ };
+ 32361F0A01F4B39505CA2E77 = {
+ fileRef = 01FA823CFFF2B54C11CD283A;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 324414870236DD1505CA2E77 = {
+ isa = PBXFileReference;
+ path = cfutilities.cpp;
+ refType = 4;
+ };
+ 324414880236DD1505CA2E77 = {
+ isa = PBXFileReference;
+ path = cfutilities.h;
+ refType = 4;
+ };
+ 324414890236DD1505CA2E77 = {
+ fileRef = 324414870236DD1505CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 3244148A0236DD1505CA2E77 = {
+ fileRef = 324414880236DD1505CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 3244148B0236DD2705CA2E77 = {
+ children = (
+ 324414880236DD1505CA2E77,
+ 324414870236DD1505CA2E77,
+ );
+ isa = PBXGroup;
+ name = CF;
+ refType = 4;
+ };
+ 3244148C023837A505CA2E77 = {
+ isa = PBXFileReference;
+ path = TrustStore.cpp;
+ refType = 4;
+ };
+ 3244148D023837A505CA2E77 = {
+ isa = PBXFileReference;
+ path = TrustStore.h;
+ refType = 4;
+ };
+ 3244148E023837A505CA2E77 = {
+ fileRef = 3244148C023837A505CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 3244148F023837A505CA2E77 = {
+ fileRef = 3244148D023837A505CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 3253C16401C7D8A005CA2E77 = {
+ isa = PBXFileReference;
+ path = entropy.h;
+ refType = 4;
+ };
+ 3253C16501C7D8A005CA2E77 = {
+ isa = PBXFileReference;
+ path = entropy.cpp;
+ refType = 4;
+ };
+ 3253C16601C7D8A105CA2E77 = {
+ fileRef = 3253C16401C7D8A005CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 3253C16701C7D8A105CA2E77 = {
+ fileRef = 3253C16501C7D8A005CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 32554D7901F4C97305CA2E77 = {
+ isa = PBXFileReference;
+ path = ucspNotifySender.cpp;
+ refType = 4;
+ };
+ 32554D7A01F4C97305CA2E77 = {
+ isa = PBXFileReference;
+ path = ucspNotify.h;
+ refType = 4;
+ };
+ 32554D7B01F4C97305CA2E77 = {
+ fileRef = 32554D7A01F4C97305CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 32554D7C01F4C97405CA2E77 = {
+ fileRef = 32554D7901F4C97305CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
325EAA2100D6B08805CD296C = {
isa = PBXBundleReference;
path = AppleCSP.bundle;
325EAA2800D6B08805CD296C,
);
buildSettings = {
- LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
+ CURRENT_PROJECT_VERSION = 53;
+ LIBRARY_SEARCH_PATHS = "";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
OTHER_CFLAGS = "";
OTHER_LDFLAGS = "-bundle -undefined error";
OTHER_REZFLAGS = "";
PRODUCT_NAME = AppleCSP;
SECTORDER_FLAGS = "";
+ VERSIONING_SYSTEM = "apple-generic";
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
WRAPPER_EXTENSION = bundle;
};
productName = "AppleCSP Plugin";
productReference = 325EAA2100D6B08805CD296C;
productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
+<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
+<plist version=\"1.0\">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundlePackageType</key>
<string>BNDL</string>
<key>CFBundleShortVersionString</key>
- <string></string>
+ <string>1.1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>0.0.1d1</string>
+ <string>53</string>
</dict>
</plist>
";
files = (
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
325EAA2500D6B08805CD296C = {
buildActionMask = 2147483647;
files = (
);
isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
};
325EAA2600D6B08805CD296C = {
buildActionMask = 2147483647;
325EAA3800D6B47505CD296C,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
325EAA2700D6B08805CD296C = {
buildActionMask = 2147483647;
325EAA3300D6B2BF05CD296C,
325EAA3400D6B2BF05CD296C,
325EAA3500D6B2BF05CD296C,
- 325EAA3600D6B2BF05CD296C,
3290381400D6B78A05CD296C,
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
325EAA2800D6B08805CD296C = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
325EAA2900D6B23F05CD296C = {
children = (
settings = {
};
};
- 325EAA3600D6B2BF05CD296C = {
- fileRef = 1A23E785009758847F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
325EAA3700D6B47405CD296C = {
isa = PBXFileReference;
path = AppleCSPPlugin.cpp;
settings = {
};
};
- 32615BB000E3B46905CD296C = {
- isa = PBXFileReference;
- path = yarrowseed.h;
- refType = 4;
- };
- 32615BB100E3B46A05CD296C = {
- fileRef = 32615BB000E3B46905CD296C;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 32615BB200E3B4A105CD296C = {
+ 32623CFC024BBA3B05CA2E77 = {
isa = PBXFileReference;
- path = yarrowseed.cpp;
- refType = 4;
+ name = aclclient.cpp;
+ path = cdsa/cdsa_client/aclclient.cpp;
+ refType = 2;
};
- 32615BB300E3B4A205CD296C = {
- fileRef = 32615BB200E3B4A105CD296C;
+ 32623CFD024BBA3B05CA2E77 = {
+ fileRef = 32623CFC024BBA3B05CA2E77;
isa = PBXBuildFile;
settings = {
};
path = multiobserver.cpp;
refType = 4;
};
- 3264486600D54DD305CD296C = {
- fileRef = 3264486400D54DD305CD296C;
+ 326618CC01C6844C05CA2E77 = {
+ isa = PBXFileReference;
+ path = acl_protectedpw.cpp;
+ refType = 4;
+ };
+ 326618CD01C6844C05CA2E77 = {
+ isa = PBXFileReference;
+ path = acl_protectedpw.h;
+ refType = 4;
+ };
+ 326618CE01C6844D05CA2E77 = {
+ fileRef = 326618CD01C6844C05CA2E77;
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
);
};
};
- 3264486700D54DD305CD296C = {
- fileRef = 3264486500D54DD305CD296C;
+ 326618CF01C6844D05CA2E77 = {
+ fileRef = 326618CC01C6844C05CA2E77;
isa = PBXBuildFile;
settings = {
};
settings = {
};
};
+ 3283A53602B96AED05CA2E77 = {
+ isa = PBXTargetDependency;
+ target = 322C5F3B02B9641F05CA2E77;
+ };
+ 3283A53702B96AF805CA2E77 = {
+ children = (
+ 3283A53802B96B2A05CA2E77,
+ 3283A53902B96B2A05CA2E77,
+ );
+ isa = PBXGroup;
+ path = keychains;
+ refType = 4;
+ };
+ 3283A53802B96B2A05CA2E77 = {
+ isa = PBXFileReference;
+ path = Makefile;
+ refType = 4;
+ };
+ 3283A53902B96B2A05CA2E77 = {
+ isa = PBXFileReference;
+ path = X509Anchors;
+ refType = 4;
+ };
+ 32867BA70231611A05CA2E77 = {
+ isa = PBXFileReference;
+ path = tpclient.cpp;
+ refType = 4;
+ };
+ 32867BA80231611A05CA2E77 = {
+ isa = PBXFileReference;
+ path = tpclient.h;
+ refType = 4;
+ };
+ 32867BA90231611A05CA2E77 = {
+ fileRef = 32867BA70231611A05CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 32867BAA0231611A05CA2E77 = {
+ fileRef = 32867BA80231611A05CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 32867BAB02316C3905CA2E77 = {
+ isa = PBXFileReference;
+ path = clclient.cpp;
+ refType = 4;
+ };
+ 32867BAC02316C3905CA2E77 = {
+ isa = PBXFileReference;
+ path = clclient.h;
+ refType = 4;
+ };
+ 32867BAD02316C3905CA2E77 = {
+ fileRef = 32867BAB02316C3905CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 32867BAE02316C3905CA2E77 = {
+ fileRef = 32867BAC02316C3905CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 32867BB202316E3305CA2E77 = {
+ isa = PBXFileReference;
+ path = cssmtrust.cpp;
+ refType = 4;
+ };
+ 32867BB302316E3305CA2E77 = {
+ isa = PBXFileReference;
+ path = cssmtrust.h;
+ refType = 4;
+ };
+ 32867BB402316E3305CA2E77 = {
+ fileRef = 32867BB202316E3305CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 32867BB502316E3305CA2E77 = {
+ fileRef = 32867BB302316E3305CA2E77;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
3290381400D6B78A05CD296C = {
fileRef = 1BA451B10097605B7F000001;
isa = PBXBuildFile;
3290382100D6BA5905CD296C,
);
buildSettings = {
- LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
+ CURRENT_PROJECT_VERSION = 53;
+ LIBRARY_SEARCH_PATHS = "";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "-bundle -undefined suppress";
+ OTHER_LDFLAGS = "-bundle -undefined error";
OTHER_REZFLAGS = "";
PRODUCT_NAME = AppleDL;
SECTORDER_FLAGS = "";
+ VERSIONING_SYSTEM = "apple-generic";
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
WRAPPER_EXTENSION = bundle;
};
productName = "AppleDL Plugin";
productReference = 3290381500D6BA5905CD296C;
productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
+<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
+<plist version=\"1.0\">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundlePackageType</key>
<string>BNDL</string>
<key>CFBundleShortVersionString</key>
- <string></string>
+ <string>1.1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>0.0.1d1</string>
+ <string>53</string>
</dict>
</plist>
";
files = (
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
3290381B00D6BA5905CD296C = {
buildActionMask = 2147483647;
files = (
);
isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
};
3290381C00D6BA5905CD296C = {
buildActionMask = 2147483647;
3290383C00D6BB3705CD296C,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
3290381D00D6BA5905CD296C = {
buildActionMask = 2147483647;
files = (
3290381E00D6BA5905CD296C,
- 3290381F00D6BA5905CD296C,
3290382000D6BA5905CD296C,
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
3290381E00D6BA5905CD296C = {
fileRef = 1BA451B10097605B7F000001;
settings = {
};
};
- 3290381F00D6BA5905CD296C = {
- fileRef = 1A23E785009758847F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
3290382000D6BA5905CD296C = {
fileRef = 014880C8005EAE4D11CD283A;
isa = PBXBuildFile;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
3290382200D6BA5905CD296C = {
buildPhases = (
3290382700D6BA5905CD296C,
);
buildSettings = {
- LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
+ CURRENT_PROJECT_VERSION = 53;
+ LIBRARY_SEARCH_PATHS = "";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "-bundle -undefined suppress";
+ OTHER_LDFLAGS = "-bundle -undefined error";
OTHER_REZFLAGS = "";
PRODUCT_NAME = AppleCSPDL;
SECTORDER_FLAGS = "";
+ VERSIONING_SYSTEM = "apple-generic";
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
WRAPPER_EXTENSION = bundle;
};
productName = "AppleCSPDL Plugin";
productReference = 3290381600D6BA5905CD296C;
productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
+<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
+<plist version=\"1.0\">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundlePackageType</key>
<string>BNDL</string>
<key>CFBundleShortVersionString</key>
- <string></string>
+ <string>1.1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>0.0.1d1</string>
+ <string>53</string>
</dict>
</plist>
";
files = (
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
3290382400D6BA5905CD296C = {
buildActionMask = 2147483647;
files = (
);
isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
};
3290382500D6BA5905CD296C = {
buildActionMask = 2147483647;
327DDDE800D6FC1B05CD296C,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
3290382600D6BA5905CD296C = {
buildActionMask = 2147483647;
files = (
3290384000D6BB3705CD296C,
3290384100D6BB3705CD296C,
- 3290384200D6BB3705CD296C,
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
3290382700D6BA5905CD296C = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
3290382800D6BA5905CD296C = {
buildPhases = (
3290382D00D6BA5905CD296C,
);
buildSettings = {
- LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
+ CURRENT_PROJECT_VERSION = 53;
+ LIBRARY_SEARCH_PATHS = "";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "-bundle -undefined suppress";
+ OTHER_LDFLAGS = "-bundle -undefined error";
OTHER_REZFLAGS = "";
PRODUCT_NAME = AppleX509CL;
SECTORDER_FLAGS = "";
+ VERSIONING_SYSTEM = "apple-generic";
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
WRAPPER_EXTENSION = bundle;
};
productName = "AppleX509CL Plugin";
productReference = 3290381700D6BA5905CD296C;
productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
+<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
+<plist version=\"1.0\">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundlePackageType</key>
<string>BNDL</string>
<key>CFBundleShortVersionString</key>
- <string></string>
+ <string>1.1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>0.0.1d1</string>
+ <string>53</string>
</dict>
</plist>
";
files = (
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
3290382A00D6BA5905CD296C = {
buildActionMask = 2147483647;
files = (
);
isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
};
3290382B00D6BA5905CD296C = {
buildActionMask = 2147483647;
3290384500D6BB3705CD296C,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
3290382C00D6BA5905CD296C = {
buildActionMask = 2147483647;
files = (
3290384600D6BB3705CD296C,
3290384700D6BB3705CD296C,
- 3290384800D6BB3705CD296C,
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
3290382D00D6BA5905CD296C = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
3290382E00D6BA5905CD296C = {
buildPhases = (
3290383300D6BA5905CD296C,
);
buildSettings = {
- INSTALL_PATH = "";
- LIBRARY_SEARCH_PATHS = /usr/lib/gcc/darwin/2.95.2;
- OPTIMIZATION_CFLAGS = "-O2 -DNDEBUG";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "-bundle -undefined suppress";
+ CURRENT_PROJECT_VERSION = 53;
+ LIBRARY_SEARCH_PATHS = "";
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
+ OTHER_LDFLAGS = "-bundle -undefined error";
OTHER_REZFLAGS = "";
PRODUCT_NAME = AppleX509TP;
SECTORDER_FLAGS = "";
+ VERSIONING_SYSTEM = "apple-generic";
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
WRAPPER_EXTENSION = bundle;
};
);
isa = PBXBundleTarget;
name = "AppleX509TP Plugin";
- productInstallPath = "";
productName = "AppleX509TP Plugin";
productReference = 3290381800D6BA5905CD296C;
productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
+<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
+<plist version=\"1.0\">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundlePackageType</key>
<string>BNDL</string>
<key>CFBundleShortVersionString</key>
- <string></string>
+ <string>1.1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>0.0.1d1</string>
+ <string>53</string>
</dict>
</plist>
";
files = (
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
3290383000D6BA5905CD296C = {
buildActionMask = 2147483647;
files = (
+ 9D103F9F01AC72C200003D05,
+ 9D103FA001AC72C200003D05,
);
isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
};
3290383100D6BA5905CD296C = {
buildActionMask = 2147483647;
3290384B00D6BB3705CD296C,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
3290383200D6BA5905CD296C = {
buildActionMask = 2147483647;
files = (
3290384C00D6BB3705CD296C,
3290384D00D6BB3705CD296C,
- 3290384E00D6BB3705CD296C,
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
3290383300D6BA5905CD296C = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
3290383500D6BB3705CD296C = {
isa = PBXFileReference;
settings = {
};
};
- 3290384200D6BB3705CD296C = {
- fileRef = 1A23E785009758847F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
3290384300D6BB3705CD296C = {
isa = PBXTargetDependency;
target = 3290382800D6BA5905CD296C;
settings = {
};
};
- 3290384800D6BB3705CD296C = {
- fileRef = 1A23E785009758847F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
3290384900D6BB3705CD296C = {
isa = PBXTargetDependency;
target = 3290382E00D6BA5905CD296C;
settings = {
};
};
- 3290384E00D6BB3705CD296C = {
- fileRef = 1A23E785009758847F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
3290384F00D6BB7805CD296C = {
isa = PBXTargetDependency;
target = 3290385000D6BB7805CD296C;
path = networkchooser.h;
refType = 4;
};
- 4D37AD4200AA03857F000001 = {
- fileRef = 4D37AD3A00AA03857F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 4D37AD4300AA03857F000001 = {
- fileRef = 4D37AD3C00AA03857F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 4D37AD4400AA03857F000001 = {
- fileRef = 4D37AD3E00AA03857F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 4D37AD4500AA03857F000001 = {
- fileRef = 4D37AD3F00AA03857F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 4D37AD4600AA03857F000001 = {
- fileRef = 4D37AD4100AA03857F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- };
- };
- 4D37AD4700AA03857F000001 = {
- fileRef = 4D37AD3900AA03857F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 4D37AD4800AA03857F000001 = {
- fileRef = 4D37AD3B00AA03857F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 4D37AD4900AA03857F000001 = {
- fileRef = 4D37AD3D00AA03857F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 4D37AD4A00AA03857F000001 = {
- fileRef = 4D37AD4000AA03857F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
//4D0
//4D1
//4D2
//522
//523
//524
-//560
-//561
-//562
-//563
-//564
- 560B41E100E23FA50DCD28E8 = {
- isa = PBXFileReference;
- path = MacYarrow_OSX.cpp;
- refType = 4;
- };
- 560B41E200E23FA50DCD28E8 = {
- isa = PBXFileReference;
- path = MacYarrow_OSX.h;
- refType = 4;
- };
- 568640ED00E23FD90DCD28E8 = {
- fileRef = 560B41E200E23FA50DCD28E8;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 568640EE00E23FD90DCD28E8 = {
- fileRef = 560B41E100E23FA50DCD28E8;
- isa = PBXBuildFile;
- settings = {
- };
- };
-//560
-//561
-//562
-//563
-//564
//570
//571
//572
//592
//593
//594
+//5B0
+//5B1
+//5B2
+//5B3
+//5B4
+ 5BA4A42D01F4E3F504CA2E82 = {
+ isa = PBXFileReference;
+ path = Identity.cpp;
+ refType = 4;
+ };
+ 5BA4A42E01F4E3F504CA2E82 = {
+ isa = PBXFileReference;
+ path = Identity.h;
+ refType = 4;
+ };
+ 5BA4A43101F4E3F604CA2E82 = {
+ fileRef = 5BA4A42E01F4E3F504CA2E82;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 5BA4A43301F4E3F604CA2E82 = {
+ fileRef = 5BA4A42D01F4E3F504CA2E82;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+//5B0
+//5B1
+//5B2
+//5B3
+//5B4
//630
//631
//632
//632
//633
//634
-//F50
-//F51
-//F52
-//F53
-//F54
- F579CFD900E99FC401CD283A = {
+//8F0
+//8F1
+//8F2
+//8F3
+//8F4
+ 8F7ACD2A02357F2503CA2E8C = {
isa = PBXFileReference;
- path = Schema.m4;
+ path = SecACL.h;
refType = 4;
};
- F58785C800FB965F01CD29D4 = {
+ 8F7ACD2B02357F2503CA2E8C = {
isa = PBXFileReference;
- name = checkpw.c;
- path = checkpw/checkpw.c;
- refType = 2;
+ path = SecACL.cpp;
+ refType = 4;
};
- F58785C900FB965F01CD29D4 = {
+ 8F7ACD2C02357F2503CA2E8C = {
+ fileRef = 8F7ACD2A02357F2503CA2E8C;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 8F7ACD2D02357F2503CA2E8C = {
+ fileRef = 8F7ACD2B02357F2503CA2E8C;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 8F7ACD300235805903CA2E8C = {
isa = PBXFileReference;
- name = checkpw.h;
- path = checkpw/checkpw.h;
- refType = 2;
+ path = ACL.h;
+ refType = 4;
};
- F58785CA00FB966001CD29D4 = {
- fileRef = F58785C900FB965F01CD29D4;
+ 8F7ACD310235805903CA2E8C = {
+ isa = PBXFileReference;
+ path = ACL.cpp;
+ refType = 4;
+ };
+ 8F7ACD320235805903CA2E8C = {
+ fileRef = 8F7ACD300235805903CA2E8C;
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
);
};
};
- F58785CB00FB966001CD29D4 = {
- fileRef = F58785C800FB965F01CD29D4;
+ 8F7ACD330235805903CA2E8C = {
+ fileRef = 8F7ACD310235805903CA2E8C;
isa = PBXBuildFile;
settings = {
};
};
- F5A5E50E00FB884E01CD29D4 = {
+//8F0
+//8F1
+//8F2
+//8F3
+//8F4
+//9D0
+//9D1
+//9D2
+//9D3
+//9D4
+ 9D09B90701B4314500003D05 = {
+ isa = PBXFileReference;
+ path = tp_policyOids.mdsinfo;
+ refType = 4;
+ };
+ 9D09B90801B4314500003D05 = {
+ fileRef = 9D09B90701B4314500003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D103F9F01AC72C200003D05 = {
+ fileRef = 9DAE2E2A01A2F93200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D103FA001AC72C200003D05 = {
+ fileRef = 9DAE2E2901A2F93200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D14AC52020093D100003D05 = {
+ isa = PBXFileReference;
+ path = tpCredRequest.cpp;
+ refType = 4;
+ };
+ 9D14AC53020093D100003D05 = {
+ fileRef = 9D14AC52020093D100003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D1DEC190198777400003D05 = {
+ isa = PBXFileReference;
+ name = MDSAttrStrings.h;
+ path = cdsa/mds/MDSAttrStrings.h;
+ refType = 4;
+ };
+ 9D1DEC1A0198777400003D05 = {
+ fileRef = 9D1DEC190198777400003D05;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 9D1DEC1B0198796200003D05 = {
+ isa = PBXFileReference;
+ name = MDSAttrStrings.cpp;
+ path = cdsa/mds/MDSAttrStrings.cpp;
+ refType = 2;
+ };
+ 9D1DEC1C0198796200003D05 = {
+ fileRef = 9D1DEC1B0198796200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D206AA601EB68F200003D05 = {
+ isa = PBXFileReference;
+ name = NullCryptor.h;
+ path = MiscCSPAlgs/NullCryptor.h;
+ refType = 4;
+ };
+ 9D206AA701EB68F200003D05 = {
+ fileRef = 9D206AA601EB68F200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D291872026B4FF900003D05 = {
children = (
- F58785C800FB965F01CD29D4,
- F58785C900FB965F01CD29D4,
+ 9D291875026B502600003D05,
+ 9D291876026B502600003D05,
+ 9D291877026B502600003D05,
+ 9D291878026B502600003D05,
+ 9D291879026B502600003D05,
);
isa = PBXGroup;
- name = checkpw;
+ name = dh;
refType = 4;
};
- F5DDE3AE00B3358F01CD283A = {
- buildActionMask = 2147483647;
+ 9D291875026B502600003D05 = {
+ isa = PBXFileReference;
+ name = dh_check.c;
+ path = dh/dh_check.c;
+ refType = 4;
+ };
+ 9D291876026B502600003D05 = {
+ isa = PBXFileReference;
+ name = dh_err.c;
+ path = dh/dh_err.c;
+ refType = 4;
+ };
+ 9D291877026B502600003D05 = {
+ isa = PBXFileReference;
+ name = dh_gen.c;
+ path = dh/dh_gen.c;
+ refType = 4;
+ };
+ 9D291878026B502600003D05 = {
+ isa = PBXFileReference;
+ name = dh_key.c;
+ path = dh/dh_key.c;
+ refType = 4;
+ };
+ 9D291879026B502600003D05 = {
+ isa = PBXFileReference;
+ name = dh_lib.c;
+ path = dh/dh_lib.c;
+ refType = 4;
+ };
+ 9D29187A026B502600003D05 = {
+ fileRef = 9D291875026B502600003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D29187B026B502600003D05 = {
+ fileRef = 9D291876026B502600003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D29187C026B502600003D05 = {
+ fileRef = 9D291877026B502600003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D29187D026B502600003D05 = {
+ fileRef = 9D291878026B502600003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D29187E026B502600003D05 = {
+ fileRef = 9D291879026B502600003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D29187F026B504700003D05 = {
+ isa = PBXFileReference;
+ name = dh.h;
+ path = openssl/dh.h;
+ refType = 4;
+ };
+ 9D291880026B504700003D05 = {
+ fileRef = 9D29187F026B504700003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D291881026B56B800003D05 = {
+ children = (
+ 9D291882026B56DA00003D05,
+ 9D291883026B56DA00003D05,
+ 9D291884026B56DA00003D05,
+ 9D291885026B56DA00003D05,
+ 9D291886026B56DA00003D05,
+ 9D291887026B56DA00003D05,
+ 9D29188E026B8BBD00003D05,
+ 9D29188F026B8BBD00003D05,
+ );
+ isa = PBXGroup;
+ name = DiffieHellman;
+ path = AppleCSP;
+ refType = 2;
+ };
+ 9D291882026B56DA00003D05 = {
+ isa = PBXFileReference;
+ name = DH_csp.cpp;
+ path = DiffieHellman/DH_csp.cpp;
+ refType = 4;
+ };
+ 9D291883026B56DA00003D05 = {
+ isa = PBXFileReference;
+ name = DH_csp.h;
+ path = DiffieHellman/DH_csp.h;
+ refType = 4;
+ };
+ 9D291884026B56DA00003D05 = {
+ isa = PBXFileReference;
+ name = DH_exchange.cpp;
+ path = DiffieHellman/DH_exchange.cpp;
+ refType = 4;
+ };
+ 9D291885026B56DA00003D05 = {
+ isa = PBXFileReference;
+ name = DH_exchange.h;
+ path = DiffieHellman/DH_exchange.h;
+ refType = 4;
+ };
+ 9D291886026B56DA00003D05 = {
+ isa = PBXFileReference;
+ name = DH_keys.cpp;
+ path = DiffieHellman/DH_keys.cpp;
+ refType = 4;
+ };
+ 9D291887026B56DA00003D05 = {
+ isa = PBXFileReference;
+ name = DH_keys.h;
+ path = DiffieHellman/DH_keys.h;
+ refType = 4;
+ };
+ 9D291888026B56DA00003D05 = {
+ fileRef = 9D291882026B56DA00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D291889026B56DA00003D05 = {
+ fileRef = 9D291883026B56DA00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D29188A026B56DA00003D05 = {
+ fileRef = 9D291884026B56DA00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D29188B026B56DA00003D05 = {
+ fileRef = 9D291885026B56DA00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D29188C026B56DA00003D05 = {
+ fileRef = 9D291886026B56DA00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D29188D026B56DA00003D05 = {
+ fileRef = 9D291887026B56DA00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D29188E026B8BBD00003D05 = {
+ isa = PBXFileReference;
+ name = DH_utils.cpp;
+ path = DiffieHellman/DH_utils.cpp;
+ refType = 4;
+ };
+ 9D29188F026B8BBD00003D05 = {
+ isa = PBXFileReference;
+ name = DH_utils.h;
+ path = DiffieHellman/DH_utils.h;
+ refType = 4;
+ };
+ 9D291890026B8BBD00003D05 = {
+ fileRef = 9D29188E026B8BBD00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D291891026B8BBD00003D05 = {
+ fileRef = 9D29188F026B8BBD00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D2C3D0001C826C800003D05 = {
+ isa = PBXFileReference;
+ path = gladmanContext.h;
+ refType = 4;
+ };
+ 9D2C3D0101C826C800003D05 = {
+ fileRef = 9D2C3D0001C826C800003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D2C3D0201C82F6000003D05 = {
+ isa = PBXFileReference;
+ path = aesCommon.h;
+ refType = 4;
+ };
+ 9D2C3D0301C82F6100003D05 = {
+ fileRef = 9D2C3D0201C82F6000003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D4B1BC70156C2E500A17CD1 = {
+ isa = PBXFileReference;
+ path = tpCertGroup.cpp;
+ refType = 4;
+ };
+ 9D4B1BC80156C2E500A17CD1 = {
+ fileRef = 9D4B1BC70156C2E500A17CD1;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D518682018F278000003D05 = {
+ children = (
+ 9D518683018F27B400003D05,
+ 9D1DEC1B0198796200003D05,
+ 9D1DEC190198777400003D05,
+ 9D518686018F27B400003D05,
+ 9D518687018F27B400003D05,
+ 9D518688018F27B400003D05,
+ 9D518689018F27B400003D05,
+ 9D51868A018F27B400003D05,
+ 9D51868B018F27B400003D05,
+ 9D69C0260198A8E000003D05,
+ 9D69C0280198AB3700003D05,
+ 9D69C02A019AF15E00003D05,
+ 9D64BAE9019AF3B800003D05,
+ 9D64BAEB019AFD7900003D05,
+ 9D64BAED019AFE3600003D05,
+ );
+ isa = PBXGroup;
+ name = MDS;
+ path = "";
+ refType = 2;
+ };
+ 9D518683018F27B400003D05 = {
+ isa = PBXFileReference;
+ name = mdsapi.cpp;
+ path = cdsa/mds/mdsapi.cpp;
+ refType = 4;
+ };
+ 9D518686018F27B400003D05 = {
+ isa = PBXFileReference;
+ name = MDSModule.cpp;
+ path = cdsa/mds/MDSModule.cpp;
+ refType = 4;
+ };
+ 9D518687018F27B400003D05 = {
+ isa = PBXFileReference;
+ name = MDSModule.h;
+ path = cdsa/mds/MDSModule.h;
+ refType = 4;
+ };
+ 9D518688018F27B400003D05 = {
+ isa = PBXFileReference;
+ name = MDSSchema.cpp;
+ path = cdsa/mds/MDSSchema.cpp;
+ refType = 4;
+ };
+ 9D518689018F27B400003D05 = {
+ isa = PBXFileReference;
+ name = MDSSchema.h;
+ path = cdsa/mds/MDSSchema.h;
+ refType = 4;
+ };
+ 9D51868A018F27B400003D05 = {
+ isa = PBXFileReference;
+ name = MDSSession.cpp;
+ path = cdsa/mds/MDSSession.cpp;
+ refType = 4;
+ };
+ 9D51868B018F27B400003D05 = {
+ isa = PBXFileReference;
+ name = MDSSession.h;
+ path = cdsa/mds/MDSSession.h;
+ refType = 4;
+ };
+ 9D51868D018F27B500003D05 = {
+ fileRef = 9D518687018F27B400003D05;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 9D51868E018F27B500003D05 = {
+ fileRef = 9D518689018F27B400003D05;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 9D51868F018F27B500003D05 = {
+ fileRef = 9D51868B018F27B400003D05;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 9D518690018F27B500003D05 = {
+ fileRef = 9D518683018F27B400003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D518692018F27B500003D05 = {
+ fileRef = 9D518686018F27B400003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D518693018F27B500003D05 = {
+ fileRef = 9D518688018F27B400003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D518694018F27B500003D05 = {
+ fileRef = 9D51868A018F27B400003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D64BAE9019AF3B800003D05 = {
+ isa = PBXFileReference;
+ name = MDSAttrUtils.cpp;
+ path = cdsa/mds/MDSAttrUtils.cpp;
+ refType = 4;
+ };
+ 9D64BAEA019AF3B800003D05 = {
+ fileRef = 9D64BAE9019AF3B800003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D64BAEB019AFD7900003D05 = {
+ isa = PBXFileReference;
+ name = MDSDictionary.h;
+ path = cdsa/mds/MDSDictionary.h;
+ refType = 4;
+ };
+ 9D64BAEC019AFD7900003D05 = {
+ fileRef = 9D64BAEB019AFD7900003D05;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 9D64BAED019AFE3600003D05 = {
+ isa = PBXFileReference;
+ name = MDSDictionary.cpp;
+ path = cdsa/mds/MDSDictionary.cpp;
+ refType = 4;
+ };
+ 9D64BAEE019AFE3700003D05 = {
+ fileRef = 9D64BAED019AFE3600003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D64BAEF019B173900003D05 = {
+ isa = PBXFileReference;
+ path = cssm.mdsinfo;
+ refType = 4;
+ };
+ 9D64BAF0019B173900003D05 = {
+ fileRef = 9D64BAEF019B173900003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D64BAF1019B176100003D05 = {
+ isa = PBXFileReference;
+ path = csp_capabilities.mdsinfo;
+ refType = 4;
+ };
+ 9D64BAF2019B176100003D05 = {
+ isa = PBXFileReference;
+ path = csp_common.mdsinfo;
+ refType = 4;
+ };
+ 9D64BAF3019B176100003D05 = {
+ isa = PBXFileReference;
+ path = csp_primary.mdsinfo;
+ refType = 4;
+ };
+ 9D64BAF4019B176200003D05 = {
+ fileRef = 9D64BAF1019B176100003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D64BAF5019B176200003D05 = {
+ fileRef = 9D64BAF2019B176100003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D64BAF6019B176200003D05 = {
+ fileRef = 9D64BAF3019B176100003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D69C0260198A8E000003D05 = {
+ isa = PBXFileReference;
+ name = MDSAttrParser.h;
+ path = cdsa/mds/MDSAttrParser.h;
+ refType = 4;
+ };
+ 9D69C0270198A8E100003D05 = {
+ fileRef = 9D69C0260198A8E000003D05;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 9D69C0280198AB3700003D05 = {
+ isa = PBXFileReference;
+ name = MDSAttrParser.cpp;
+ path = cdsa/mds/MDSAttrParser.cpp;
+ refType = 4;
+ };
+ 9D69C0290198AB3700003D05 = {
+ fileRef = 9D69C0280198AB3700003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D69C02A019AF15E00003D05 = {
+ isa = PBXFileReference;
+ name = MDSAttrUtils.h;
+ path = cdsa/mds/MDSAttrUtils.h;
+ refType = 4;
+ };
+ 9D69C02B019AF15E00003D05 = {
+ fileRef = 9D69C02A019AF15E00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 9D78BC7201EBB3F900003D05 = {
+ isa = PBXFileReference;
+ path = tls_hmac.h;
+ refType = 4;
+ };
+ 9D78BC7301EBB3F900003D05 = {
+ fileRef = 9D78BC7201EBB3F900003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D78BC7401EBB71A00003D05 = {
+ isa = PBXFileReference;
+ path = tls_hmac.c;
+ refType = 4;
+ };
+ 9D78BC7501EBB71A00003D05 = {
+ fileRef = 9D78BC7401EBB71A00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D78BC7601EBBBED00003D05 = {
+ isa = PBXFileReference;
+ path = tls_ssl.h;
+ refType = 4;
+ };
+ 9D78BC7701EBBBED00003D05 = {
+ fileRef = 9D78BC7601EBBBED00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D78BC7801EBCA2300003D05 = {
+ isa = PBXFileReference;
+ path = ssl3Callouts.c;
+ refType = 4;
+ };
+ 9D78BC7901EBCA2400003D05 = {
+ fileRef = 9D78BC7801EBCA2300003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D78BC7A01ECA79D00003D05 = {
+ isa = PBXFileReference;
+ path = tls1Callouts.c;
+ refType = 4;
+ };
+ 9D78BC7B01ECA79D00003D05 = {
+ fileRef = 9D78BC7A01ECA79D00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D8B6A2A015A48F500A17CD1 = {
+ isa = PBXFileReference;
+ path = digestobject.h;
+ refType = 4;
+ };
+ 9D8B6A2B015A48F500A17CD1 = {
+ fileRef = 9D8B6A2A015A48F500A17CD1;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ 9D8F0D1D01C80C0C00003D05 = {
+ isa = PBXFileReference;
+ path = gladmanContext.cpp;
+ refType = 4;
+ };
+ 9D8F0D1E01C80C0C00003D05 = {
+ isa = PBXFileReference;
+ path = rijndaelGladman.c;
+ refType = 4;
+ };
+ 9D8F0D1F01C80C0C00003D05 = {
+ isa = PBXFileReference;
+ path = rijndaelGladman.h;
+ refType = 4;
+ };
+ 9D8F0D2001C80C0C00003D05 = {
+ fileRef = 9D8F0D1F01C80C0C00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D8F0D2901C815A600003D05 = {
+ fileRef = 9D8F0D1F01C80C0C00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D8F0D2A01C815A600003D05 = {
+ fileRef = 9D8F0D1D01C80C0C00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D8F0D2B01C815A600003D05 = {
+ fileRef = 9D8F0D1E01C80C0C00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9D9AEFBA02B6BC6C00003D05 = {
+ isa = PBXFileReference;
+ path = rootCerts.cpp;
+ refType = 4;
+ };
+ 9D9AEFBB02B6BC6C00003D05 = {
+ fileRef = 9D9AEFBA02B6BC6C00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DA13D0401B4638200003D05 = {
+ isa = PBXFileReference;
+ path = csp_capabilities_common.mds;
+ refType = 4;
+ };
+ 9DA13D0501B4638200003D05 = {
+ fileRef = 9DA13D0401B4638200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DAE2E2501A2E63700003D05 = {
+ isa = PBXFileReference;
+ path = cl_primary.mdsinfo;
+ refType = 4;
+ };
+ 9DAE2E2601A2E63700003D05 = {
+ isa = PBXFileReference;
+ path = cl_common.mdsinfo;
+ refType = 4;
+ };
+ 9DAE2E2701A2E63800003D05 = {
+ fileRef = 9DAE2E2601A2E63700003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DAE2E2801A2E63800003D05 = {
+ fileRef = 9DAE2E2501A2E63700003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DAE2E2901A2F93200003D05 = {
+ isa = PBXFileReference;
+ path = tp_common.mdsinfo;
+ refType = 4;
+ };
+ 9DAE2E2A01A2F93200003D05 = {
+ isa = PBXFileReference;
+ path = tp_primary.mdsinfo;
+ refType = 4;
+ };
+ 9DAE2E2B01A2F93200003D05 = {
+ fileRef = 9DAE2E2901A2F93200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DAE2E2C01A2F93200003D05 = {
+ fileRef = 9DAE2E2A01A2F93200003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DAE2E2D01A3378900003D05 = {
+ isa = PBXFileReference;
+ path = dl_common.mdsinfo;
+ refType = 4;
+ };
+ 9DAE2E2E01A3378900003D05 = {
+ isa = PBXFileReference;
+ path = dl_primary.mdsinfo;
+ refType = 4;
+ };
+ 9DAE2E2F01A3378A00003D05 = {
+ fileRef = 9DAE2E2D01A3378900003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DAE2E3001A3378A00003D05 = {
+ fileRef = 9DAE2E2E01A3378900003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DAE2E3201A43D6B00003D05 = {
+ isa = PBXFileReference;
+ path = cspdl_common.mdsinfo;
+ refType = 4;
+ };
+ 9DAE2E3301A43D6B00003D05 = {
+ isa = PBXFileReference;
+ path = cspdl_csp_capabilities.mdsinfo;
+ refType = 4;
+ };
+ 9DAE2E3401A43D6B00003D05 = {
+ isa = PBXFileReference;
+ path = cspdl_csp_primary.mdsinfo;
+ refType = 4;
+ };
+ 9DAE2E3501A43D6B00003D05 = {
+ isa = PBXFileReference;
+ path = cspdl_dl_primary.mdsinfo;
+ refType = 4;
+ };
+ 9DAE2E3601A43D6B00003D05 = {
+ fileRef = 9DAE2E3201A43D6B00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DAE2E3701A43D6B00003D05 = {
+ fileRef = 9DAE2E3301A43D6B00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DAE2E3801A43D6B00003D05 = {
+ fileRef = 9DAE2E3401A43D6B00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DAE2E3901A43D6B00003D05 = {
+ fileRef = 9DAE2E3501A43D6B00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DEEC0299BB8F00003D05 = {
+ children = (
+ 9DC1DEED0299BB9E00003D05,
+ 9DC1DEEE0299BBA900003D05,
+ );
+ isa = PBXGroup;
+ name = CertTool;
+ refType = 4;
+ };
+ 9DC1DEED0299BB9E00003D05 = {
+ children = (
+ 9DC1DEF60299BC6C00003D05,
+ 9DC1DEF70299BC6C00003D05,
+ 9DC1DEF80299BC6C00003D05,
+ );
+ isa = PBXGroup;
+ name = CertTool;
+ refType = 4;
+ };
+ 9DC1DEEE0299BBA900003D05 = {
+ children = (
+ 9DC1DEFC0299BC7F00003D05,
+ 9DC1DEFD0299BC7F00003D05,
+ 9DC1DEFE0299BC7F00003D05,
+ 9DC1DEFF0299BC7F00003D05,
+ 9DC1DF050299BC9500003D05,
+ 9DC1DF060299BC9500003D05,
+ 9DC1DF070299BC9500003D05,
+ 9DC1DF080299BC9500003D05,
+ 9DC1DF090299BC9500003D05,
+ 9DC1DF0A0299BC9500003D05,
+ 9DC1DF0B0299BC9500003D05,
+ 9DC1DF0C0299BC9500003D05,
+ 9DC1DF0D0299BC9500003D05,
+ 9DC1DF0E0299BC9500003D05,
+ );
+ isa = PBXGroup;
+ name = cdsaUtils;
+ path = "";
+ refType = 4;
+ };
+ 9DC1DEEF0299BBCD00003D05 = {
+ buildActionMask = 2147483647;
+ files = (
+ 9DC1DEFB0299BC6C00003D05,
+ 9DC1DF010299BC7F00003D05,
+ 9DC1DF030299BC7F00003D05,
+ 9DC1DF130299BDE300003D05,
+ 9DC1DF150299BDE400003D05,
+ 9DC1DF170299BDE600003D05,
+ 9DC1DF190299BDEA00003D05,
+ 9DC1DF1B0299BDEB00003D05,
+ );
+ isa = PBXHeadersBuildPhase;
+ };
+ 9DC1DEF00299BBCD00003D05 = {
+ buildActionMask = 2147483647;
+ files = (
+ 9DC1DEF90299BC6C00003D05,
+ 9DC1DEFA0299BC6C00003D05,
+ 9DC1DF000299BC7F00003D05,
+ 9DC1DF020299BC7F00003D05,
+ 9DC1DF120299BDE200003D05,
+ 9DC1DF140299BDE300003D05,
+ 9DC1DF160299BDE500003D05,
+ 9DC1DF180299BDE600003D05,
+ 9DC1DF1A0299BDEA00003D05,
+ );
+ isa = PBXSourcesBuildPhase;
+ };
+ 9DC1DEF10299BBCD00003D05 = {
+ buildActionMask = 2147483647;
+ files = (
+ 9DC1DF100299BD8500003D05,
+ 9DC1DF110299BD8C00003D05,
+ );
+ isa = PBXFrameworksBuildPhase;
+ };
+ 9DC1DEF20299BBCD00003D05 = {
+ buildActionMask = 2147483647;
+ files = (
+ );
+ isa = PBXRezBuildPhase;
+ };
+ 9DC1DEF30299BBCD00003D05 = {
+ buildPhases = (
+ 9DC1DEEF0299BBCD00003D05,
+ 9DC1DEF00299BBCD00003D05,
+ 9DC1DEF10299BBCD00003D05,
+ 9DC1DEF20299BBCD00003D05,
+ );
+ buildSettings = {
+ HEADER_SEARCH_PATHS = "$(SRCROOT)/CertTool";
+ INSTALL_PATH = /usr/bin;
+ OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
+ OTHER_CFLAGS = "";
+ OTHER_LDFLAGS = "";
+ OTHER_REZFLAGS = "";
+ PRODUCT_NAME = certtool;
+ REZ_EXECUTABLE = YES;
+ SECTORDER_FLAGS = "";
+ WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
+ };
+ dependencies = (
+ );
+ isa = PBXToolTarget;
+ name = CertTool;
+ productInstallPath = "";
+ productName = CertTool;
+ productReference = 9DC1DEF40299BBCD00003D05;
+ shouldUseHeadermap = 0;
+ };
+ 9DC1DEF40299BBCD00003D05 = {
+ isa = PBXExecutableFileReference;
+ path = certtool;
+ refType = 3;
+ };
+ 9DC1DEF60299BC6C00003D05 = {
+ isa = PBXFileReference;
+ name = CertTool.cpp;
+ path = CertTool/CertTool/CertTool.cpp;
+ refType = 4;
+ };
+ 9DC1DEF70299BC6C00003D05 = {
+ isa = PBXFileReference;
+ name = CertUI.cpp;
+ path = CertTool/CertTool/CertUI.cpp;
+ refType = 4;
+ };
+ 9DC1DEF80299BC6C00003D05 = {
+ isa = PBXFileReference;
+ name = CertUI.h;
+ path = CertTool/CertTool/CertUI.h;
+ refType = 4;
+ };
+ 9DC1DEF90299BC6C00003D05 = {
+ fileRef = 9DC1DEF60299BC6C00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DEFA0299BC6C00003D05 = {
+ fileRef = 9DC1DEF70299BC6C00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DEFB0299BC6C00003D05 = {
+ fileRef = 9DC1DEF80299BC6C00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DEFC0299BC7F00003D05 = {
+ isa = PBXFileReference;
+ name = cdsaUtils.c;
+ path = CertTool/cdsaUtils/cdsaUtils.c;
+ refType = 4;
+ };
+ 9DC1DEFD0299BC7F00003D05 = {
+ isa = PBXFileReference;
+ name = cdsaUtils.h;
+ path = CertTool/cdsaUtils/cdsaUtils.h;
+ refType = 4;
+ };
+ 9DC1DEFE0299BC7F00003D05 = {
+ isa = PBXFileReference;
+ name = cuEnc64.c;
+ path = CertTool/cdsaUtils/cuEnc64.c;
+ refType = 4;
+ };
+ 9DC1DEFF0299BC7F00003D05 = {
+ isa = PBXFileReference;
+ name = cuEnc64.h;
+ path = CertTool/cdsaUtils/cuEnc64.h;
+ refType = 4;
+ };
+ 9DC1DF000299BC7F00003D05 = {
+ fileRef = 9DC1DEFC0299BC7F00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF010299BC7F00003D05 = {
+ fileRef = 9DC1DEFD0299BC7F00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF020299BC7F00003D05 = {
+ fileRef = 9DC1DEFE0299BC7F00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF030299BC7F00003D05 = {
+ fileRef = 9DC1DEFF0299BC7F00003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF050299BC9500003D05 = {
+ isa = PBXFileReference;
+ name = fileIo.c;
+ path = CertTool/cdsaUtils/fileIo.c;
+ refType = 4;
+ };
+ 9DC1DF060299BC9500003D05 = {
+ isa = PBXFileReference;
+ name = fileIo.h;
+ path = CertTool/cdsaUtils/fileIo.h;
+ refType = 4;
+ };
+ 9DC1DF070299BC9500003D05 = {
+ isa = PBXFileReference;
+ name = oidParser.cpp;
+ path = CertTool/cdsaUtils/oidParser.cpp;
+ refType = 4;
+ };
+ 9DC1DF080299BC9500003D05 = {
+ isa = PBXFileReference;
+ name = oidParser.h;
+ path = CertTool/cdsaUtils/oidParser.h;
+ refType = 4;
+ };
+ 9DC1DF090299BC9500003D05 = {
+ isa = PBXFileReference;
+ name = pem.cpp;
+ path = CertTool/cdsaUtils/pem.cpp;
+ refType = 4;
+ };
+ 9DC1DF0A0299BC9500003D05 = {
+ isa = PBXFileReference;
+ name = pem.h;
+ path = CertTool/cdsaUtils/pem.h;
+ refType = 4;
+ };
+ 9DC1DF0B0299BC9500003D05 = {
+ isa = PBXFileReference;
+ name = printCert.cpp;
+ path = CertTool/cdsaUtils/printCert.cpp;
+ refType = 4;
+ };
+ 9DC1DF0C0299BC9500003D05 = {
+ isa = PBXFileReference;
+ name = printCert.h;
+ path = CertTool/cdsaUtils/printCert.h;
+ refType = 4;
+ };
+ 9DC1DF0D0299BC9500003D05 = {
+ isa = PBXFileReference;
+ name = timeStr.cpp;
+ path = CertTool/cdsaUtils/timeStr.cpp;
+ refType = 4;
+ };
+ 9DC1DF0E0299BC9500003D05 = {
+ isa = PBXFileReference;
+ name = timeStr.h;
+ path = CertTool/cdsaUtils/timeStr.h;
+ refType = 4;
+ };
+ 9DC1DF0F0299BCB400003D05 = {
+ isa = PBXTargetDependency;
+ target = 9DC1DEF30299BBCD00003D05;
+ };
+ 9DC1DF100299BD8500003D05 = {
+ fileRef = 1BA451B10097605B7F000001;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF110299BD8C00003D05 = {
+ fileRef = 125E85ADFFF3D44A11CD283A;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF120299BDE200003D05 = {
+ fileRef = 9DC1DF050299BC9500003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF130299BDE300003D05 = {
+ fileRef = 9DC1DF060299BC9500003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF140299BDE300003D05 = {
+ fileRef = 9DC1DF070299BC9500003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF150299BDE400003D05 = {
+ fileRef = 9DC1DF080299BC9500003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF160299BDE500003D05 = {
+ fileRef = 9DC1DF090299BC9500003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF170299BDE600003D05 = {
+ fileRef = 9DC1DF0A0299BC9500003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF180299BDE600003D05 = {
+ fileRef = 9DC1DF0B0299BC9500003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF190299BDEA00003D05 = {
+ fileRef = 9DC1DF0C0299BC9500003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF1A0299BDEA00003D05 = {
+ fileRef = 9DC1DF0D0299BC9500003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ 9DC1DF1B0299BDEB00003D05 = {
+ fileRef = 9DC1DF0E0299BC9500003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+//9D0
+//9D1
+//9D2
+//9D3
+//9D4
+//F50
+//F51
+//F52
+//F53
+//F54
+ F5394A1C0279082901CA2E64 = {
+ fileRef = 07A0F691005DAEE111CD283A;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F540E6F7027A33A501CA2E66 = {
+ isa = PBXFileReference;
+ path = pkcs10.h;
+ refType = 4;
+ };
+ F540E6F9027A33DA01CA2E66 = {
+ isa = PBXFileReference;
+ path = pkcs10.cpp;
+ refType = 4;
+ };
+ F540E6FA027A33DA01CA2E66 = {
+ fileRef = F540E6F9027A33DA01CA2E66;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F540EDC2027A41BF01CA2E66 = {
+ isa = PBXFileReference;
+ path = Session_CSR.cpp;
+ refType = 4;
+ };
+ F540EDC3027A41BF01CA2E66 = {
+ fileRef = F540EDC2027A41BF01CA2E66;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F540EDC4027A41E201CA2E66 = {
+ isa = PBXFileReference;
+ path = pkcs10.asn;
+ refType = 4;
+ };
+ F540EDC8027A43A501CA2E66 = {
+ fileRef = F540E6F7027A33A501CA2E66;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F54323B4022DC91501CA2E64 = {
+ isa = PBXFrameworkReference;
+ path = Security.framework;
+ refType = 3;
+ };
+ F54323BD022DC98301CA2E64 = {
+ isa = PBXFileReference;
+ path = SecCFTypes.cpp;
+ refType = 4;
+ };
+ F54323BE022DC98301CA2E64 = {
+ isa = PBXFileReference;
+ path = SecCFTypes.h;
+ refType = 4;
+ };
+ F54323BF022DC98301CA2E64 = {
+ isa = PBXFileReference;
+ path = SecRuntime.cpp;
+ refType = 4;
+ };
+ F54323C0022DC98301CA2E64 = {
+ isa = PBXFileReference;
+ path = SecRuntime.h;
+ refType = 4;
+ };
+ F54323C6022DC98301CA2E64 = {
+ fileRef = F54323BD022DC98301CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F54323C7022DC98301CA2E64 = {
+ fileRef = F54323BE022DC98301CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F54323C8022DC98301CA2E64 = {
+ fileRef = F54323BF022DC98301CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F54323C9022DC98301CA2E64 = {
+ fileRef = F54323C0022DC98301CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F559B18C01D1510A01CA2E64 = {
+ isa = PBXFileReference;
+ path = trackingallocator.h;
+ refType = 4;
+ };
+ F559B18D01D1510B01CA2E64 = {
+ fileRef = F559B18C01D1510A01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F55B3B460230375401CA2E64 = {
+ isa = PBXFileReference;
+ path = CertificateRequest.h;
+ refType = 4;
+ };
+ F55B3B470230375401CA2E64 = {
+ isa = PBXFileReference;
+ path = CertificateRequest.cpp;
+ refType = 4;
+ };
+ F55B3B480230375401CA2E64 = {
+ fileRef = F55B3B460230375401CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F55B3B490230375401CA2E64 = {
+ fileRef = F55B3B470230375401CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F55B3B4A02303B2A01CA2E64 = {
+ isa = PBXFileReference;
+ path = KeyItem.h;
+ refType = 4;
+ };
+ F55B3B4B02303B2A01CA2E64 = {
+ isa = PBXFileReference;
+ path = KeyItem.cpp;
+ refType = 4;
+ };
+ F55B3B4C02303B2A01CA2E64 = {
+ fileRef = F55B3B4A02303B2A01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F55B3B4D02303B2A01CA2E64 = {
+ fileRef = F55B3B4B02303B2A01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F55B3B4E0230448601CA2E64 = {
+ isa = PBXFileReference;
+ path = Trust.h;
+ refType = 4;
+ };
+ F55B3B4F0230448601CA2E64 = {
+ isa = PBXFileReference;
+ path = Trust.cpp;
+ refType = 4;
+ };
+ F55B3B500230448601CA2E64 = {
+ fileRef = F55B3B4E0230448601CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F55B3B510230448601CA2E64 = {
+ fileRef = F55B3B4F0230448601CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F55B3B7902304A6001CA2E64 = {
+ isa = PBXFileReference;
+ path = TrustedApplication.h;
+ refType = 4;
+ };
+ F55B3B7A02304A6001CA2E64 = {
+ isa = PBXFileReference;
+ path = TrustedApplication.cpp;
+ refType = 4;
+ };
+ F55B3B7B02304A6001CA2E64 = {
+ fileRef = F55B3B7902304A6001CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F55B3B7C02304A6001CA2E64 = {
+ fileRef = F55B3B7A02304A6001CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5786171022EDDE501CA2E64 = {
+ isa = PBXFileReference;
+ path = SecBase.h;
+ refType = 4;
+ };
+ F5786172022EDDE501CA2E64 = {
+ fileRef = F5786171022EDDE501CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F5786173022EDDFB01CA2E64 = {
+ isa = PBXFileReference;
+ path = SecKeychain.h;
+ refType = 4;
+ };
+ F5786174022EDDFB01CA2E64 = {
+ fileRef = F5786173022EDDFB01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F5786175022EDE0501CA2E64 = {
+ isa = PBXFileReference;
+ path = SecKeychainItem.h;
+ refType = 4;
+ };
+ F5786176022EDE0501CA2E64 = {
+ fileRef = F5786175022EDE0501CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F5786177022EDE1701CA2E64 = {
+ isa = PBXFileReference;
+ path = SecKeychainSearch.h;
+ refType = 4;
+ };
+ F5786178022EDE1701CA2E64 = {
+ fileRef = F5786177022EDE1701CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F5786179022EDE2B01CA2E64 = {
+ isa = PBXFileReference;
+ path = SecCertificate.h;
+ refType = 4;
+ };
+ F578617A022EDE2B01CA2E64 = {
+ fileRef = F5786179022EDE2B01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F578617B022EDE3F01CA2E64 = {
+ isa = PBXFileReference;
+ path = SecIdentity.h;
+ refType = 4;
+ };
+ F578617C022EDE3F01CA2E64 = {
+ fileRef = F578617B022EDE3F01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F578617D022EDE5C01CA2E64 = {
+ isa = PBXFileReference;
+ path = SecPolicy.h;
+ refType = 4;
+ };
+ F578617E022EDE5C01CA2E64 = {
+ fileRef = F578617D022EDE5C01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F578617F022EDE6401CA2E64 = {
+ isa = PBXFileReference;
+ path = SecAccess.h;
+ refType = 4;
+ };
+ F5786180022EDE6401CA2E64 = {
+ fileRef = F578617F022EDE6401CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F5786181022EDE8901CA2E64 = {
+ children = (
+ F57861CB022F0F3801CA2E64,
+ F5786171022EDDE501CA2E64,
+ F578617F022EDE6401CA2E64,
+ 8F7ACD2A02357F2503CA2E8C,
+ F5786179022EDE2B01CA2E64,
+ F57861F7022F12FC01CA2E64,
+ F57861BF022EEF1B01CA2E64,
+ F578617B022EDE3F01CA2E64,
+ F57861C3022EEF3401CA2E64,
+ F57861C9022F0D0A01CA2E64,
+ F5786173022EDDFB01CA2E64,
+ F5786175022EDE0501CA2E64,
+ F5786177022EDE1701CA2E64,
+ F578617D022EDE5C01CA2E64,
+ F57861C1022EEF2601CA2E64,
+ F57861C7022EFAE501CA2E64,
+ F57861C5022EEF4701CA2E64,
+ );
+ isa = PBXGroup;
+ name = "Public API";
+ refType = 4;
+ };
+ F57861BF022EEF1B01CA2E64 = {
+ isa = PBXFileReference;
+ path = SecCertificateRequest.h;
+ refType = 4;
+ };
+ F57861C0022EEF1B01CA2E64 = {
+ fileRef = F57861BF022EEF1B01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F57861C1022EEF2601CA2E64 = {
+ isa = PBXFileReference;
+ path = SecPolicySearch.h;
+ refType = 4;
+ };
+ F57861C2022EEF2601CA2E64 = {
+ fileRef = F57861C1022EEF2601CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F57861C3022EEF3401CA2E64 = {
+ isa = PBXFileReference;
+ path = SecIdentitySearch.h;
+ refType = 4;
+ };
+ F57861C4022EEF3401CA2E64 = {
+ fileRef = F57861C3022EEF3401CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F57861C5022EEF4701CA2E64 = {
+ isa = PBXFileReference;
+ path = SecTrustedApplication.h;
+ refType = 4;
+ };
+ F57861C6022EEF4701CA2E64 = {
+ fileRef = F57861C5022EEF4701CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F57861C7022EFAE501CA2E64 = {
+ isa = PBXFileReference;
+ path = SecTrust.h;
+ refType = 4;
+ };
+ F57861C8022EFAE501CA2E64 = {
+ fileRef = F57861C7022EFAE501CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F57861C9022F0D0A01CA2E64 = {
+ isa = PBXFileReference;
+ path = SecKey.h;
+ refType = 4;
+ };
+ F57861CA022F0D0A01CA2E64 = {
+ fileRef = F57861C9022F0D0A01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F57861CB022F0F3801CA2E64 = {
+ isa = PBXFileReference;
+ path = Security.h;
+ refType = 4;
+ };
+ F57861CC022F0F3801CA2E64 = {
+ fileRef = F57861CB022F0F3801CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Public,
+ );
+ };
+ };
+ F57861F7022F12FC01CA2E64 = {
+ isa = PBXFileReference;
+ path = SecCertificateBundle.h;
+ refType = 4;
+ };
+ F57861F8022F12FC01CA2E64 = {
+ fileRef = F57861F7022F12FC01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F57861F9022F13DF01CA2E64 = {
+ children = (
+ F5786216022F1DA301CA2E64,
+ F57861FA022F1A9301CA2E64,
+ 8F7ACD2B02357F2503CA2E8C,
+ F57861FC022F1AA001CA2E64,
+ F5786200022F1B4001CA2E64,
+ F57861FE022F1AAB01CA2E64,
+ F5786202022F1B5001CA2E64,
+ F5786204022F1B5901CA2E64,
+ F5786206022F1B6501CA2E64,
+ F5786208022F1B6F01CA2E64,
+ F578620A022F1B7901CA2E64,
+ F578620C022F1B8701CA2E64,
+ F578620E022F1B9301CA2E64,
+ F5786210022F1B9C01CA2E64,
+ F5786212022F1BA801CA2E64,
+ F5786214022F1BB601CA2E64,
+ );
+ isa = PBXGroup;
+ name = "API Bridge";
+ path = "";
+ refType = 4;
+ };
+ F57861FA022F1A9301CA2E64 = {
+ isa = PBXFileReference;
+ path = SecAccess.cpp;
+ refType = 4;
+ };
+ F57861FB022F1A9301CA2E64 = {
+ fileRef = F57861FA022F1A9301CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F57861FC022F1AA001CA2E64 = {
+ isa = PBXFileReference;
+ path = SecCertificate.cpp;
+ refType = 4;
+ };
+ F57861FD022F1AA001CA2E64 = {
+ fileRef = F57861FC022F1AA001CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F57861FE022F1AAB01CA2E64 = {
+ isa = PBXFileReference;
+ path = SecCertificateRequest.cpp;
+ refType = 4;
+ };
+ F57861FF022F1AAB01CA2E64 = {
+ fileRef = F57861FE022F1AAB01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5786200022F1B4001CA2E64 = {
+ isa = PBXFileReference;
+ path = SecCertificateBundle.cpp;
+ refType = 4;
+ };
+ F5786201022F1B4001CA2E64 = {
+ fileRef = F5786200022F1B4001CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5786202022F1B5001CA2E64 = {
+ isa = PBXFileReference;
+ path = SecIdentity.cpp;
+ refType = 4;
+ };
+ F5786203022F1B5001CA2E64 = {
+ fileRef = F5786202022F1B5001CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5786204022F1B5901CA2E64 = {
+ isa = PBXFileReference;
+ path = SecIdentitySearch.cpp;
+ refType = 4;
+ };
+ F5786205022F1B5901CA2E64 = {
+ fileRef = F5786204022F1B5901CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5786206022F1B6501CA2E64 = {
+ isa = PBXFileReference;
+ path = SecKey.cpp;
+ refType = 4;
+ };
+ F5786207022F1B6501CA2E64 = {
+ fileRef = F5786206022F1B6501CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5786208022F1B6F01CA2E64 = {
+ isa = PBXFileReference;
+ path = SecKeychain.cpp;
+ refType = 4;
+ };
+ F5786209022F1B6F01CA2E64 = {
+ fileRef = F5786208022F1B6F01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F578620A022F1B7901CA2E64 = {
+ isa = PBXFileReference;
+ path = SecKeychainItem.cpp;
+ refType = 4;
+ };
+ F578620B022F1B7901CA2E64 = {
+ fileRef = F578620A022F1B7901CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F578620C022F1B8701CA2E64 = {
+ isa = PBXFileReference;
+ path = SecKeychainSearch.cpp;
+ refType = 4;
+ };
+ F578620D022F1B8701CA2E64 = {
+ fileRef = F578620C022F1B8701CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F578620E022F1B9301CA2E64 = {
+ isa = PBXFileReference;
+ path = SecPolicy.cpp;
+ refType = 4;
+ };
+ F578620F022F1B9301CA2E64 = {
+ fileRef = F578620E022F1B9301CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5786210022F1B9C01CA2E64 = {
+ isa = PBXFileReference;
+ path = SecPolicySearch.cpp;
+ refType = 4;
+ };
+ F5786211022F1B9C01CA2E64 = {
+ fileRef = F5786210022F1B9C01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5786212022F1BA801CA2E64 = {
+ isa = PBXFileReference;
+ path = SecTrust.cpp;
+ refType = 4;
+ };
+ F5786213022F1BA801CA2E64 = {
+ fileRef = F5786212022F1BA801CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5786214022F1BB601CA2E64 = {
+ isa = PBXFileReference;
+ path = SecTrustedApplication.cpp;
+ refType = 4;
+ };
+ F5786215022F1BB601CA2E64 = {
+ fileRef = F5786214022F1BB601CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5786216022F1DA301CA2E64 = {
+ isa = PBXFileReference;
+ path = SecBridge.h;
+ refType = 4;
+ };
+ F5786217022F1DA301CA2E64 = {
+ fileRef = F5786216022F1DA301CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F5786222022F2D9701CA2E64 = {
+ children = (
+ F54323BD022DC98301CA2E64,
+ F54323BE022DC98301CA2E64,
+ F54323BF022DC98301CA2E64,
+ F54323C0022DC98301CA2E64,
+ F578623C023024CC01CA2E64,
+ F578623B023024CC01CA2E64,
+ 8F7ACD310235805903CA2E8C,
+ 8F7ACD300235805903CA2E8C,
+ F5786230022F39A101CA2E64,
+ F5786231022F39A101CA2E64,
+ F55B3B470230375401CA2E64,
+ F55B3B460230375401CA2E64,
+ 5BA4A42D01F4E3F504CA2E82,
+ 5BA4A42E01F4E3F504CA2E82,
+ F5786225022F32E001CA2E64,
+ F5786224022F32E001CA2E64,
+ 0177F292FFFAA2D311CD283A,
+ 0177F293FFFAA2D311CD283A,
+ 0177F29CFFFAA2D311CD283A,
+ 0177F29DFFFAA2D311CD283A,
+ 0177F2B7FFFAA2D311CD283A,
+ 0177F2B8FFFAA2D311CD283A,
+ F55B3B4B02303B2A01CA2E64,
+ F55B3B4A02303B2A01CA2E64,
+ F5786237022F48C601CA2E64,
+ F5786238022F48C601CA2E64,
+ F578622D022F37EB01CA2E64,
+ F578622C022F37EB01CA2E64,
+ 0177F286FFFAA2D311CD283A,
+ 0177F287FFFAA2D311CD283A,
+ 0177F290FFFAA2D311CD283A,
+ 0177F291FFFAA2D311CD283A,
+ 0177F2D6FFFAA2D311CD283A,
+ 0177F2D7FFFAA2D311CD283A,
+ F55B3B4F0230448601CA2E64,
+ F55B3B4E0230448601CA2E64,
+ F55B3B7A02304A6001CA2E64,
+ F55B3B7902304A6001CA2E64,
+ );
+ isa = PBXGroup;
+ name = "API Classes";
+ refType = 4;
+ };
+ F5786223022F2DDB01CA2E64 = {
+ children = (
+ 0177F269FFFAA2D311CD283A,
+ 0177F26AFFFAA2D311CD283A,
+ 0177F27EFFFAA2D311CD283A,
+ 0177F27FFFFAA2D311CD283A,
+ 0177F28AFFFAA2D311CD283A,
+ 0177F28BFFFAA2D311CD283A,
+ 0177F29EFFFAA2D311CD283A,
+ 0177F29FFFFAA2D311CD283A,
+ 0177F2A0FFFAA2D311CD283A,
+ 0177F2A1FFFAA2D311CD283A,
+ 0177F2A2FFFAA2D311CD283A,
+ 0177F352FFFAC61911CD283A,
+ 0177F353FFFAC61911CD283A,
+ 0177F2C6FFFAA2D311CD283A,
+ 0177F2C7FFFAA2D311CD283A,
+ 0177F2C9FFFAA2D311CD283A,
+ F579CFD900E99FC401CD283A,
+ 0177F2CDFFFAA2D311CD283A,
+ 0177F2D2FFFAA2D311CD283A,
+ 0177F2D1FFFAA2D311CD283A,
+ 0177F2D3FFFAA2D311CD283A,
+ 3244148C023837A505CA2E77,
+ 3244148D023837A505CA2E77,
+ 3206D1FB029996FC05CA2E77,
+ 3206D1FC029996FC05CA2E77,
+ );
+ isa = PBXGroup;
+ name = Internal;
+ path = "";
+ refType = 4;
+ };
+ F5786224022F32E001CA2E64 = {
+ isa = PBXFileReference;
+ path = IdentityCursor.h;
+ refType = 4;
+ };
+ F5786225022F32E001CA2E64 = {
+ isa = PBXFileReference;
+ path = IdentityCursor.cpp;
+ refType = 4;
+ };
+ F5786226022F32E001CA2E64 = {
+ fileRef = F5786224022F32E001CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F5786227022F32E001CA2E64 = {
+ fileRef = F5786225022F32E001CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F578622C022F37EB01CA2E64 = {
+ isa = PBXFileReference;
+ path = PolicyCursor.h;
+ refType = 4;
+ };
+ F578622D022F37EB01CA2E64 = {
+ isa = PBXFileReference;
+ path = PolicyCursor.cpp;
+ refType = 4;
+ };
+ F578622E022F37EB01CA2E64 = {
+ fileRef = F578622C022F37EB01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F578622F022F37EB01CA2E64 = {
+ fileRef = F578622D022F37EB01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5786230022F39A101CA2E64 = {
+ isa = PBXFileReference;
+ path = Certificate.cpp;
+ refType = 4;
+ };
+ F5786231022F39A101CA2E64 = {
+ isa = PBXFileReference;
+ path = Certificate.h;
+ refType = 4;
+ };
+ F5786232022F39A101CA2E64 = {
+ fileRef = F5786230022F39A101CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5786233022F39A101CA2E64 = {
+ fileRef = F5786231022F39A101CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F5786237022F48C601CA2E64 = {
+ isa = PBXFileReference;
+ path = Policies.cpp;
+ refType = 4;
+ };
+ F5786238022F48C601CA2E64 = {
+ isa = PBXFileReference;
+ path = Policies.h;
+ refType = 4;
+ };
+ F5786239022F48C601CA2E64 = {
+ fileRef = F5786237022F48C601CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F578623A022F48C601CA2E64 = {
+ fileRef = F5786238022F48C601CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F578623B023024CC01CA2E64 = {
+ isa = PBXFileReference;
+ path = Access.h;
+ refType = 4;
+ };
+ F578623C023024CC01CA2E64 = {
+ isa = PBXFileReference;
+ path = Access.cpp;
+ refType = 4;
+ };
+ F578623D023024CC01CA2E64 = {
+ fileRef = F578623B023024CC01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F578623E023024CC01CA2E64 = {
+ fileRef = F578623C023024CC01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F579CFD900E99FC401CD283A = {
+ isa = PBXFileReference;
+ path = Schema.m4;
+ refType = 4;
+ };
+ F58785C800FB965F01CD29D4 = {
+ isa = PBXFileReference;
+ name = checkpw.c;
+ path = checkpw/checkpw.c;
+ refType = 2;
+ };
+ F58785C900FB965F01CD29D4 = {
+ isa = PBXFileReference;
+ name = checkpw.h;
+ path = checkpw/checkpw.h;
+ refType = 2;
+ };
+ F58785CA00FB966001CD29D4 = {
+ fileRef = F58785C900FB965F01CD29D4;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F58785CB00FB966001CD29D4 = {
+ fileRef = F58785C800FB965F01CD29D4;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5A5E50E00FB884E01CD29D4 = {
+ children = (
+ F58785C800FB965F01CD29D4,
+ F58785C900FB965F01CD29D4,
+ );
+ isa = PBXGroup;
+ name = checkpw;
+ refType = 4;
+ };
+ F5A7F715023D96EA01CA2E64 = {
+ isa = PBXFileReference;
+ path = authorization.plist;
+ refType = 4;
+ };
+ F5A7F716023D96EA01CA2E64 = {
+ isa = PBXFileReference;
+ path = AuthorizationData.cpp;
+ refType = 4;
+ };
+ F5A7F717023D96EA01CA2E64 = {
+ isa = PBXFileReference;
+ path = AuthorizationData.h;
+ refType = 4;
+ };
+ F5A7F718023D96EA01CA2E64 = {
+ isa = PBXFileReference;
+ path = AuthorizationPlugin.h;
+ refType = 4;
+ };
+ F5A7F71D023D972201CA2E64 = {
+ fileRef = F5A7F718023D96EA01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ ATTRIBUTES = (
+ Private,
+ );
+ };
+ };
+ F5A7F71F023D974E01CA2E64 = {
+ fileRef = F5A7F716023D96EA01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5A7F720023D974F01CA2E64 = {
+ fileRef = F5A7F717023D96EA01CA2E64;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
+ F5DDE3AE00B3358F01CD283A = {
+ buildActionMask = 12;
files = (
);
generatedFileNames = (
);
isa = PBXShellScriptBuildPhase;
- name = "Shell Script";
neededFileNames = (
);
shellPath = /bin/sh;
# Created and modified by checkpoint; do not edit
# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:59 mb Exp $
-# $Name: Security-30~1 $
+# $Name: $
ProjectName: SecurityASN1
ProjectVersion: 6
ASN1_SRC= sm_vdatypes.asn sm_x501ud.asn sm_x411ub.asn sm_x411mtsas.asn \
sm_x501if.asn sm_x520sa.asn sm_x509cmn.asn sm_x509af.asn \
sm_x509ce.asn pkcs1oids.asn pkcs9oids.asn sm_cms.asn sm_ess.asn \
- pkcs7.asn pkcs8.asn appleoids.asn
+ pkcs7.asn pkcs8.asn appleoids.asn pkcs10.asn
SNACC_SRC= $(SRCROOT)/..
GEN_SRC= $(ASN1_SRC:%.asn=%.cpp)
GEN_HDR= $(ASN1_SRC:%.asn=%.h)
-ASN_SRC_DIR= $(SRCROOT)/asn
-GEN_SRC_DIR= $(SRCROOT)/c++
-GEN_HDR_DIR= $(SRCROOT)/inc
+PKCS_HOME=$(shell echo `pwd`)
+
+ASN_SRC_DIR= $(PKCS_HOME)/asn
+GEN_SRC_DIR= $(PKCS_HOME)/c++
+GEN_HDR_DIR= $(PKCS_HOME)/inc
VPATH= $(ASN_SRC_DIR)
# local build directory,
#
#LOCAL_BUILD= /Data_and_Apps/dmitchBuild
-LOCAL_BUILD= $(SYMROOT)
+LOCAL_BUILD= $(BUILT_PRODUCTS_DIR)
CFLAGS= -g $(HDR_INCPATH) -DVDADER_RULES
LDFLAGS= -lstdc++ -lsnacc++ -L$(LOCAL_BUILD)
first: $(GEN_SRC) move_genfiles
-$(GEN_SRC): $(ASN1_SRC)
+$(GEN_SRC):
(cd $(ASN_SRC_DIR); $(SNACC) $(SNACC_FLAGS) $(ASN1_SRC))
move_genfiles: clean_genfiles
archiveVersion = 1;
classes = {
};
- objectVersion = 33;
+ objectVersion = 36;
objects = {
01C17CFFFF16DC3011CD283A = {
children = (
022D30C7FEF8308ED0A17CE7,
01C17CFFFF16DC3011CD283A,
022D30AFFEF8301ED0A17CE7,
- 141E8021FFE9D5767F000001,
+ 9D8FD570024790F700003D05,
);
isa = PBXGroup;
refType = 4;
};
022D30AEFEF82D08D0A17CE7 = {
- buildArgumentsString = "-f $(SRCROOT)/Makefile $ACTION SRCROOT=$(SRCROOT) SYMROOT=$(SYMROOT)";
+ buildArgumentsString = "-f $(SRCROOT)/Makefile $ACTION SRCROOT=$(SRCROOT) BUILT_PRODUCTS_DIR=$(BUILT_PRODUCTS_DIR)";
buildPhases = (
);
buildSettings = {
FRAMEWORK_SEARCH_PATHS = "";
HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\"";
LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
OTHER_CFLAGS = "";
OTHER_LDFLAGS = "";
OTHER_REZFLAGS = "";
DYLIB_CURRENT_VERSION = 1;
FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\"";
FRAMEWORK_VERSION = A;
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)/inc\" \"$(SYMROOT)/SecuritySNACCRuntime.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/SecuritySNACCRuntime.framework/Headers\"";
+ HEADER_SEARCH_PATHS = "\"$(SRCROOT)/inc\" \"$(BUILT_PRODUCTS_DIR)/SecuritySNACCRuntime.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/SecuritySNACCRuntime.framework/Headers\"";
INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
OTHER_CFLAGS = "-DVDADER_RULES";
OTHER_LDFLAGS = "\"-lstdc++\"";
OTHER_LIBTOOL_FLAGS = "";
022D30E5FEF8308ED0A17CE7,
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
022D30B3FEF8301ED0A17CE7 = {
buildActionMask = 2147483647;
files = (
);
isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
};
022D30B4FEF8301ED0A17CE7 = {
buildActionMask = 2147483647;
022D30F4FEF8308ED0A17CE7,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
022D30B5FEF8301ED0A17CE7 = {
buildActionMask = 2147483647;
files = (
01C17D01FF16DC3011CD283A,
- 141E8022FFE9D5767F000001,
+ 9D8FD66D024790F800003D05,
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
022D30B6FEF8301ED0A17CE7 = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
022D30B7FEF8308ED0A17CE7 = {
children = (
FRAMEWORK_SEARCH_PATHS = "";
HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\"";
LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
OTHER_CFLAGS = "";
OTHER_LDFLAGS = "";
OTHER_REZFLAGS = "";
//052
//053
//054
-//140
-//141
-//142
-//143
-//144
- 141E8021FFE9D5767F000001 = {
- isa = PBXFrameworkReference;
- name = cdsa_utilities.framework;
- path = /System/Library/PrivateFrameworks/cdsa_utilities.framework;
- refType = 0;
- };
- 141E8022FFE9D5767F000001 = {
- fileRef = 141E8021FFE9D5767F000001;
- isa = PBXBuildFile;
- settings = {
- };
- };
-//140
-//141
-//142
-//143
-//144
//2B0
//2B1
//2B2
);
buildSettings = {
COPY_PHASE_STRIP = NO;
- OPTIMIZATION_CFLAGS = "";
+ OPTIMIZATION_CFLAGS = "-O0";
};
isa = PBXBuildStyle;
name = Development;
isa = PBXBuildStyle;
name = Deployment;
};
+//2B0
+//2B1
+//2B2
+//2B3
+//2B4
+//9D0
+//9D1
+//9D2
+//9D3
+//9D4
+ 9D8FD570024790F700003D05 = {
+ isa = PBXFrameworkReference;
+ name = Security.framework;
+ path = /System/Library/Frameworks/Security.framework;
+ refType = 0;
+ };
+ 9D8FD66D024790F800003D05 = {
+ fileRef = 9D8FD570024790F700003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
};
rootObject = 022D30ACFEF82B87D0A17CE7;
}
IMPORTS
BigIntegerStr
FROM VdaEnhancedTypes
+ pkcs
+ FROM PKCS1-OIDS
;
-- base OIDs for Apple, Apple Data Security
appleFeedExp OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 6 }
appleECDSA OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 7 }
+-- PKCS3 OIDs
+pkcs-3 OBJECT IDENTIFIER ::= { pkcs 3 }
+dhKeyAgreement OBJECT IDENTIFIER ::= { pkcs-3 1 }
+
-- FEE ElGamal-style signature
FEEElGamalSignature ::= SEQUENCE {
u BigIntegerStr,
g BigIntegerStr
}
+-- Diffie Hellman per PKCS3
+
+DHPrivateKey ::= SEQUENCE
+{
+ dHOid OBJECT IDENTIFIER, -- dhKeyAgreement
+ params DHParameter,
+ secretPart BigIntegerStr
+}
+
+DHParameterBlock ::= SEQUENCE
+{
+ oid OBJECT IDENTIFIER, -- pkcs-3
+ params DHParameter
+}
+
+DHParameter ::= SEQUENCE
+{
+ prime BigIntegerStr, -- p
+ base BigIntegerStr, -- g
+ privateValueLength BigIntegerStr OPTIONAL
+}
+
END -- APPLE-OIDS
--- /dev/null
+-- PKCS10 ASN module
+
+PKCS5
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+-- EXPORTS All --
+
+IMPORTS
+ -- Directory Information Framework (X.501)
+ Name, Attribute, Attributes
+ FROM InformationFramework
+
+ -- Directory Authentication Framework (X.509)
+ AlgorithmIdentifier, SubjectPublicKeyInfo
+ FROM AuthenticationFramework
+
+ -- CryptographicMessageSyntax (draft-ietf-smime-cms-13)
+ Signature, SignatureAlgorithmIdentifier
+ FROM CryptographicMessageSyntax
+;
+
+CertificationRequestInfo ::= SEQUENCE {
+ version VersionP10,
+ subject Name,
+ subjectPublicKeyInfo SubjectPublicKeyInfo,
+ attributes [0] IMPLICIT Attributes
+}
+
+VersionP10 ::= INTEGER
+-- redefined, same as InformationFramework (sm_x501if.asn)
+-- Attributes ::= SET OF Attribute
+
+-- Per PKCS10 spec
+CertificationRequest ::= SEQUENCE {
+ certificationRequestInfo CertificationRequestInfo,
+ signatureAlgorithm SignatureAlgorithmIdentifier,
+ signature Signature
+}
+
+-- This is what we actually use to avoid unnecessary
+-- setup and teardown of CertificationRequestInfo when
+-- signing and verifying
+CertificationRequestSigned ::= SEQUENCE {
+ certificationRequestInfo ANY,
+ signatureAlgorithm SignatureAlgorithmIdentifier,
+ signature Signature
+}
+
+-- duplicated from CryptographicMessageSyntax
+-- SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
+-- Signature ::= BIT STRING
+
+END -- PKCS10
//
// appleoids.cpp - class member functions for ASN.1 module APPLE-OIDS
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -101);
+ SnaccExcep::throwMe(-101);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -102);
+ SnaccExcep::throwMe(-102);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -103);
+ SnaccExcep::throwMe(-103);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -104);
+ SnaccExcep::throwMe(-104);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "DSABsafeParams::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -105);
+ SnaccExcep::throwMe(-105);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int DSABsafeParams::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int DSABsafeParams::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void DSABsafeParams::Print (ostream &os) const
{
#ifndef NDEBUG
} // DSABsafeParams::Print
+DHParameter::DHParameter()
+{
+ privateValueLength = NULL;
+}
+
+DHParameter::DHParameter (const DHParameter &)
+{
+ Asn1Error << "use of incompletely defined DHParameter::DHParameter (const DHParameter &)" << endl;
+ abort();
+}
+
+DHParameter::~DHParameter()
+{
+ delete privateValueLength;
+}
+
+AsnType *DHParameter::Clone() const
+{
+ return new DHParameter;
+}
+
+AsnType *DHParameter::Copy() const
+{
+ return new DHParameter (*this);
+}
+
+#if SNACC_DEEP_COPY
+DHParameter &DHParameter::operator = (const DHParameter &that)
+#else // SNACC_DEEP_COPY
+DHParameter &DHParameter::operator = (const DHParameter &)
+#endif // SNACC_DEEP_COPY
+{
+#if SNACC_DEEP_COPY
+ if (this != &that)
+ {
+ prime = that.prime;
+ base = that.base;
+ if (that.privateValueLength)
+ {
+ if (!privateValueLength)
+ privateValueLength = new BigIntegerStr;
+ *privateValueLength = *that.privateValueLength;
+ }
+ else
+ {
+ delete privateValueLength;
+ privateValueLength = NULL;
+ }
+ }
+
+ return *this;
+#else // SNACC_DEEP_COPY
+ Asn1Error << "use of incompletely defined DHParameter &DHParameter::operator = (const DHParameter &)" << endl;
+ abort();
+ // if your compiler complains here, check the -novolat option
+#endif // SNACC_DEEP_COPY
+}
+
+AsnLen
+DHParameter::BEncContent (BUF_TYPE b)
+{
+ AsnLen totalLen = 0;
+ AsnLen l;
+
+ if (NOT_NULL (privateValueLength))
+ {
+ l = privateValueLength->BEncContent (b);
+ l += BEncDefLen (b, l);
+
+ l += BEncTag1 (b, UNIV, PRIM, INTEGER_TAG_CODE);
+ totalLen += l;
+ }
+
+ l = base.BEncContent (b);
+ l += BEncDefLen (b, l);
+
+ l += BEncTag1 (b, UNIV, PRIM, INTEGER_TAG_CODE);
+ totalLen += l;
+
+ l = prime.BEncContent (b);
+ l += BEncDefLen (b, l);
+
+ l += BEncTag1 (b, UNIV, PRIM, INTEGER_TAG_CODE);
+ totalLen += l;
+
+ return totalLen;
+} // DHParameter::BEncContent
+
+
+void DHParameter::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE env)
+{
+ AsnTag tag1;
+ AsnLen seqBytesDecoded = 0;
+ AsnLen elmtLen1;
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
+ || (tag1 == MAKE_TAG_ID (UNIV, CONS, INTEGER_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ prime.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-106);
+ }
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
+ || (tag1 == MAKE_TAG_ID (UNIV, CONS, INTEGER_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ base.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ if (seqBytesDecoded == elmtLen0)
+ {
+ bytesDecoded += seqBytesDecoded;
+ return;
+ }
+ else
+ {
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+
+ if ((elmtLen0 == INDEFINITE_LEN) && (tag1 == EOC_TAG_ID))
+ {
+ BDEC_2ND_EOC_OCTET (b, seqBytesDecoded, env)
+ bytesDecoded += seqBytesDecoded;
+ return;
+ }
+ }
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-107);
+ }
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
+ || (tag1 == MAKE_TAG_ID (UNIV, CONS, INTEGER_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ privateValueLength = new BigIntegerStr;
+ privateValueLength->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ }
+
+ bytesDecoded += seqBytesDecoded;
+ if (elmtLen0 == INDEFINITE_LEN)
+ {
+ BDecEoc (b, bytesDecoded, env);
+ return;
+ }
+ else if (seqBytesDecoded != elmtLen0)
+ {
+ Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
+ SnaccExcep::throwMe(-108);
+ }
+ else
+ return;
+} // DHParameter::BDecContent
+
+AsnLen DHParameter::BEnc (BUF_TYPE b)
+{
+ AsnLen l;
+ l = BEncContent (b);
+ l += BEncConsLen (b, l);
+ l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE);
+ return l;
+}
+
+void DHParameter::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env)
+{
+ AsnTag tag;
+ AsnLen elmtLen1;
+
+ if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+ {
+ Asn1Error << "DHParameter::BDec: ERROR - wrong tag" << endl;
+ SnaccExcep::throwMe(-109);
+ }
+ elmtLen1 = BDecLen (b, bytesDecoded, env);
+ BDecContent (b, tag, elmtLen1, bytesDecoded, env);
+}
+
+void DHParameter::Print (ostream &os) const
+{
+#ifndef NDEBUG
+ os << "{ -- SEQUENCE --" << endl;
+ indentG += stdIndentG;
+
+ {
+ Indent (os, indentG);
+ os << "prime ";
+ os << prime;
+ os << "," << endl;
+ }
+
+ {
+ Indent (os, indentG);
+ os << "base ";
+ os << base;
+ os << "," << endl;
+ }
+
+ if (NOT_NULL (privateValueLength))
+ {
+ os << ","<< endl;
+ Indent (os, indentG);
+ os << "privateValueLength ";
+ os << *privateValueLength;
+ }
+ else
+ {
+ Indent (os, indentG);
+ os << "privateValueLength ";
+ os << "-- void --";
+ os << endl;
+ }
+
+ os << endl;
+ indentG -= stdIndentG;
+ Indent (os, indentG);
+ os << "}";
+#endif /* NDEBUG */
+} // DHParameter::Print
+
+
FEECurveParameters::FEECurveParameters()
{
basePrime = NULL;
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -106);
+ SnaccExcep::throwMe(-110);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -107);
+ SnaccExcep::throwMe(-111);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -108);
+ SnaccExcep::throwMe(-112);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -109);
+ SnaccExcep::throwMe(-113);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -110);
+ SnaccExcep::throwMe(-114);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -111);
+ SnaccExcep::throwMe(-115);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -112);
+ SnaccExcep::throwMe(-116);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -113);
+ SnaccExcep::throwMe(-117);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -114);
+ SnaccExcep::throwMe(-118);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -115);
+ SnaccExcep::throwMe(-119);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -116);
+ SnaccExcep::throwMe(-120);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -117);
+ SnaccExcep::throwMe(-121);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -118);
+ SnaccExcep::throwMe(-122);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -119);
+ SnaccExcep::throwMe(-123);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -120);
+ SnaccExcep::throwMe(-124);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "FEECurveParameters::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -121);
+ SnaccExcep::throwMe(-125);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int FEECurveParameters::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int FEECurveParameters::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void FEECurveParameters::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -122);
+ SnaccExcep::throwMe(-126);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -123);
+ SnaccExcep::throwMe(-127);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -124);
+ SnaccExcep::throwMe(-128);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "DSAAlgorithmId::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -125);
+ SnaccExcep::throwMe(-129);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int DSAAlgorithmId::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int DSAAlgorithmId::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void DSAAlgorithmId::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -126);
+ SnaccExcep::throwMe(-130);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -127);
+ SnaccExcep::throwMe(-131);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -128);
+ SnaccExcep::throwMe(-132);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "FEEElGamalSignature::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -129);
+ SnaccExcep::throwMe(-133);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int FEEElGamalSignature::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int FEEElGamalSignature::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void FEEElGamalSignature::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -130);
+ SnaccExcep::throwMe(-134);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -131);
+ SnaccExcep::throwMe(-135);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -132);
+ SnaccExcep::throwMe(-136);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "FEEECDSASignature::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -133);
+ SnaccExcep::throwMe(-137);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int FEEECDSASignature::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int FEEECDSASignature::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void FEEECDSASignature::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -134);
+ SnaccExcep::throwMe(-138);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -135);
+ SnaccExcep::throwMe(-139);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -136);
+ SnaccExcep::throwMe(-140);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -137);
+ SnaccExcep::throwMe(-141);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -138);
+ SnaccExcep::throwMe(-142);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "FEEPublicKey::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -139);
+ SnaccExcep::throwMe(-143);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int FEEPublicKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int FEEPublicKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void FEEPublicKey::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -140);
+ SnaccExcep::throwMe(-144);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -141);
+ SnaccExcep::throwMe(-145);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -142);
+ SnaccExcep::throwMe(-146);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -143);
+ SnaccExcep::throwMe(-147);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "FEEPrivateKey::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -144);
+ SnaccExcep::throwMe(-148);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int FEEPrivateKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int FEEPrivateKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void FEEPrivateKey::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -145);
+ SnaccExcep::throwMe(-149);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -146);
+ SnaccExcep::throwMe(-150);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -147);
+ SnaccExcep::throwMe(-151);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -148);
+ SnaccExcep::throwMe(-152);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "DSAPrivateKey::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -149);
+ SnaccExcep::throwMe(-153);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int DSAPrivateKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int DSAPrivateKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void DSAPrivateKey::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -150);
+ SnaccExcep::throwMe(-154);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -151);
+ SnaccExcep::throwMe(-155);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -152);
+ SnaccExcep::throwMe(-156);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "DSAPublicKey::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -153);
+ SnaccExcep::throwMe(-157);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int DSAPublicKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int DSAPublicKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void DSAPublicKey::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -154);
+ SnaccExcep::throwMe(-158);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -155);
+ SnaccExcep::throwMe(-159);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "DSAPrivateKeyOcts::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -156);
+ SnaccExcep::throwMe(-160);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int DSAPrivateKeyOcts::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int DSAPrivateKeyOcts::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void DSAPrivateKeyOcts::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -157);
+ SnaccExcep::throwMe(-161);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -158);
+ SnaccExcep::throwMe(-162);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -159);
+ SnaccExcep::throwMe(-163);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "DSASignature::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -160);
+ SnaccExcep::throwMe(-164);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int DSASignature::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int DSASignature::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void DSASignature::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -161);
+ SnaccExcep::throwMe(-165);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -162);
+ SnaccExcep::throwMe(-166);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -163);
+ SnaccExcep::throwMe(-167);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -164);
+ SnaccExcep::throwMe(-168);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "DSAAlgParams::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -165);
+ SnaccExcep::throwMe(-169);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int DSAAlgParams::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
+void DSAAlgParams::Print (ostream &os) const
+{
+#ifndef NDEBUG
+ os << "{ -- SEQUENCE --" << endl;
+ indentG += stdIndentG;
+
+ {
+ Indent (os, indentG);
+ os << "p ";
+ os << p;
+ os << "," << endl;
+ }
+
+ {
+ Indent (os, indentG);
+ os << "q ";
+ os << q;
+ os << "," << endl;
+ }
+
+ {
+ Indent (os, indentG);
+ os << "g ";
+ os << g;
+ }
+
+ os << endl;
+ indentG -= stdIndentG;
+ Indent (os, indentG);
+ os << "}";
+#endif /* NDEBUG */
+} // DSAAlgParams::Print
+
+
+DHPrivateKey::DHPrivateKey()
+{
+#if TCL
+ params = new DHParameter;
+#else
+ params = NULL; // incomplete initialization of mandatory element!
+#endif // TCL
+}
+
+DHPrivateKey::DHPrivateKey (const DHPrivateKey &)
+{
+ Asn1Error << "use of incompletely defined DHPrivateKey::DHPrivateKey (const DHPrivateKey &)" << endl;
+ abort();
+}
+
+DHPrivateKey::~DHPrivateKey()
{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
+ delete params;
+}
+
+AsnType *DHPrivateKey::Clone() const
+{
+ return new DHPrivateKey;
}
-int DSAAlgParams::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
+AsnType *DHPrivateKey::Copy() const
{
- ENV_TYPE env;
- int val;
+ return new DHPrivateKey (*this);
+}
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
+#if SNACC_DEEP_COPY
+DHPrivateKey &DHPrivateKey::operator = (const DHPrivateKey &that)
+#else // SNACC_DEEP_COPY
+DHPrivateKey &DHPrivateKey::operator = (const DHPrivateKey &)
+#endif // SNACC_DEEP_COPY
+{
+#if SNACC_DEEP_COPY
+ if (this != &that)
+ {
+ dHOid = that.dHOid;
+ if (that.params)
{
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
+ if (!params)
+ params = new DHParameter;
+ *params = *that.params;
}
else
- return false;
+ {
+ delete params;
+ params = NULL;
+ }
+ secretPart = that.secretPart;
+ }
+
+ return *this;
+#else // SNACC_DEEP_COPY
+ Asn1Error << "use of incompletely defined DHPrivateKey &DHPrivateKey::operator = (const DHPrivateKey &)" << endl;
+ abort();
+ // if your compiler complains here, check the -novolat option
+#endif // SNACC_DEEP_COPY
}
-void DSAAlgParams::Print (ostream &os) const
+AsnLen
+DHPrivateKey::BEncContent (BUF_TYPE b)
+{
+ AsnLen totalLen = 0;
+ AsnLen l;
+
+ l = secretPart.BEncContent (b);
+ l += BEncDefLen (b, l);
+
+ l += BEncTag1 (b, UNIV, PRIM, INTEGER_TAG_CODE);
+ totalLen += l;
+
+ BEncEocIfNec (b);
+ l = params->BEncContent (b);
+ l += BEncConsLen (b, l);
+
+ l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE);
+ totalLen += l;
+
+ l = dHOid.BEncContent (b);
+ l += BEncDefLen (b, l);
+
+ l += BEncTag1 (b, UNIV, PRIM, OID_TAG_CODE);
+ totalLen += l;
+
+ return totalLen;
+} // DHPrivateKey::BEncContent
+
+
+void DHPrivateKey::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE env)
+{
+ AsnTag tag1;
+ AsnLen seqBytesDecoded = 0;
+ AsnLen elmtLen1;
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ dHOid.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-170);
+ }
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ params = new DHParameter;
+ params->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-171);
+ }
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
+ || (tag1 == MAKE_TAG_ID (UNIV, CONS, INTEGER_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ secretPart.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-172);
+ }
+
+ bytesDecoded += seqBytesDecoded;
+ if (elmtLen0 == INDEFINITE_LEN)
+ {
+ BDecEoc (b, bytesDecoded, env);
+ return;
+ }
+ else if (seqBytesDecoded != elmtLen0)
+ {
+ Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
+ SnaccExcep::throwMe(-173);
+ }
+ else
+ return;
+} // DHPrivateKey::BDecContent
+
+AsnLen DHPrivateKey::BEnc (BUF_TYPE b)
+{
+ AsnLen l;
+ l = BEncContent (b);
+ l += BEncConsLen (b, l);
+ l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE);
+ return l;
+}
+
+void DHPrivateKey::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env)
+{
+ AsnTag tag;
+ AsnLen elmtLen1;
+
+ if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+ {
+ Asn1Error << "DHPrivateKey::BDec: ERROR - wrong tag" << endl;
+ SnaccExcep::throwMe(-174);
+ }
+ elmtLen1 = BDecLen (b, bytesDecoded, env);
+ BDecContent (b, tag, elmtLen1, bytesDecoded, env);
+}
+
+void DHPrivateKey::Print (ostream &os) const
{
#ifndef NDEBUG
os << "{ -- SEQUENCE --" << endl;
{
Indent (os, indentG);
- os << "p ";
- os << p;
+ os << "dHOid ";
+ os << dHOid;
os << "," << endl;
}
+ if (NOT_NULL (params))
{
Indent (os, indentG);
- os << "q ";
- os << q;
+ os << "params ";
+ os << *params;
+ }
+ else
+ {
+ Indent (os, indentG);
+ os << "params ";
+ os << "-- void --";
os << "," << endl;
}
{
Indent (os, indentG);
- os << "g ";
- os << g;
+ os << "secretPart ";
+ os << secretPart;
}
os << endl;
Indent (os, indentG);
os << "}";
#endif /* NDEBUG */
-} // DSAAlgParams::Print
+} // DHPrivateKey::Print
+
+
+DHParameterBlock::DHParameterBlock()
+{
+#if TCL
+ params = new DHParameter;
+#else
+ params = NULL; // incomplete initialization of mandatory element!
+#endif // TCL
+}
+
+DHParameterBlock::DHParameterBlock (const DHParameterBlock &)
+{
+ Asn1Error << "use of incompletely defined DHParameterBlock::DHParameterBlock (const DHParameterBlock &)" << endl;
+ abort();
+}
+
+DHParameterBlock::~DHParameterBlock()
+{
+ delete params;
+}
+
+AsnType *DHParameterBlock::Clone() const
+{
+ return new DHParameterBlock;
+}
+
+AsnType *DHParameterBlock::Copy() const
+{
+ return new DHParameterBlock (*this);
+}
+
+#if SNACC_DEEP_COPY
+DHParameterBlock &DHParameterBlock::operator = (const DHParameterBlock &that)
+#else // SNACC_DEEP_COPY
+DHParameterBlock &DHParameterBlock::operator = (const DHParameterBlock &)
+#endif // SNACC_DEEP_COPY
+{
+#if SNACC_DEEP_COPY
+ if (this != &that)
+ {
+ oid = that.oid;
+ if (that.params)
+ {
+ if (!params)
+ params = new DHParameter;
+ *params = *that.params;
+ }
+ else
+ {
+ delete params;
+ params = NULL;
+ }
+ }
+
+ return *this;
+#else // SNACC_DEEP_COPY
+ Asn1Error << "use of incompletely defined DHParameterBlock &DHParameterBlock::operator = (const DHParameterBlock &)" << endl;
+ abort();
+ // if your compiler complains here, check the -novolat option
+#endif // SNACC_DEEP_COPY
+}
+
+AsnLen
+DHParameterBlock::BEncContent (BUF_TYPE b)
+{
+ AsnLen totalLen = 0;
+ AsnLen l;
+
+ BEncEocIfNec (b);
+ l = params->BEncContent (b);
+ l += BEncConsLen (b, l);
+
+ l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE);
+ totalLen += l;
+
+ l = oid.BEncContent (b);
+ l += BEncDefLen (b, l);
+
+ l += BEncTag1 (b, UNIV, PRIM, OID_TAG_CODE);
+ totalLen += l;
+
+ return totalLen;
+} // DHParameterBlock::BEncContent
+
+
+void DHParameterBlock::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE env)
+{
+ AsnTag tag1;
+ AsnLen seqBytesDecoded = 0;
+ AsnLen elmtLen1;
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ oid.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-175);
+ }
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ params = new DHParameter;
+ params->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-176);
+ }
+
+ bytesDecoded += seqBytesDecoded;
+ if (elmtLen0 == INDEFINITE_LEN)
+ {
+ BDecEoc (b, bytesDecoded, env);
+ return;
+ }
+ else if (seqBytesDecoded != elmtLen0)
+ {
+ Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
+ SnaccExcep::throwMe(-177);
+ }
+ else
+ return;
+} // DHParameterBlock::BDecContent
+
+AsnLen DHParameterBlock::BEnc (BUF_TYPE b)
+{
+ AsnLen l;
+ l = BEncContent (b);
+ l += BEncConsLen (b, l);
+ l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE);
+ return l;
+}
+
+void DHParameterBlock::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env)
+{
+ AsnTag tag;
+ AsnLen elmtLen1;
+
+ if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+ {
+ Asn1Error << "DHParameterBlock::BDec: ERROR - wrong tag" << endl;
+ SnaccExcep::throwMe(-178);
+ }
+ elmtLen1 = BDecLen (b, bytesDecoded, env);
+ BDecContent (b, tag, elmtLen1, bytesDecoded, env);
+}
+
+void DHParameterBlock::Print (ostream &os) const
+{
+#ifndef NDEBUG
+ os << "{ -- SEQUENCE --" << endl;
+ indentG += stdIndentG;
+
+ {
+ Indent (os, indentG);
+ os << "oid ";
+ os << oid;
+ os << "," << endl;
+ }
+
+ if (NOT_NULL (params))
+ {
+ Indent (os, indentG);
+ os << "params ";
+ os << *params;
+ }
+ else
+ {
+ Indent (os, indentG);
+ os << "params ";
+ os << "-- void --";
+ os << endl;
+ }
+
+ os << endl;
+ indentG -= stdIndentG;
+ Indent (os, indentG);
+ os << "}";
+#endif /* NDEBUG */
+} // DHParameterBlock::Print
--- /dev/null
+// NOTE: this is a machine generated file--editing not recommended
+//
+// pkcs10.cpp - class member functions for ASN.1 module PKCS5
+//
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
+// UBC snacc written by Mike Sample
+// A couple of enhancements made by IBM European Networking Center
+
+
+#include "asn-incl.h"
+#include "sm_vdatypes.h"
+#include "sm_x501ud.h"
+#include "sm_x411ub.h"
+#include "sm_x411mtsas.h"
+#include "sm_x501if.h"
+#include "sm_x520sa.h"
+#include "sm_x509cmn.h"
+#include "sm_x509af.h"
+#include "sm_x509ce.h"
+#include "pkcs1oids.h"
+#include "pkcs9oids.h"
+#include "sm_cms.h"
+#include "sm_ess.h"
+#include "pkcs7.h"
+#include "pkcs8.h"
+#include "appleoids.h"
+#include "pkcs10.h"
+
+//------------------------------------------------------------------------------
+// value defs
+
+
+//------------------------------------------------------------------------------
+// class member definitions:
+
+CertificationRequestInfo::CertificationRequestInfo()
+{
+#if TCL
+ subject = new Name;
+#else
+ subject = NULL; // incomplete initialization of mandatory element!
+#endif // TCL
+#if TCL
+ subjectPublicKeyInfo = new SubjectPublicKeyInfo;
+#else
+ subjectPublicKeyInfo = NULL; // incomplete initialization of mandatory element!
+#endif // TCL
+}
+
+CertificationRequestInfo::CertificationRequestInfo (const CertificationRequestInfo &)
+{
+ Asn1Error << "use of incompletely defined CertificationRequestInfo::CertificationRequestInfo (const CertificationRequestInfo &)" << endl;
+ abort();
+}
+
+CertificationRequestInfo::~CertificationRequestInfo()
+{
+ delete subject;
+ delete subjectPublicKeyInfo;
+}
+
+AsnType *CertificationRequestInfo::Clone() const
+{
+ return new CertificationRequestInfo;
+}
+
+AsnType *CertificationRequestInfo::Copy() const
+{
+ return new CertificationRequestInfo (*this);
+}
+
+#if SNACC_DEEP_COPY
+CertificationRequestInfo &CertificationRequestInfo::operator = (const CertificationRequestInfo &that)
+#else // SNACC_DEEP_COPY
+CertificationRequestInfo &CertificationRequestInfo::operator = (const CertificationRequestInfo &)
+#endif // SNACC_DEEP_COPY
+{
+#if SNACC_DEEP_COPY
+ if (this != &that)
+ {
+ version = that.version;
+ if (that.subject)
+ {
+ if (!subject)
+ subject = new Name;
+ *subject = *that.subject;
+ }
+ else
+ {
+ delete subject;
+ subject = NULL;
+ }
+ if (that.subjectPublicKeyInfo)
+ {
+ if (!subjectPublicKeyInfo)
+ subjectPublicKeyInfo = new SubjectPublicKeyInfo;
+ *subjectPublicKeyInfo = *that.subjectPublicKeyInfo;
+ }
+ else
+ {
+ delete subjectPublicKeyInfo;
+ subjectPublicKeyInfo = NULL;
+ }
+ attributes = that.attributes;
+ }
+
+ return *this;
+#else // SNACC_DEEP_COPY
+ Asn1Error << "use of incompletely defined CertificationRequestInfo &CertificationRequestInfo::operator = (const CertificationRequestInfo &)" << endl;
+ abort();
+ // if your compiler complains here, check the -novolat option
+#endif // SNACC_DEEP_COPY
+}
+
+AsnLen
+CertificationRequestInfo::BEncContent (BUF_TYPE b)
+{
+ AsnLen totalLen = 0;
+ AsnLen l;
+
+ BEncEocIfNec (b);
+ l = attributes.BEncContent (b);
+ l += BEncConsLen (b, l);
+
+ l += BEncTag1 (b, CNTX, CONS, 0);
+ totalLen += l;
+
+ BEncEocIfNec (b);
+ l = subjectPublicKeyInfo->BEncContent (b);
+ l += BEncConsLen (b, l);
+
+ l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE);
+ totalLen += l;
+
+ l = subject->BEncContent (b);
+ totalLen += l;
+
+ l = version.BEncContent (b);
+ BEncDefLenTo127 (b, l);
+ l++;
+
+ l += BEncTag1 (b, UNIV, PRIM, INTEGER_TAG_CODE);
+ totalLen += l;
+
+ return totalLen;
+} // CertificationRequestInfo::BEncContent
+
+
+void CertificationRequestInfo::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE env)
+{
+ AsnTag tag1;
+ AsnLen seqBytesDecoded = 0;
+ AsnLen elmtLen1;
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ version.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-100);
+ }
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ subject = new Name;
+ subject->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-101);
+ }
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ subjectPublicKeyInfo = new SubjectPublicKeyInfo;
+ subjectPublicKeyInfo->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-102);
+ }
+
+ if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ attributes.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-103);
+ }
+
+ bytesDecoded += seqBytesDecoded;
+ if (elmtLen0 == INDEFINITE_LEN)
+ {
+ BDecEoc (b, bytesDecoded, env);
+ return;
+ }
+ else if (seqBytesDecoded != elmtLen0)
+ {
+ Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
+ SnaccExcep::throwMe(-104);
+ }
+ else
+ return;
+} // CertificationRequestInfo::BDecContent
+
+AsnLen CertificationRequestInfo::BEnc (BUF_TYPE b)
+{
+ AsnLen l;
+ l = BEncContent (b);
+ l += BEncConsLen (b, l);
+ l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE);
+ return l;
+}
+
+void CertificationRequestInfo::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env)
+{
+ AsnTag tag;
+ AsnLen elmtLen1;
+
+ if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+ {
+ Asn1Error << "CertificationRequestInfo::BDec: ERROR - wrong tag" << endl;
+ SnaccExcep::throwMe(-105);
+ }
+ elmtLen1 = BDecLen (b, bytesDecoded, env);
+ BDecContent (b, tag, elmtLen1, bytesDecoded, env);
+}
+
+void CertificationRequestInfo::Print (ostream &os) const
+{
+#ifndef NDEBUG
+ os << "{ -- SEQUENCE --" << endl;
+ indentG += stdIndentG;
+
+ {
+ Indent (os, indentG);
+ os << "version ";
+ os << version;
+ os << "," << endl;
+ }
+
+ if (NOT_NULL (subject))
+ {
+ Indent (os, indentG);
+ os << "subject ";
+ os << *subject;
+ }
+ else
+ {
+ Indent (os, indentG);
+ os << "subject ";
+ os << "-- void --";
+ os << "," << endl;
+ }
+
+ if (NOT_NULL (subjectPublicKeyInfo))
+ {
+ Indent (os, indentG);
+ os << "subjectPublicKeyInfo ";
+ os << *subjectPublicKeyInfo;
+ }
+ else
+ {
+ Indent (os, indentG);
+ os << "subjectPublicKeyInfo ";
+ os << "-- void --";
+ os << "," << endl;
+ }
+
+ {
+ Indent (os, indentG);
+ os << "attributes ";
+ os << attributes;
+ }
+
+ os << endl;
+ indentG -= stdIndentG;
+ Indent (os, indentG);
+ os << "}";
+#endif /* NDEBUG */
+} // CertificationRequestInfo::Print
+
+
+CertificationRequest::CertificationRequest()
+{
+#if TCL
+ certificationRequestInfo = new CertificationRequestInfo;
+#else
+ certificationRequestInfo = NULL; // incomplete initialization of mandatory element!
+#endif // TCL
+#if TCL
+ signatureAlgorithm = new SignatureAlgorithmIdentifier;
+#else
+ signatureAlgorithm = NULL; // incomplete initialization of mandatory element!
+#endif // TCL
+}
+
+CertificationRequest::CertificationRequest (const CertificationRequest &)
+{
+ Asn1Error << "use of incompletely defined CertificationRequest::CertificationRequest (const CertificationRequest &)" << endl;
+ abort();
+}
+
+CertificationRequest::~CertificationRequest()
+{
+ delete certificationRequestInfo;
+ delete signatureAlgorithm;
+}
+
+AsnType *CertificationRequest::Clone() const
+{
+ return new CertificationRequest;
+}
+
+AsnType *CertificationRequest::Copy() const
+{
+ return new CertificationRequest (*this);
+}
+
+#if SNACC_DEEP_COPY
+CertificationRequest &CertificationRequest::operator = (const CertificationRequest &that)
+#else // SNACC_DEEP_COPY
+CertificationRequest &CertificationRequest::operator = (const CertificationRequest &)
+#endif // SNACC_DEEP_COPY
+{
+#if SNACC_DEEP_COPY
+ if (this != &that)
+ {
+ if (that.certificationRequestInfo)
+ {
+ if (!certificationRequestInfo)
+ certificationRequestInfo = new CertificationRequestInfo;
+ *certificationRequestInfo = *that.certificationRequestInfo;
+ }
+ else
+ {
+ delete certificationRequestInfo;
+ certificationRequestInfo = NULL;
+ }
+ if (that.signatureAlgorithm)
+ {
+ if (!signatureAlgorithm)
+ signatureAlgorithm = new SignatureAlgorithmIdentifier;
+ *signatureAlgorithm = *that.signatureAlgorithm;
+ }
+ else
+ {
+ delete signatureAlgorithm;
+ signatureAlgorithm = NULL;
+ }
+ signature = that.signature;
+ }
+
+ return *this;
+#else // SNACC_DEEP_COPY
+ Asn1Error << "use of incompletely defined CertificationRequest &CertificationRequest::operator = (const CertificationRequest &)" << endl;
+ abort();
+ // if your compiler complains here, check the -novolat option
+#endif // SNACC_DEEP_COPY
+}
+
+AsnLen
+CertificationRequest::BEncContent (BUF_TYPE b)
+{
+ AsnLen totalLen = 0;
+ AsnLen l;
+
+ l = signature.BEncContent (b);
+ l += BEncDefLen (b, l);
+
+ l += BEncTag1 (b, UNIV, PRIM, BITSTRING_TAG_CODE);
+ totalLen += l;
+
+ BEncEocIfNec (b);
+ l = signatureAlgorithm->BEncContent (b);
+ l += BEncConsLen (b, l);
+
+ l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE);
+ totalLen += l;
+
+ BEncEocIfNec (b);
+ l = certificationRequestInfo->BEncContent (b);
+ l += BEncConsLen (b, l);
+
+ l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE);
+ totalLen += l;
+
+ return totalLen;
+} // CertificationRequest::BEncContent
+
+
+void CertificationRequest::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE env)
+{
+ AsnTag tag1;
+ AsnLen seqBytesDecoded = 0;
+ AsnLen elmtLen1;
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ certificationRequestInfo = new CertificationRequestInfo;
+ certificationRequestInfo->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-106);
+ }
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ signatureAlgorithm = new SignatureAlgorithmIdentifier;
+ signatureAlgorithm->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-107);
+ }
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE))
+ || (tag1 == MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ signature.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-108);
+ }
+
+ bytesDecoded += seqBytesDecoded;
+ if (elmtLen0 == INDEFINITE_LEN)
+ {
+ BDecEoc (b, bytesDecoded, env);
+ return;
+ }
+ else if (seqBytesDecoded != elmtLen0)
+ {
+ Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
+ SnaccExcep::throwMe(-109);
+ }
+ else
+ return;
+} // CertificationRequest::BDecContent
+
+AsnLen CertificationRequest::BEnc (BUF_TYPE b)
+{
+ AsnLen l;
+ l = BEncContent (b);
+ l += BEncConsLen (b, l);
+ l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE);
+ return l;
+}
+
+void CertificationRequest::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env)
+{
+ AsnTag tag;
+ AsnLen elmtLen1;
+
+ if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+ {
+ Asn1Error << "CertificationRequest::BDec: ERROR - wrong tag" << endl;
+ SnaccExcep::throwMe(-110);
+ }
+ elmtLen1 = BDecLen (b, bytesDecoded, env);
+ BDecContent (b, tag, elmtLen1, bytesDecoded, env);
+}
+
+void CertificationRequest::Print (ostream &os) const
+{
+#ifndef NDEBUG
+ os << "{ -- SEQUENCE --" << endl;
+ indentG += stdIndentG;
+
+ if (NOT_NULL (certificationRequestInfo))
+ {
+ Indent (os, indentG);
+ os << "certificationRequestInfo ";
+ os << *certificationRequestInfo;
+ }
+ else
+ {
+ Indent (os, indentG);
+ os << "certificationRequestInfo ";
+ os << "-- void --";
+ os << "," << endl;
+ }
+
+ if (NOT_NULL (signatureAlgorithm))
+ {
+ Indent (os, indentG);
+ os << "signatureAlgorithm ";
+ os << *signatureAlgorithm;
+ }
+ else
+ {
+ Indent (os, indentG);
+ os << "signatureAlgorithm ";
+ os << "-- void --";
+ os << "," << endl;
+ }
+
+ {
+ Indent (os, indentG);
+ os << "signature ";
+ os << signature;
+ }
+
+ os << endl;
+ indentG -= stdIndentG;
+ Indent (os, indentG);
+ os << "}";
+#endif /* NDEBUG */
+} // CertificationRequest::Print
+
+
+CertificationRequestSigned::CertificationRequestSigned()
+{
+#if TCL
+ signatureAlgorithm = new SignatureAlgorithmIdentifier;
+#else
+ signatureAlgorithm = NULL; // incomplete initialization of mandatory element!
+#endif // TCL
+}
+
+CertificationRequestSigned::CertificationRequestSigned (const CertificationRequestSigned &)
+{
+ Asn1Error << "use of incompletely defined CertificationRequestSigned::CertificationRequestSigned (const CertificationRequestSigned &)" << endl;
+ abort();
+}
+
+CertificationRequestSigned::~CertificationRequestSigned()
+{
+ delete signatureAlgorithm;
+}
+
+AsnType *CertificationRequestSigned::Clone() const
+{
+ return new CertificationRequestSigned;
+}
+
+AsnType *CertificationRequestSigned::Copy() const
+{
+ return new CertificationRequestSigned (*this);
+}
+
+#if SNACC_DEEP_COPY
+CertificationRequestSigned &CertificationRequestSigned::operator = (const CertificationRequestSigned &that)
+#else // SNACC_DEEP_COPY
+CertificationRequestSigned &CertificationRequestSigned::operator = (const CertificationRequestSigned &)
+#endif // SNACC_DEEP_COPY
+{
+#if SNACC_DEEP_COPY
+ if (this != &that)
+ {
+ certificationRequestInfo = that.certificationRequestInfo;
+ if (that.signatureAlgorithm)
+ {
+ if (!signatureAlgorithm)
+ signatureAlgorithm = new SignatureAlgorithmIdentifier;
+ *signatureAlgorithm = *that.signatureAlgorithm;
+ }
+ else
+ {
+ delete signatureAlgorithm;
+ signatureAlgorithm = NULL;
+ }
+ signature = that.signature;
+ }
+
+ return *this;
+#else // SNACC_DEEP_COPY
+ Asn1Error << "use of incompletely defined CertificationRequestSigned &CertificationRequestSigned::operator = (const CertificationRequestSigned &)" << endl;
+ abort();
+ // if your compiler complains here, check the -novolat option
+#endif // SNACC_DEEP_COPY
+}
+
+AsnLen
+CertificationRequestSigned::BEncContent (BUF_TYPE b)
+{
+ AsnLen totalLen = 0;
+ AsnLen l;
+
+ l = signature.BEncContent (b);
+ l += BEncDefLen (b, l);
+
+ l += BEncTag1 (b, UNIV, PRIM, BITSTRING_TAG_CODE);
+ totalLen += l;
+
+ BEncEocIfNec (b);
+ l = signatureAlgorithm->BEncContent (b);
+ l += BEncConsLen (b, l);
+
+ l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE);
+ totalLen += l;
+
+ ENC_LOAD_ANYBUF(&certificationRequestInfo, b, l);
+ totalLen += l;
+
+ return totalLen;
+} // CertificationRequestSigned::BEncContent
+
+
+void CertificationRequestSigned::BDecContent (BUF_TYPE b, AsnTag /*tag0*/, AsnLen elmtLen0, AsnLen &bytesDecoded, ENV_TYPE env)
+{
+ AsnTag tag1;
+ AsnLen seqBytesDecoded = 0;
+ AsnLen elmtLen1;
+ // ANY type
+ DEC_LOAD_ANYBUF(&certificationRequestInfo, b, seqBytesDecoded, env);
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ signatureAlgorithm = new SignatureAlgorithmIdentifier;
+ signatureAlgorithm->BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ tag1 = BDecTag (b, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-111);
+ }
+
+ if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE))
+ || (tag1 == MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE)))
+ {
+ elmtLen1 = BDecLen (b, seqBytesDecoded, env);
+ signature.BDecContent (b, tag1, elmtLen1, seqBytesDecoded, env);
+ }
+ else
+ {
+ Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
+ SnaccExcep::throwMe(-112);
+ }
+
+ bytesDecoded += seqBytesDecoded;
+ if (elmtLen0 == INDEFINITE_LEN)
+ {
+ BDecEoc (b, bytesDecoded, env);
+ return;
+ }
+ else if (seqBytesDecoded != elmtLen0)
+ {
+ Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
+ SnaccExcep::throwMe(-113);
+ }
+ else
+ return;
+} // CertificationRequestSigned::BDecContent
+
+AsnLen CertificationRequestSigned::BEnc (BUF_TYPE b)
+{
+ AsnLen l;
+ l = BEncContent (b);
+ l += BEncConsLen (b, l);
+ l += BEncTag1 (b, UNIV, CONS, SEQ_TAG_CODE);
+ return l;
+}
+
+void CertificationRequestSigned::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env)
+{
+ AsnTag tag;
+ AsnLen elmtLen1;
+
+ if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+ {
+ Asn1Error << "CertificationRequestSigned::BDec: ERROR - wrong tag" << endl;
+ SnaccExcep::throwMe(-114);
+ }
+ elmtLen1 = BDecLen (b, bytesDecoded, env);
+ BDecContent (b, tag, elmtLen1, bytesDecoded, env);
+}
+
+void CertificationRequestSigned::Print (ostream &os) const
+{
+#ifndef NDEBUG
+ os << "{ -- SEQUENCE --" << endl;
+ indentG += stdIndentG;
+
+ {
+ Indent (os, indentG);
+ os << "certificationRequestInfo ";
+ os << certificationRequestInfo;
+ os << "," << endl;
+ }
+
+ if (NOT_NULL (signatureAlgorithm))
+ {
+ Indent (os, indentG);
+ os << "signatureAlgorithm ";
+ os << *signatureAlgorithm;
+ }
+ else
+ {
+ Indent (os, indentG);
+ os << "signatureAlgorithm ";
+ os << "-- void --";
+ os << "," << endl;
+ }
+
+ {
+ Indent (os, indentG);
+ os << "signature ";
+ os << signature;
+ }
+
+ os << endl;
+ indentG -= stdIndentG;
+ Indent (os, indentG);
+ os << "}";
+#endif /* NDEBUG */
+} // CertificationRequestSigned::Print
+
+
//
// pkcs1oids.cpp - class member functions for ASN.1 module PKCS1-OIDS
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -101);
+ SnaccExcep::throwMe(-101);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -102);
+ SnaccExcep::throwMe(-102);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "RSAPublicKey::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -103);
+ SnaccExcep::throwMe(-103);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int RSAPublicKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int RSAPublicKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void RSAPublicKey::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -104);
+ SnaccExcep::throwMe(-104);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -105);
+ SnaccExcep::throwMe(-105);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -106);
+ SnaccExcep::throwMe(-106);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -107);
+ SnaccExcep::throwMe(-107);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -108);
+ SnaccExcep::throwMe(-108);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -109);
+ SnaccExcep::throwMe(-109);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -110);
+ SnaccExcep::throwMe(-110);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -111);
+ SnaccExcep::throwMe(-111);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -112);
+ SnaccExcep::throwMe(-112);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -113);
+ SnaccExcep::throwMe(-113);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "RSAPrivateKey::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -114);
+ SnaccExcep::throwMe(-114);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int RSAPrivateKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int RSAPrivateKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void RSAPrivateKey::Print (ostream &os) const
{
#ifndef NDEBUG
//
// pkcs7.cpp - class member functions for ASN.1 module PKCS7
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -101);
+ SnaccExcep::throwMe(-101);
}
if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 0))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -102);
+ SnaccExcep::throwMe(-102);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "EncryptedContentInfo1::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -103);
+ SnaccExcep::throwMe(-103);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int EncryptedContentInfo1::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EncryptedContentInfo1::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EncryptedContentInfo1::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -104);
+ SnaccExcep::throwMe(-104);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -105);
+ SnaccExcep::throwMe(-105);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -106);
+ SnaccExcep::throwMe(-106);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "EncryptedData1::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -107);
+ SnaccExcep::throwMe(-107);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int EncryptedData1::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EncryptedData1::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EncryptedData1::Print (ostream &os) const
{
#ifndef NDEBUG
//
// pkcs8.cpp - class member functions for ASN.1 module PrivateKeyInformationSyntax
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -101);
+ SnaccExcep::throwMe(-101);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -102);
+ SnaccExcep::throwMe(-102);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -103);
+ SnaccExcep::throwMe(-103);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "PrivateKeyInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -104);
+ SnaccExcep::throwMe(-104);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int PrivateKeyInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int PrivateKeyInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void PrivateKeyInfo::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -105);
+ SnaccExcep::throwMe(-105);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -106);
+ SnaccExcep::throwMe(-106);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -107);
+ SnaccExcep::throwMe(-107);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "EncryptedPrivateKeyInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -108);
+ SnaccExcep::throwMe(-108);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int EncryptedPrivateKeyInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EncryptedPrivateKeyInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EncryptedPrivateKeyInfo::Print (ostream &os) const
{
#ifndef NDEBUG
//
// pkcs9oids.cpp - class member functions for ASN.1 module PKCS9-OIDS
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
//
// sm_cms.cpp - class member functions for ASN.1 module CryptographicMessageSyntax
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -101);
+ SnaccExcep::throwMe(-101);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -102);
+ SnaccExcep::throwMe(-102);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "OriginatorPublicKey::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -103);
+ SnaccExcep::throwMe(-103);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int OriginatorPublicKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int OriginatorPublicKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void OriginatorPublicKey::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "CertificateRevocationLists::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -104);
+ SnaccExcep::throwMe(-104);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -105);
+ SnaccExcep::throwMe(-105);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -106);
+ SnaccExcep::throwMe(-106);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -107);
+ SnaccExcep::throwMe(-107);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -108);
+ SnaccExcep::throwMe(-108);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "IssuerAndSerialNumber::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -109);
+ SnaccExcep::throwMe(-109);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int IssuerAndSerialNumber::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int IssuerAndSerialNumber::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void IssuerAndSerialNumber::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -110);
+ SnaccExcep::throwMe(-110);
}
// ANY type
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -111);
+ SnaccExcep::throwMe(-111);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "OtherKeyAttribute::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -112);
+ SnaccExcep::throwMe(-112);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int OtherKeyAttribute::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int OtherKeyAttribute::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void OtherKeyAttribute::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "DigestAlgorithmIdentifiers::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -113);
+ SnaccExcep::throwMe(-113);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -114);
+ SnaccExcep::throwMe(-114);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -115);
+ SnaccExcep::throwMe(-115);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0)))
&& (tag1 != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -116);
+ SnaccExcep::throwMe(-116);
}
elmtLen2 = BDecLen (b, seqBytesDecoded, env);
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -117);
+ SnaccExcep::throwMe(-117);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "EncapsulatedContentInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -118);
+ SnaccExcep::throwMe(-118);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int EncapsulatedContentInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EncapsulatedContentInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EncapsulatedContentInfo::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -119);
+ SnaccExcep::throwMe(-119);
break;
} // end switch
} // SignerIdentifier::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int SignerIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int SignerIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void SignerIdentifier::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -120);
+ SnaccExcep::throwMe(-120);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -121);
+ SnaccExcep::throwMe(-121);
}
if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 0))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -122);
+ SnaccExcep::throwMe(-122);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "EncryptedContentInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -123);
+ SnaccExcep::throwMe(-123);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int EncryptedContentInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EncryptedContentInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EncryptedContentInfo::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -124);
+ SnaccExcep::throwMe(-124);
break;
} // end switch
} // RecipientIdentifier::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int RecipientIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int RecipientIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void RecipientIdentifier::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -125);
+ SnaccExcep::throwMe(-125);
break;
} // end switch
} // OriginatorIdentifierOrKey::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int OriginatorIdentifierOrKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int OriginatorIdentifierOrKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void OriginatorIdentifierOrKey::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -126);
+ SnaccExcep::throwMe(-126);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -127);
+ SnaccExcep::throwMe(-127);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "RecipientKeyIdentifier::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -128);
+ SnaccExcep::throwMe(-128);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int RecipientKeyIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int RecipientKeyIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void RecipientKeyIdentifier::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -129);
+ SnaccExcep::throwMe(-129);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -130);
+ SnaccExcep::throwMe(-130);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "KEKIdentifier::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -131);
+ SnaccExcep::throwMe(-131);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int KEKIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int KEKIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void KEKIdentifier::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -132);
+ SnaccExcep::throwMe(-132);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -133);
+ SnaccExcep::throwMe(-133);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -134);
+ SnaccExcep::throwMe(-134);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -135);
+ SnaccExcep::throwMe(-135);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ExtendedCertificateInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -136);
+ SnaccExcep::throwMe(-136);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ExtendedCertificateInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ExtendedCertificateInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ExtendedCertificateInfo::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -137);
+ SnaccExcep::throwMe(-137);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -138);
+ SnaccExcep::throwMe(-138);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -139);
+ SnaccExcep::throwMe(-139);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -140);
+ SnaccExcep::throwMe(-140);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -141);
+ SnaccExcep::throwMe(-141);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 1)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -142);
+ SnaccExcep::throwMe(-142);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "SignerInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -143);
+ SnaccExcep::throwMe(-143);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int SignerInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int SignerInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void SignerInfo::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -144);
+ SnaccExcep::throwMe(-144);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -145);
+ SnaccExcep::throwMe(-145);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -146);
+ SnaccExcep::throwMe(-146);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -147);
+ SnaccExcep::throwMe(-147);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -148);
+ SnaccExcep::throwMe(-148);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "KeyTransRecipientInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -149);
+ SnaccExcep::throwMe(-149);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int KeyTransRecipientInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int KeyTransRecipientInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void KeyTransRecipientInfo::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -150);
+ SnaccExcep::throwMe(-150);
break;
} // end switch
} // KeyAgreeRecipientIdentifier::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int KeyAgreeRecipientIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int KeyAgreeRecipientIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void KeyAgreeRecipientIdentifier::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -151);
+ SnaccExcep::throwMe(-151);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -152);
+ SnaccExcep::throwMe(-152);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -153);
+ SnaccExcep::throwMe(-153);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -154);
+ SnaccExcep::throwMe(-154);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -155);
+ SnaccExcep::throwMe(-155);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "KEKRecipientInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -156);
+ SnaccExcep::throwMe(-156);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int KEKRecipientInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int KEKRecipientInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void KEKRecipientInfo::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -157);
+ SnaccExcep::throwMe(-157);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -158);
+ SnaccExcep::throwMe(-158);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -159);
+ SnaccExcep::throwMe(-159);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -160);
+ SnaccExcep::throwMe(-160);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ExtendedCertificate::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -161);
+ SnaccExcep::throwMe(-161);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ExtendedCertificate::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ExtendedCertificate::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ExtendedCertificate::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "SignerInfos::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -162);
+ SnaccExcep::throwMe(-162);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -163);
+ SnaccExcep::throwMe(-163);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -164);
+ SnaccExcep::throwMe(-164);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -165);
+ SnaccExcep::throwMe(-165);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -166);
+ SnaccExcep::throwMe(-166);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "RecipientEncryptedKey::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -167);
+ SnaccExcep::throwMe(-167);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int RecipientEncryptedKey::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int RecipientEncryptedKey::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void RecipientEncryptedKey::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -168);
+ SnaccExcep::throwMe(-168);
break;
} // end switch
} // CertificateChoices::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int CertificateChoices::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int CertificateChoices::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void CertificateChoices::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "CertificateSet::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -169);
+ SnaccExcep::throwMe(-169);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
|| (tag1 == MAKE_TAG_ID (CNTX, CONS, 1))))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -170);
+ SnaccExcep::throwMe(-170);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -171);
+ SnaccExcep::throwMe(-171);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "OriginatorInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -172);
+ SnaccExcep::throwMe(-172);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int OriginatorInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int OriginatorInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void OriginatorInfo::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "RecipientEncryptedKeys::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -173);
+ SnaccExcep::throwMe(-173);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -174);
+ SnaccExcep::throwMe(-174);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -175);
+ SnaccExcep::throwMe(-175);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -176);
+ SnaccExcep::throwMe(-176);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 1)))
&& (tag1 != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -177);
+ SnaccExcep::throwMe(-177);
}
elmtLen2 = BDecLen (b, seqBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -178);
+ SnaccExcep::throwMe(-178);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -179);
+ SnaccExcep::throwMe(-179);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -180);
+ SnaccExcep::throwMe(-180);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "KeyAgreeRecipientInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -181);
+ SnaccExcep::throwMe(-181);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int KeyAgreeRecipientInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int KeyAgreeRecipientInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void KeyAgreeRecipientInfo::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -182);
+ SnaccExcep::throwMe(-182);
break;
} // end switch
} // RecipientInfo::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int RecipientInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int RecipientInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void RecipientInfo::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "RecipientInfos::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -183);
+ SnaccExcep::throwMe(-183);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
|| (tag1 == MAKE_TAG_ID (CNTX, CONS, 2))))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -184);
+ SnaccExcep::throwMe(-184);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -185);
+ SnaccExcep::throwMe(-185);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -186);
+ SnaccExcep::throwMe(-186);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -187);
+ SnaccExcep::throwMe(-187);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ContentInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -188);
+ SnaccExcep::throwMe(-188);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ContentInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ContentInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ContentInfo::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -189);
+ SnaccExcep::throwMe(-189);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -190);
+ SnaccExcep::throwMe(-190);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -191);
+ SnaccExcep::throwMe(-191);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -192);
+ SnaccExcep::throwMe(-192);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -193);
+ SnaccExcep::throwMe(-193);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "SignedData::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -194);
+ SnaccExcep::throwMe(-194);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int SignedData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int SignedData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void SignedData::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -195);
+ SnaccExcep::throwMe(-195);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -196);
+ SnaccExcep::throwMe(-196);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -197);
+ SnaccExcep::throwMe(-197);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 1)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -198);
+ SnaccExcep::throwMe(-198);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "EnvelopedData::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -199);
+ SnaccExcep::throwMe(-199);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int EnvelopedData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EnvelopedData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EnvelopedData::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -200);
+ SnaccExcep::throwMe(-200);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -201);
+ SnaccExcep::throwMe(-201);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -202);
+ SnaccExcep::throwMe(-202);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -203);
+ SnaccExcep::throwMe(-203);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -204);
+ SnaccExcep::throwMe(-204);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "DigestedData::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -205);
+ SnaccExcep::throwMe(-205);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int DigestedData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int DigestedData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void DigestedData::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -206);
+ SnaccExcep::throwMe(-206);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -207);
+ SnaccExcep::throwMe(-207);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -208);
+ SnaccExcep::throwMe(-208);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "EncryptedData::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -209);
+ SnaccExcep::throwMe(-209);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int EncryptedData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EncryptedData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EncryptedData::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -210);
+ SnaccExcep::throwMe(-210);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 0)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -211);
+ SnaccExcep::throwMe(-211);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -212);
+ SnaccExcep::throwMe(-212);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 1)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -213);
+ SnaccExcep::throwMe(-213);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 2)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -214);
+ SnaccExcep::throwMe(-214);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 3)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -215);
+ SnaccExcep::throwMe(-215);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AuthenticatedData::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -216);
+ SnaccExcep::throwMe(-216);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int AuthenticatedData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AuthenticatedData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AuthenticatedData::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "UserKeyingMaterials::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -217);
+ SnaccExcep::throwMe(-217);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
&& (tag1 != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -218);
+ SnaccExcep::throwMe(-218);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -219);
+ SnaccExcep::throwMe(-219);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -220);
+ SnaccExcep::throwMe(-220);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -221);
+ SnaccExcep::throwMe(-221);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "RC2CBCParameter::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -222);
+ SnaccExcep::throwMe(-222);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int RC2CBCParameter::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int RC2CBCParameter::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void RC2CBCParameter::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -223);
+ SnaccExcep::throwMe(-223);
break;
} // end switch
} // ExtendedCertificateOrCertificate::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int ExtendedCertificateOrCertificate::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ExtendedCertificateOrCertificate::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ExtendedCertificateOrCertificate::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -224);
+ SnaccExcep::throwMe(-224);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -225);
+ SnaccExcep::throwMe(-225);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -226);
+ SnaccExcep::throwMe(-226);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "DigestInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -227);
+ SnaccExcep::throwMe(-227);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int DigestInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int DigestInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void DigestInfo::Print (ostream &os) const
{
#ifndef NDEBUG
//
// sm_ess.cpp - class member functions for ASN.1 module ExtendedSecurityServices
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "SigningCertificateSeqOf1::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -101);
+ SnaccExcep::throwMe(-101);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "MLReceiptPolicySeqOf1::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -102);
+ SnaccExcep::throwMe(-102);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -103);
+ SnaccExcep::throwMe(-103);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "MLReceiptPolicySeqOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -104);
+ SnaccExcep::throwMe(-104);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -105);
+ SnaccExcep::throwMe(-105);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ReceiptsFromSeqOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -106);
+ SnaccExcep::throwMe(-106);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -107);
+ SnaccExcep::throwMe(-107);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ReceiptRequestSeqOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -108);
+ SnaccExcep::throwMe(-108);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -109);
+ SnaccExcep::throwMe(-109);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -110);
+ SnaccExcep::throwMe(-110);
break;
} // end switch
} // ESSPrivacyMark::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int ESSPrivacyMark::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ESSPrivacyMark::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ESSPrivacyMark::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -111);
+ SnaccExcep::throwMe(-111);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 1)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -112);
+ SnaccExcep::throwMe(-112);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -113);
+ SnaccExcep::throwMe(-113);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "SecurityCategory::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -114);
+ SnaccExcep::throwMe(-114);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int SecurityCategory::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int SecurityCategory::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void SecurityCategory::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -115);
+ SnaccExcep::throwMe(-115);
break;
} // end switch
} // EntityIdentifier::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int EntityIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EntityIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EntityIdentifier::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -116);
+ SnaccExcep::throwMe(-116);
break;
} // end switch
} // ReceiptsFrom::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int ReceiptsFrom::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ReceiptsFrom::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ReceiptsFrom::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "SecurityCategories::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -117);
+ SnaccExcep::throwMe(-117);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -118);
+ SnaccExcep::throwMe(-118);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -119);
+ SnaccExcep::throwMe(-119);
break;
} // end switch
} // MLReceiptPolicy::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int MLReceiptPolicy::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int MLReceiptPolicy::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void MLReceiptPolicy::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -120);
+ SnaccExcep::throwMe(-120);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -121);
+ SnaccExcep::throwMe(-121);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ESSCertID::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -122);
+ SnaccExcep::throwMe(-122);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ESSCertID::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ESSCertID::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ESSCertID::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "SigningCertificateSeqOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -123);
+ SnaccExcep::throwMe(-123);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -124);
+ SnaccExcep::throwMe(-124);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
default:
Asn1Error << "Unexpected Tag on SET elmt." << endl;
- longjmp (env, -125);
+ SnaccExcep::throwMe(-125);
} // end switch
} // end for loop
bytesDecoded += setBytesDecoded;
if (mandatoryElmtsDecoded != 1)
{
Asn1Error << "ERROR - non-optional SET element missing." << endl;
- longjmp (env, -126);
+ SnaccExcep::throwMe(-126);
}
} // ESSSecurityLabel::BDecContent
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "ESSSecurityLabel::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -127);
+ SnaccExcep::throwMe(-127);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ESSSecurityLabel::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ESSSecurityLabel::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ESSSecurityLabel::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -128);
+ SnaccExcep::throwMe(-128);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -129);
+ SnaccExcep::throwMe(-129);
}
if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 0))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -130);
+ SnaccExcep::throwMe(-130);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "MLData::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -131);
+ SnaccExcep::throwMe(-131);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int MLData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int MLData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void MLData::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -132);
+ SnaccExcep::throwMe(-132);
}
if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 0))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -133);
+ SnaccExcep::throwMe(-133);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -134);
+ SnaccExcep::throwMe(-134);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -135);
+ SnaccExcep::throwMe(-135);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ReceiptRequest::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -136);
+ SnaccExcep::throwMe(-136);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ReceiptRequest::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ReceiptRequest::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ReceiptRequest::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -137);
+ SnaccExcep::throwMe(-137);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -138);
+ SnaccExcep::throwMe(-138);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -139);
+ SnaccExcep::throwMe(-139);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -140);
+ SnaccExcep::throwMe(-140);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -141);
+ SnaccExcep::throwMe(-141);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Receipt::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -142);
+ SnaccExcep::throwMe(-142);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int Receipt::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int Receipt::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void Receipt::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -143);
+ SnaccExcep::throwMe(-143);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -144);
+ SnaccExcep::throwMe(-144);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ContentHints::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -145);
+ SnaccExcep::throwMe(-145);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ContentHints::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ContentHints::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ContentHints::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -146);
+ SnaccExcep::throwMe(-146);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -147);
+ SnaccExcep::throwMe(-147);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -148);
+ SnaccExcep::throwMe(-148);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -149);
+ SnaccExcep::throwMe(-149);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ContentReference::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -150);
+ SnaccExcep::throwMe(-150);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ContentReference::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ContentReference::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ContentReference::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "EquivalentLabels::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -151);
+ SnaccExcep::throwMe(-151);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -152);
+ SnaccExcep::throwMe(-152);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "MLExpansionHistory::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -153);
+ SnaccExcep::throwMe(-153);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -154);
+ SnaccExcep::throwMe(-154);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -155);
+ SnaccExcep::throwMe(-155);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -156);
+ SnaccExcep::throwMe(-156);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "SigningCertificate::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -157);
+ SnaccExcep::throwMe(-157);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int SigningCertificate::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int SigningCertificate::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void SigningCertificate::Print (ostream &os) const
{
#ifndef NDEBUG
//
// sm_vdatypes.cpp - class member functions for ASN.1 module VdaEnhancedTypes
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
&& (tag != MAKE_TAG_ID (UNIV, CONS, INTEGER_TAG_CODE)))
{
Asn1Error << "BigIntegerStr::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int BigIntegerStr::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int BigIntegerStr::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
//
// sm_x411mtsas.cpp - class member functions for ASN.1 module MTSAbstractService
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
break;
} // end switch
} // CountryName::BDecContent
if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (APPL, CONS, 1)) {
Asn1Error << "CountryName::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -101);
+ SnaccExcep::throwMe(-101);
}
extraLen1 = BDecLen (b, bytesDecoded, env);
/* CHOICEs are a special case - grab identifying tag */
BDecEoc (b, bytesDecoded, env);
}
-int CountryName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int CountryName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void CountryName::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -102);
+ SnaccExcep::throwMe(-102);
break;
} // end switch
} // AdministrationDomainName::BDecContent
if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (APPL, CONS, 2)) {
Asn1Error << "AdministrationDomainName::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -103);
+ SnaccExcep::throwMe(-103);
}
extraLen1 = BDecLen (b, bytesDecoded, env);
/* CHOICEs are a special case - grab identifying tag */
BDecEoc (b, bytesDecoded, env);
}
-int AdministrationDomainName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AdministrationDomainName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AdministrationDomainName::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -104);
+ SnaccExcep::throwMe(-104);
break;
} // end switch
} // PrivateDomainName::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int PrivateDomainName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int PrivateDomainName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void PrivateDomainName::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "Unexpected Tag on SET elmt." << endl;
- longjmp (env, -105);
+ SnaccExcep::throwMe(-105);
} // end switch
} // end for loop
bytesDecoded += setBytesDecoded;
if (mandatoryElmtsDecoded != 1)
{
Asn1Error << "ERROR - non-optional SET element missing." << endl;
- longjmp (env, -106);
+ SnaccExcep::throwMe(-106);
}
} // PersonalName::BDecContent
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "PersonalName::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -107);
+ SnaccExcep::throwMe(-107);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int PersonalName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int PersonalName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void PersonalName::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -108);
+ SnaccExcep::throwMe(-108);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, PRINTABLESTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -109);
+ SnaccExcep::throwMe(-109);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -110);
+ SnaccExcep::throwMe(-110);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "DomainDefinedAttribute::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -111);
+ SnaccExcep::throwMe(-111);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int DomainDefinedAttribute::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int DomainDefinedAttribute::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void DomainDefinedAttribute::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -112);
+ SnaccExcep::throwMe(-112);
}
if ((tag1 == MAKE_TAG_ID (CNTX, CONS, 1)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -113);
+ SnaccExcep::throwMe(-113);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -114);
+ SnaccExcep::throwMe(-114);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ExtensionAttribute::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -115);
+ SnaccExcep::throwMe(-115);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ExtensionAttribute::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ExtensionAttribute::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ExtensionAttribute::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -116);
+ SnaccExcep::throwMe(-116);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, TELETEXSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -117);
+ SnaccExcep::throwMe(-117);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -118);
+ SnaccExcep::throwMe(-118);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "TeletexDomainDefinedAttribute::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -119);
+ SnaccExcep::throwMe(-119);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int TeletexDomainDefinedAttribute::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int TeletexDomainDefinedAttribute::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void TeletexDomainDefinedAttribute::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "OrganizationUnitNames::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -120);
+ SnaccExcep::throwMe(-120);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
&& (tag1 != MAKE_TAG_ID (UNIV, CONS, PRINTABLESTRING_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -121);
+ SnaccExcep::throwMe(-121);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "DomainDefinedAttributes::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -122);
+ SnaccExcep::throwMe(-122);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -123);
+ SnaccExcep::throwMe(-123);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "ExtensionAttributes::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -124);
+ SnaccExcep::throwMe(-124);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -125);
+ SnaccExcep::throwMe(-125);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -126);
+ SnaccExcep::throwMe(-126);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "StandardAttributes::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -127);
+ SnaccExcep::throwMe(-127);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int StandardAttributes::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int StandardAttributes::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void StandardAttributes::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -128);
+ SnaccExcep::throwMe(-128);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -129);
+ SnaccExcep::throwMe(-129);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ORAddress::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -130);
+ SnaccExcep::throwMe(-130);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ORAddress::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ORAddress::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ORAddress::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "Unexpected Tag on SET elmt." << endl;
- longjmp (env, -131);
+ SnaccExcep::throwMe(-131);
} // end switch
} // end for loop
bytesDecoded += setBytesDecoded;
if (mandatoryElmtsDecoded != 1)
{
Asn1Error << "ERROR - non-optional SET element missing." << endl;
- longjmp (env, -132);
+ SnaccExcep::throwMe(-132);
}
} // TeletexPersonalName::BDecContent
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "TeletexPersonalName::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -133);
+ SnaccExcep::throwMe(-133);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int TeletexPersonalName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int TeletexPersonalName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void TeletexPersonalName::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "TeletexOrganizationUnitNames::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -134);
+ SnaccExcep::throwMe(-134);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
&& (tag1 != MAKE_TAG_ID (UNIV, CONS, TELETEXSTRING_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -135);
+ SnaccExcep::throwMe(-135);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "TeletexDomainDefinedAttributes::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -136);
+ SnaccExcep::throwMe(-136);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -137);
+ SnaccExcep::throwMe(-137);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
//
// sm_x411ub.cpp - class member functions for ASN.1 module UpperBounds
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
//
// sm_x501if.cpp - class member functions for ASN.1 module InformationFramework
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "AttributeTypeAndDistinguishedValueSetOfSeqSetOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -101);
+ SnaccExcep::throwMe(-101);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -102);
+ SnaccExcep::throwMe(-102);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AttributeTypeAndDistinguishedValueSetOfSeq::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -103);
+ SnaccExcep::throwMe(-103);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int AttributeTypeAndDistinguishedValueSetOfSeq::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AttributeTypeAndDistinguishedValueSetOfSeq::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AttributeTypeAndDistinguishedValueSetOfSeq::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "AttributeTypeAndDistinguishedValueSetOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -104);
+ SnaccExcep::throwMe(-104);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -105);
+ SnaccExcep::throwMe(-105);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "AttributeSetOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -106);
+ SnaccExcep::throwMe(-106);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -107);
+ SnaccExcep::throwMe(-107);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -108);
+ SnaccExcep::throwMe(-108);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -109);
+ SnaccExcep::throwMe(-109);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Attribute::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -110);
+ SnaccExcep::throwMe(-110);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int Attribute::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int Attribute::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void Attribute::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -111);
+ SnaccExcep::throwMe(-111);
}
// ANY type
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -112);
+ SnaccExcep::throwMe(-112);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AttributeTypeAndDistinguishedValue::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -113);
+ SnaccExcep::throwMe(-113);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int AttributeTypeAndDistinguishedValue::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AttributeTypeAndDistinguishedValue::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AttributeTypeAndDistinguishedValue::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "RelativeDistinguishedName::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -114);
+ SnaccExcep::throwMe(-114);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -115);
+ SnaccExcep::throwMe(-115);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "RDNSequence::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -116);
+ SnaccExcep::throwMe(-116);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -117);
+ SnaccExcep::throwMe(-117);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "Attributes::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -118);
+ SnaccExcep::throwMe(-118);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -119);
+ SnaccExcep::throwMe(-119);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -120);
+ SnaccExcep::throwMe(-120);
break;
} // end switch
} // Name::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int Name::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int Name::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void Name::Print (ostream &os) const
{
#ifndef NDEBUG
//
// sm_x501ud.cpp - class member functions for ASN.1 module UsefulDefinitions
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
//
// sm_x509af.cpp - class member functions for ASN.1 module AuthenticationFramework
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "AttributeCertificateAssertionSetOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -101);
+ SnaccExcep::throwMe(-101);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AttributeCertificateInfoSeqOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -102);
+ SnaccExcep::throwMe(-102);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -103);
+ SnaccExcep::throwMe(-103);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -104);
+ SnaccExcep::throwMe(-104);
}
// ANY type
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -105);
+ SnaccExcep::throwMe(-105);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AlgorithmIdentifier::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -106);
+ SnaccExcep::throwMe(-106);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int AlgorithmIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AlgorithmIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AlgorithmIdentifier::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -107);
+ SnaccExcep::throwMe(-107);
break;
} // end switch
} // Time::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int Time::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int Time::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void Time::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -108);
+ SnaccExcep::throwMe(-108);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BOOLEAN_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -109);
+ SnaccExcep::throwMe(-109);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -110);
+ SnaccExcep::throwMe(-110);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Extension::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -111);
+ SnaccExcep::throwMe(-111);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int Extension::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int Extension::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void Extension::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -112);
+ SnaccExcep::throwMe(-112);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -113);
+ SnaccExcep::throwMe(-113);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -114);
+ SnaccExcep::throwMe(-114);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AttCertValidityPeriod::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -115);
+ SnaccExcep::throwMe(-115);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int AttCertValidityPeriod::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AttCertValidityPeriod::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AttCertValidityPeriod::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -116);
+ SnaccExcep::throwMe(-116);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -117);
+ SnaccExcep::throwMe(-117);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -118);
+ SnaccExcep::throwMe(-118);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Validity::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -119);
+ SnaccExcep::throwMe(-119);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int Validity::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int Validity::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void Validity::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -120);
+ SnaccExcep::throwMe(-120);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -121);
+ SnaccExcep::throwMe(-121);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -122);
+ SnaccExcep::throwMe(-122);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "SubjectPublicKeyInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -123);
+ SnaccExcep::throwMe(-123);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int SubjectPublicKeyInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int SubjectPublicKeyInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void SubjectPublicKeyInfo::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Extensions::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -124);
+ SnaccExcep::throwMe(-124);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -125);
+ SnaccExcep::throwMe(-125);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -126);
+ SnaccExcep::throwMe(-126);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -127);
+ SnaccExcep::throwMe(-127);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -128);
+ SnaccExcep::throwMe(-128);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "IssuerSerial::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -129);
+ SnaccExcep::throwMe(-129);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int IssuerSerial::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int IssuerSerial::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void IssuerSerial::Print (ostream &os) const
{
#ifndef NDEBUG
if (tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -130);
+ SnaccExcep::throwMe(-130);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -131);
+ SnaccExcep::throwMe(-131);
break;
} // end switch
} // AttributeCertificateAssertionChoice::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int AttributeCertificateAssertionChoice::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AttributeCertificateAssertionChoice::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AttributeCertificateAssertionChoice::Print (ostream &os) const
{
#ifndef NDEBUG
if (tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -132);
+ SnaccExcep::throwMe(-132);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
if (tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -133);
+ SnaccExcep::throwMe(-133);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -134);
+ SnaccExcep::throwMe(-134);
break;
} // end switch
} // AttributeCertificateInfoChoice::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int AttributeCertificateInfoChoice::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AttributeCertificateInfoChoice::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AttributeCertificateInfoChoice::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -135);
+ SnaccExcep::throwMe(-135);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -136);
+ SnaccExcep::throwMe(-136);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -137);
+ SnaccExcep::throwMe(-137);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "CRLToSignSeqOfSeq::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -138);
+ SnaccExcep::throwMe(-138);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int CRLToSignSeqOfSeq::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int CRLToSignSeqOfSeq::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void CRLToSignSeqOfSeq::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "CRLToSignSeqOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -139);
+ SnaccExcep::throwMe(-139);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -140);
+ SnaccExcep::throwMe(-140);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if (tag1 != MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -141);
+ SnaccExcep::throwMe(-141);
}
elmtLen2 = BDecLen (b, seqBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -142);
+ SnaccExcep::throwMe(-142);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -143);
+ SnaccExcep::throwMe(-143);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -144);
+ SnaccExcep::throwMe(-144);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -145);
+ SnaccExcep::throwMe(-145);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -146);
+ SnaccExcep::throwMe(-146);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -147);
+ SnaccExcep::throwMe(-147);
}
if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 1))
if (tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -148);
+ SnaccExcep::throwMe(-148);
}
elmtLen2 = BDecLen (b, seqBytesDecoded, env);
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -149);
+ SnaccExcep::throwMe(-149);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "CertificateToSign::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -150);
+ SnaccExcep::throwMe(-150);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int CertificateToSign::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int CertificateToSign::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void CertificateToSign::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -151);
+ SnaccExcep::throwMe(-151);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -152);
+ SnaccExcep::throwMe(-152);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -153);
+ SnaccExcep::throwMe(-153);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE))
if (tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -154);
+ SnaccExcep::throwMe(-154);
}
elmtLen2 = BDecLen (b, seqBytesDecoded, env);
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -155);
+ SnaccExcep::throwMe(-155);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "CRLToSign::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -156);
+ SnaccExcep::throwMe(-156);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int CRLToSign::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int CRLToSign::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void CRLToSign::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -157);
+ SnaccExcep::throwMe(-157);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -158);
+ SnaccExcep::throwMe(-158);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -159);
+ SnaccExcep::throwMe(-159);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -160);
+ SnaccExcep::throwMe(-160);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -161);
+ SnaccExcep::throwMe(-161);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -162);
+ SnaccExcep::throwMe(-162);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -163);
+ SnaccExcep::throwMe(-163);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AttributeCertificateInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -164);
+ SnaccExcep::throwMe(-164);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int AttributeCertificateInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AttributeCertificateInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AttributeCertificateInfo::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -165);
+ SnaccExcep::throwMe(-165);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -166);
+ SnaccExcep::throwMe(-166);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -167);
+ SnaccExcep::throwMe(-167);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -168);
+ SnaccExcep::throwMe(-168);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Certificate::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -169);
+ SnaccExcep::throwMe(-169);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int Certificate::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int Certificate::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void Certificate::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "CrossCertificates::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -170);
+ SnaccExcep::throwMe(-170);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -171);
+ SnaccExcep::throwMe(-171);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if (tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -172);
+ SnaccExcep::throwMe(-172);
}
elmtLen2 = BDecLen (b, seqBytesDecoded, env);
if (tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -173);
+ SnaccExcep::throwMe(-173);
}
elmtLen2 = BDecLen (b, seqBytesDecoded, env);
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -174);
+ SnaccExcep::throwMe(-174);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "CertificatePair::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -175);
+ SnaccExcep::throwMe(-175);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int CertificatePair::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int CertificatePair::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void CertificatePair::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -176);
+ SnaccExcep::throwMe(-176);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -177);
+ SnaccExcep::throwMe(-177);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -178);
+ SnaccExcep::throwMe(-178);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -179);
+ SnaccExcep::throwMe(-179);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "CertificateList::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -180);
+ SnaccExcep::throwMe(-180);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int CertificateList::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int CertificateList::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void CertificateList::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -181);
+ SnaccExcep::throwMe(-181);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -182);
+ SnaccExcep::throwMe(-182);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -183);
+ SnaccExcep::throwMe(-183);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -184);
+ SnaccExcep::throwMe(-184);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AttributeCertificate::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -185);
+ SnaccExcep::throwMe(-185);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int AttributeCertificate::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AttributeCertificate::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AttributeCertificate::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "CertificationPathSeqOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -186);
+ SnaccExcep::throwMe(-186);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -187);
+ SnaccExcep::throwMe(-187);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ForwardCertificationPath::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -188);
+ SnaccExcep::throwMe(-188);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -189);
+ SnaccExcep::throwMe(-189);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if (tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -190);
+ SnaccExcep::throwMe(-190);
}
elmtLen2 = BDecLen (b, seqBytesDecoded, env);
if (tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -191);
+ SnaccExcep::throwMe(-191);
}
elmtLen2 = BDecLen (b, seqBytesDecoded, env);
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -192);
+ SnaccExcep::throwMe(-192);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ACPathData::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -193);
+ SnaccExcep::throwMe(-193);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ACPathData::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ACPathData::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void ACPathData::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AttributeCertificationPathSeqOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -194);
+ SnaccExcep::throwMe(-194);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -195);
+ SnaccExcep::throwMe(-195);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -196);
+ SnaccExcep::throwMe(-196);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -197);
+ SnaccExcep::throwMe(-197);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "Certificates::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -198);
+ SnaccExcep::throwMe(-198);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int Certificates::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int Certificates::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void Certificates::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -199);
+ SnaccExcep::throwMe(-199);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -200);
+ SnaccExcep::throwMe(-200);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "CertificationPath::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -201);
+ SnaccExcep::throwMe(-201);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int CertificationPath::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int CertificationPath::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void CertificationPath::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -202);
+ SnaccExcep::throwMe(-202);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -203);
+ SnaccExcep::throwMe(-203);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AttributeCertificationPath::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -204);
+ SnaccExcep::throwMe(-204);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int AttributeCertificationPath::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AttributeCertificationPath::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AttributeCertificationPath::Print (ostream &os) const
{
#ifndef NDEBUG
&& (tag1 != MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -205);
+ SnaccExcep::throwMe(-205);
}
elmtLen2 = BDecLen (b, seqBytesDecoded, env);
if (tag1 != MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -206);
+ SnaccExcep::throwMe(-206);
}
elmtLen2 = BDecLen (b, seqBytesDecoded, env);
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -207);
+ SnaccExcep::throwMe(-207);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AttributeCertificateAssertion::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -208);
+ SnaccExcep::throwMe(-208);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int AttributeCertificateAssertion::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AttributeCertificateAssertion::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AttributeCertificateAssertion::Print (ostream &os) const
{
#ifndef NDEBUG
//
// sm_x509ce.cpp - class member functions for ASN.1 module CertificateExtensions
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
}
// ANY type
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -101);
+ SnaccExcep::throwMe(-101);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "PolicyQualifierInfo::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -102);
+ SnaccExcep::throwMe(-102);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int PolicyQualifierInfo::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int PolicyQualifierInfo::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void PolicyQualifierInfo::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AttributesSyntax::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -103);
+ SnaccExcep::throwMe(-103);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -104);
+ SnaccExcep::throwMe(-104);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -105);
+ SnaccExcep::throwMe(-105);
break;
} // end switch
} // DistributionPointName::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int DistributionPointName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int DistributionPointName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void DistributionPointName::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -106);
+ SnaccExcep::throwMe(-106);
}
if ((tag1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE)))
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -107);
+ SnaccExcep::throwMe(-107);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -108);
+ SnaccExcep::throwMe(-108);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "PolicyMappingsSyntaxSeq::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -109);
+ SnaccExcep::throwMe(-109);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int PolicyMappingsSyntaxSeq::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int PolicyMappingsSyntaxSeq::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void PolicyMappingsSyntaxSeq::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "PolicyInformationSeqOf::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -110);
+ SnaccExcep::throwMe(-110);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -111);
+ SnaccExcep::throwMe(-111);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -112);
+ SnaccExcep::throwMe(-112);
}
if ((tag1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -113);
+ SnaccExcep::throwMe(-113);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "PolicyInformation::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -114);
+ SnaccExcep::throwMe(-114);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int PolicyInformation::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int PolicyInformation::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void PolicyInformation::Print (ostream &os) const
{
#ifndef NDEBUG
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -115);
+ SnaccExcep::throwMe(-115);
}
if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 0)))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -116);
+ SnaccExcep::throwMe(-116);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "GeneralSubtree::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -117);
+ SnaccExcep::throwMe(-117);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int GeneralSubtree::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int GeneralSubtree::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void GeneralSubtree::Print (ostream &os) const
{
#ifndef NDEBUG
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -118);
+ SnaccExcep::throwMe(-118);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "DistributionPoint::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -119);
+ SnaccExcep::throwMe(-119);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int DistributionPoint::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int DistributionPoint::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void DistributionPoint::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "CertificatePoliciesSyntax::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -120);
+ SnaccExcep::throwMe(-120);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -121);
+ SnaccExcep::throwMe(-121);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "GeneralSubtrees::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -122);
+ SnaccExcep::throwMe(-122);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -123);
+ SnaccExcep::throwMe(-123);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -124);
+ SnaccExcep::throwMe(-124);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "AuthorityKeyIdentifier::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -125);
+ SnaccExcep::throwMe(-125);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int AuthorityKeyIdentifier::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int AuthorityKeyIdentifier::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void AuthorityKeyIdentifier::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "ExtKeyUsageSyntax::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -126);
+ SnaccExcep::throwMe(-126);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -127);
+ SnaccExcep::throwMe(-127);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -128);
+ SnaccExcep::throwMe(-128);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "PrivateKeyUsagePeriod::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -129);
+ SnaccExcep::throwMe(-129);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int PrivateKeyUsagePeriod::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int PrivateKeyUsagePeriod::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void PrivateKeyUsagePeriod::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "PolicyMappingsSyntax::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -130);
+ SnaccExcep::throwMe(-130);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -131);
+ SnaccExcep::throwMe(-131);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -132);
+ SnaccExcep::throwMe(-132);
}
if ((tag1 == MAKE_TAG_ID (CNTX, PRIM, 0))
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -133);
+ SnaccExcep::throwMe(-133);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "SupportedAlgorithm::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -134);
+ SnaccExcep::throwMe(-134);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int SupportedAlgorithm::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int SupportedAlgorithm::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void SupportedAlgorithm::Print (ostream &os) const
{
#ifndef NDEBUG
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -135);
+ SnaccExcep::throwMe(-135);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "BasicConstraintsSyntax::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -136);
+ SnaccExcep::throwMe(-136);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int BasicConstraintsSyntax::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int BasicConstraintsSyntax::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void BasicConstraintsSyntax::Print (ostream &os) const
{
#ifndef NDEBUG
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -137);
+ SnaccExcep::throwMe(-137);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "NameConstraintsSyntax::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -138);
+ SnaccExcep::throwMe(-138);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int NameConstraintsSyntax::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int NameConstraintsSyntax::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void NameConstraintsSyntax::Print (ostream &os) const
{
#ifndef NDEBUG
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -139);
+ SnaccExcep::throwMe(-139);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "PolicyConstraintsSyntax::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -140);
+ SnaccExcep::throwMe(-140);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int PolicyConstraintsSyntax::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int PolicyConstraintsSyntax::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void PolicyConstraintsSyntax::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "CertPolicySet::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -141);
+ SnaccExcep::throwMe(-141);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -142);
+ SnaccExcep::throwMe(-142);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "CRLDistPointsSyntax::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -143);
+ SnaccExcep::throwMe(-143);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
if ((tag1 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -144);
+ SnaccExcep::throwMe(-144);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -145);
+ SnaccExcep::throwMe(-145);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "IssuingDistPointSyntax::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -146);
+ SnaccExcep::throwMe(-146);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int IssuingDistPointSyntax::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int IssuingDistPointSyntax::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void IssuingDistPointSyntax::Print (ostream &os) const
{
#ifndef NDEBUG
//
// sm_x509cmn.cpp - class member functions for ASN.1 module CommonX509Definitions
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, -101);
+ SnaccExcep::throwMe(-101);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "EDIPartyName::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -102);
+ SnaccExcep::throwMe(-102);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int EDIPartyName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EDIPartyName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EDIPartyName::Print (ostream &os) const
{
#ifndef NDEBUG
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -103);
+ SnaccExcep::throwMe(-103);
break;
} // end switch
} // GeneralName::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int GeneralName::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int GeneralName::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void GeneralName::Print (ostream &os) const
{
#ifndef NDEBUG
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
{
Asn1Error << "GeneralNames::BDec: ERROR - wrong tag" << endl;
- longjmp (env, -104);
+ SnaccExcep::throwMe(-104);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
|| (tag1 == MAKE_TAG_ID (CNTX, PRIM, 8))))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, -105);
+ SnaccExcep::throwMe(-105);
}
elmtLen1 = BDecLen (b, listBytesDecoded, env);
//
// sm_x520sa.cpp - class member functions for ASN.1 module SelectedAttributeTypes
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
#include "pkcs7.h"
#include "pkcs8.h"
#include "appleoids.h"
+#include "pkcs10.h"
//------------------------------------------------------------------------------
// value defs
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, -100);
+ SnaccExcep::throwMe(-100);
break;
} // end switch
} // DirectoryString::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int DirectoryString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int DirectoryString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void DirectoryString::Print (ostream &os) const
{
#ifndef NDEBUG
//
// appleoids.h - class definitions for ASN.1 module APPLE-OIDS
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
class FEEPrimeType;
class FEECurveType;
class DSABsafeParams;
+class DHParameter;
class FEECurveParameters;
class DSAAlgorithmId;
class FEEElGamalSignature;
class DSAPrivateKeyOcts;
class DSASignature;
class DSAAlgParams;
+class DHPrivateKey;
+class DHParameterBlock;
//------------------------------------------------------------------------------
// class definitions:
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
+ void Print (ostream &os) const;
+};
+
+
+class DHParameter: public AsnType
+{
+public:
+ BigIntegerStr prime;
+ BigIntegerStr base;
+ BigIntegerStr *privateValueLength;
+
+ DHParameter();
+ DHParameter (const DHParameter &);
+ virtual ~DHParameter();
+ virtual AsnType *Clone() const;
+
+ virtual AsnType *Copy() const;
+ DHParameter &operator = (const DHParameter &);
+ AsnLen BEncContent (BUF_TYPE b);
+ void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
+
+ AsnLen BEnc (BUF_TYPE b);
+ void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
+ void Print (ostream &os) const;
+};
+
+
+class DHPrivateKey: public AsnType
+{
+public:
+ AsnOid dHOid;
+ DHParameter *params;
+ BigIntegerStr secretPart;
+
+ DHPrivateKey();
+ DHPrivateKey (const DHPrivateKey &);
+ virtual ~DHPrivateKey();
+ virtual AsnType *Clone() const;
+
+ virtual AsnType *Copy() const;
+
+ DHPrivateKey &operator = (const DHPrivateKey &);
+ AsnLen BEncContent (BUF_TYPE b);
+ void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
+
+ AsnLen BEnc (BUF_TYPE b);
+ void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
+ void Print (ostream &os) const;
+};
+
+
+class DHParameterBlock: public AsnType
+{
+public:
+ AsnOid oid;
+ DHParameter *params;
+
+ DHParameterBlock();
+ DHParameterBlock (const DHParameterBlock &);
+ virtual ~DHParameterBlock();
+ virtual AsnType *Clone() const;
+ virtual AsnType *Copy() const;
+
+ DHParameterBlock &operator = (const DHParameterBlock &);
+ AsnLen BEncContent (BUF_TYPE b);
+ void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
+
+ AsnLen BEnc (BUF_TYPE b);
+ void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
void Print (ostream &os) const;
};
#define appleFeedExp AsnOid(appleFeedExp_arc)
#define appleECDSA_arc 1, 2, 840, 113635, 100, 2, 7
#define appleECDSA AsnOid(appleECDSA_arc)
+#define pkcs_3_arc 1, 2, 840, 113549, 1, 3
+#define pkcs_3 AsnOid(pkcs_3_arc)
+#define dhKeyAgreement_arc 1, 2, 840, 113549, 1, 3, 1
+#define dhKeyAgreement AsnOid(dhKeyAgreement_arc)
//------------------------------------------------------------------------------
#endif /* conditional include of appleoids.h */
--- /dev/null
+// NOTE: this is a machine generated file--editing not recommended
+//
+// pkcs10.h - class definitions for ASN.1 module PKCS5
+//
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
+// UBC snacc by Mike Sample
+// A couple of enhancements made by IBM European Networking Center
+
+#ifndef _pkcs10_h_
+#define _pkcs10_h_
+
+
+//------------------------------------------------------------------------------
+// class declarations:
+
+class CertificationRequestInfo;
+class CertificationRequest;
+class CertificationRequestSigned;
+
+//------------------------------------------------------------------------------
+// class definitions:
+
+typedef enum PKCS5AnyId
+{
+
+} PKCS5AnyId;
+
+
+/* INTEGER */
+typedef AsnInt VersionP10;
+
+class CertificationRequestInfo: public AsnType
+{
+public:
+ VersionP10 version;
+ Name *subject;
+ SubjectPublicKeyInfo *subjectPublicKeyInfo;
+ Attributes attributes;
+
+ CertificationRequestInfo();
+ CertificationRequestInfo (const CertificationRequestInfo &);
+ virtual ~CertificationRequestInfo();
+ virtual AsnType *Clone() const;
+
+ virtual AsnType *Copy() const;
+
+ CertificationRequestInfo &operator = (const CertificationRequestInfo &);
+ AsnLen BEncContent (BUF_TYPE b);
+ void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
+
+ AsnLen BEnc (BUF_TYPE b);
+ void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
+ void Print (ostream &os) const;
+};
+
+
+class CertificationRequest: public AsnType
+{
+public:
+ CertificationRequestInfo *certificationRequestInfo;
+ SignatureAlgorithmIdentifier *signatureAlgorithm;
+ Signature signature;
+
+ CertificationRequest();
+ CertificationRequest (const CertificationRequest &);
+ virtual ~CertificationRequest();
+ virtual AsnType *Clone() const;
+
+ virtual AsnType *Copy() const;
+
+ CertificationRequest &operator = (const CertificationRequest &);
+ AsnLen BEncContent (BUF_TYPE b);
+ void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
+
+ AsnLen BEnc (BUF_TYPE b);
+ void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
+ void Print (ostream &os) const;
+};
+
+
+class CertificationRequestSigned: public AsnType
+{
+public:
+ AsnAny certificationRequestInfo;
+ SignatureAlgorithmIdentifier *signatureAlgorithm;
+ Signature signature;
+
+ CertificationRequestSigned();
+ CertificationRequestSigned (const CertificationRequestSigned &);
+ virtual ~CertificationRequestSigned();
+ virtual AsnType *Clone() const;
+
+ virtual AsnType *Copy() const;
+
+ CertificationRequestSigned &operator = (const CertificationRequestSigned &);
+ AsnLen BEncContent (BUF_TYPE b);
+ void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
+
+ AsnLen BEnc (BUF_TYPE b);
+ void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
+ void Print (ostream &os) const;
+};
+
+
+//------------------------------------------------------------------------------
+// externs for value defs
+
+//------------------------------------------------------------------------------
+
+#endif /* conditional include of pkcs10.h */
//
// pkcs1oids.h - class definitions for ASN.1 module PKCS1-OIDS
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
//
// pkcs7.h - class definitions for ASN.1 module PKCS7
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
//
// pkcs8.h - class definitions for ASN.1 module PrivateKeyInformationSyntax
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
//
// pkcs9oids.h - class definitions for ASN.1 module PKCS9-OIDS
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
//
// sm_cms.h - class definitions for ASN.1 module CryptographicMessageSyntax
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
//
// sm_ess.h - class definitions for ASN.1 module ExtendedSecurityServices
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
//
// sm_vdatypes.h - class definitions for ASN.1 module VdaEnhancedTypes
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
//
// sm_x411mtsas.h - class definitions for ASN.1 module MTSAbstractService
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
//
// sm_x411ub.h - class definitions for ASN.1 module UpperBounds
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
//
// sm_x501if.h - class definitions for ASN.1 module InformationFramework
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
//
// sm_x501ud.h - class definitions for ASN.1 module UsefulDefinitions
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
//
// sm_x509af.h - class definitions for ASN.1 module AuthenticationFramework
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
//
// sm_x509ce.h - class definitions for ASN.1 module CertificateExtensions
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
//
// sm_x509cmn.h - class definitions for ASN.1 module CommonX509Definitions
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
//
// sm_x520sa.h - class definitions for ASN.1 module SelectedAttributeTypes
//
-// This file was generated by snacc on Wed Jun 27 16:40:55 2001
+// This file was generated by snacc on Mon Apr 22 22:34:19 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
MacOS X Porting notes
- 20 June 2001 dmitch
+ 20 March 2002 dmitch
-- snacc.pbproj contains the following targets:
world: aggregate target, builds UnixBuild and snaccRuntime
UnixBuild: Legacy target, invokes MacOSX-Install, a custom
- script to config and build the snacc compiler and the
- Unix versions of the various libraries. This does not install
- the snacc binary; maybe it should.
-
- Due to many brain dead Makefiles, this target always rebuilds
- a ton of stuff even if nothing has changed. Feel free to rewrite
- all the Makefiles to fix this.
-
- snaccRuntime: builds the runtime support library as an OSX
+ script to config and build the snacc compiler. This does
+ not install the snacc binary; maybe it should.
+
+ snaccRuntime: builds the runtime support library as an OSX
framework using the same source as c++-lib. Currently
obsolete; this is now part of Security.framework.
-
+
+ asn-useful - recompiles the sole ASN1 source in this modules
+ asn-usefule.asn1. Do this after building and installing
+ a new compiler.
+
-- There are a few header files which have duplicate copies
in the snacc-1.3vda root directory and in c++-lib/inc. They're
needed in the root by the compiler build and various configure
-- When running the snacc compiler to generate C++ source, you
must specify the (undocumented) -D argument to enable VDADER_RULES.
When compiling that source, you must do a -DVDADER_RULES.
+
+-- As of 20 March 2002, the BDec routines now throw SnaccExcep exceptions;
+ there are no more setjmp/longjmp catchers. This is controlled by the
+ SNACC_EXCEPTION_ENABLE flag found in both asn-config.h files.
+
+-- As of 20 March 2002, there are no more BEncPdu or BDecPdu functions
+ anywhere. These were convenience routines and added about 47 KBytes
+ to Security.framework. This is controlled by the SNACC_ENABLE_PDU
+ flag found in both asn-config.h files.
+
\ No newline at end of file
# Created and modified by checkpoint; do not edit
# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:14:04 mb Exp $
-# $Name: Security-30~1 $
+# $Name: $
ProjectName: SecuritySNACCRuntime
ProjectVersion: 6.1
export CFLAGS="-DMACOS -DYYTEXT_POINTER"
export srcdir=`pwd`
echo === running configure....
+chmod a+x configure
./configure
rm -f c++-lib/inc/config.h
cp -p config.h c++-lib/inc
echo === running make depend for $srcdir....
make depend srcdir=$srcdir
-echo === running make all....
+echo === running make compiler....
#make all srcdir=$srcdir
make compiler srcdir=$srcdir
echo === Cleaning snacc source via Makefile ===
(cd $(SRCROOT); make clean srcdir=$(SRCROOT))
+#
+# used very infrequently to recompile asn-useful.asn
+#
+asn-useful:
+ (cd c++-lib; \
+ rm -f inc/asn-useful src/asn-useful.cpp c++/asn-useful.cpp stamp-useful; \
+ make stamp-useful; \
+ cp src/asn-useful.cpp c++)
+
# FIXME - install?
//
//
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-any.cpp,v 1.3 2001/06/27 23:09:14 dmitch Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-any.cpp,v 1.4 2002/03/21 05:38:44 dmitch Exp $
// $Log: asn-any.cpp,v $
+// Revision 1.4 2002/03/21 05:38:44 dmitch
+// Radar 2868524: no more setjmp/longjmp in SNACC-generated code.
+//
+// Revision 1.3.44.1 2002/03/20 00:36:48 dmitch
+// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp.
+//
// Revision 1.3 2001/06/27 23:09:14 dmitch
// Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration.
//
AsnAny::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env)
{
if (ai == NULL)
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-81);
+ #else
longjmp (env, -81);
-
+ #endif
+
// XXX This is wrong.
value = static_cast<CSM_Buffer *>(ai->typeToClone->Clone());
if (value == NULL)
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-82);
+ #else
longjmp (env, -82);
+ #endif
else
value->BDec (b, bytesDecoded, env);
}
// useful, but WITHOUT ANY WARRANTY; without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-bits.cpp,v 1.3 2001/06/28 23:36:11 dmitch Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-bits.cpp,v 1.4 2002/03/21 05:38:44 dmitch Exp $
// $Log: asn-bits.cpp,v $
+// Revision 1.4 2002/03/21 05:38:44 dmitch
+// Radar 2868524: no more setjmp/longjmp in SNACC-generated code.
+//
+// Revision 1.3.44.1 2002/03/20 00:36:48 dmitch
+// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp.
+//
// Revision 1.3 2001/06/28 23:36:11 dmitch
// Removed SccsId statics. numToHexCharTblG table now const. Radar 2705410.
//
if (b.ReadError())
{
Asn1Error << "BDecBitString: ERROR - decoded past end of data" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-1);
+ #else
longjmp (env, -1);
+ #endif
}
}
&& (tag != MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE)))
{
Asn1Error << "AsnBits::BDec: ERROR tag on BIT STRING is wrong." << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-50);
+ #else
longjmp (env,-50);
+ #endif
}
elmtLen = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen, bytesDecoded, env);
* on last piece of bits string
*/
Asn1Error << "BDecConsBitString: ERROR - a component of a constructed BIT STRING that is not the last has non-zero unused bits" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-2);
+ #else
longjmp (env, -2);
+ #endif
}
if (elmtLen1 != 0)
if (refdLen == 0) /* end of data */
{
Asn1Error << "BDecConsOctetString: ERROR - expecting more data" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-3);
+ #else
longjmp (env, -3);
+ #endif
}
refdLen = lenToRef - totalRefdLen;
}
else /* wrong tag */
{
Asn1Error << "BDecConsBitString: ERROR - decoded non-BIT STRING tag inside a constructed BIT STRING" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-4);
+ #else
longjmp (env, -4);
+ #endif
}
} /* end of for */
size_t octetLen = (bitLen+7)/8;
os << "'";
- for (int i = 0; i < octetLen; i++)
+ for (unsigned i = 0; i < octetLen; i++)
os << TO_HEX (bits[i] >> 4) << (TO_HEX (bits[i]));
os << "'H -- BIT STRING bitlen = " << bitLen << " --";
#endif /* NDEBUG */
// useful, but WITHOUT ANY WARRANTY; without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-bool.cpp,v 1.2 2001/06/27 23:09:14 dmitch Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-bool.cpp,v 1.3 2002/03/21 05:38:44 dmitch Exp $
// $Log: asn-bool.cpp,v $
+// Revision 1.3 2002/03/21 05:38:44 dmitch
+// Radar 2868524: no more setjmp/longjmp in SNACC-generated code.
+//
+// Revision 1.2.44.1 2002/03/20 00:36:49 dmitch
+// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp.
+//
// Revision 1.2 2001/06/27 23:09:14 dmitch
// Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration.
//
if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (UNIV, PRIM, BOOLEAN_TAG_CODE))
{
Asn1Error << "AsnBool::BDec: ERROR tag on BOOLEAN wrong." << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-51);
+ #else
longjmp (env, -51);
+ #endif
}
elmtLen = BDecLen (b, bytesDecoded, env);
if (elmtLen != 1)
{
Asn1Error << "AsnBool::BDecContent: ERROR - boolean value too long." << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-5);
+ #else
longjmp (env, -5);
+ #endif
}
value = (b.GetByte() != 0);
if (b.ReadError())
{
Asn1Error << "AsnBool::BDecContent: ERROR - decoded past end of data " << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-6);
+ #else
longjmp (env, -6);
+ #endif
}
}
// useful, but WITHOUT ANY WARRANTY; without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-enum.cpp,v 1.2 2001/06/26 23:49:52 dmitch Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-enum.cpp,v 1.3 2002/03/21 05:38:44 dmitch Exp $
// $Log: asn-enum.cpp,v $
+// Revision 1.3 2002/03/21 05:38:44 dmitch
+// Radar 2868524: no more setjmp/longjmp in SNACC-generated code.
+//
+// Revision 1.2.44.1 2002/03/20 00:36:49 dmitch
+// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp.
+//
// Revision 1.2 2001/06/26 23:49:52 dmitch
// Was cerr, is Asn1Error.
//
if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (UNIV, PRIM, ENUM_TAG_CODE))
{
Asn1Error << "AsnEnum::BDec: ERROR tag on ENUMERATED is wrong." << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-52);
+ #else
longjmp (env,-52);
+ #endif
}
elmtLen = BDecLen (b, bytesDecoded, env);
// useful, but WITHOUT ANY WARRANTY; without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-int.cpp,v 1.2 2001/06/27 23:09:14 dmitch Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-int.cpp,v 1.3 2002/03/21 05:38:44 dmitch Exp $
// $Log: asn-int.cpp,v $
+// Revision 1.3 2002/03/21 05:38:44 dmitch
+// Radar 2868524: no more setjmp/longjmp in SNACC-generated code.
+//
+// Revision 1.2.44.1 2002/03/20 00:36:49 dmitch
+// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp.
+//
// Revision 1.2 2001/06/27 23:09:14 dmitch
// Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration.
//
AsnLen AsnInt::BEncContent (BUF_TYPE b)
{
AsnLen len;
- int i;
+ unsigned i;
AsnUIntType mask;
AsnUIntType dataCpy;
// integer value.
void AsnInt::BDecContent (BUF_TYPE b, AsnTag tagId, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env)
{
- int i;
+ unsigned i;
AsnUIntType byte;
if (elmtLen > sizeof (AsnIntType))
{
Asn1Error << "AsnInt::BDecContent: ERROR - integer is too big to decode." << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-7);
+ #else
longjmp (env, -7);
+ #endif
}
/*
if (b.ReadError())
{
Asn1Error << "AsnInt::BDecContent: ERROR - decoded past end of data." << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-8);
+ #else
longjmp (env, -8);
+ #endif
}
if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
{
Asn1Error << "AsnInt::BDec: ERROR tag on INTEGER is wrong." << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-53);
+ #else
longjmp (env,-53);
+ #endif
}
elmtLen = BDecLen (b, bytesDecoded, env);
// useful, but WITHOUT ANY WARRANTY; without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-len.cpp,v 1.1.1.1 2001/05/18 23:14:05 mb Exp $
-// $Log: asn-len.cpp,v $
-// Revision 1.1.1.1 2001/05/18 23:14:05 mb
-// Move from private repository to open source repository
-//
-// Revision 1.2 2001/05/05 00:59:17 rmurphy
-// Adding darwin license headers
-//
-// Revision 1.1 2000/06/15 18:44:57 dmitch
-// These snacc-generated source files are now checked in to allow cross-platform build.
-//
-// Revision 1.2 2000/06/08 20:05:35 dmitch
-// Mods for X port. These files are actually machine generated and probably don't need to be in CVS....
-//
-// Revision 1.1.1.1 2000/03/09 01:00:06 rmurphy
-// Base Fortissimo Tree
-//
-// Revision 1.1 1999/02/25 05:21:51 mb
-// Added snacc c++ library
-//
-// Revision 1.5 1997/02/16 20:26:04 rj
-// check-in of a few cosmetic changes
-//
-// Revision 1.4 1995/07/24 20:33:15 rj
-// changed `_' to `-' in file names.
-//
-// Revision 1.3 1994/10/08 04:18:24 rj
-// code for meta structures added (provides information about the generated code itself).
-//
-// code for Tcl interface added (makes use of the above mentioned meta code).
-//
-// virtual inline functions (the destructor, the Clone() function, BEnc(), BDec() and Print()) moved from inc/*.h to src/*.C because g++ turns every one of them into a static non-inline function in every file where the .h file gets included.
-//
-// made Print() const (and some other, mainly comparison functions).
-//
-// several `unsigned long int' turned into `size_t'.
-//
-// Revision 1.2 1994/08/28 10:01:13 rj
-// comment leader fixed.
-//
-// Revision 1.1 1994/08/28 09:21:00 rj
-// first check-in. for a list of changes to the snacc-1.1 distribution please refer to the ChangeLog.
#include "asn-config.h"
#include "asn-len.h"
{
AsnLen len;
unsigned char byte;
- int lenBytes;
+ unsigned lenBytes;
byte = b.GetByte();
if (b.ReadError())
{
Asn1Error << "BDecLen: decoded past end of data" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-9);
+ #else
longjmp (env, -9);
+ #endif
}
bytesDecoded++;
if (lenBytes > sizeof (long int))
{
Asn1Error << "BDecLen: ERROR - length overflow" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-10);
+ #else
longjmp (env, -10);
+ #endif
}
bytesDecoded += lenBytes;
if (b.ReadError())
{
Asn1Error << "BDecLen: decoded past end of data" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-11);
+ #else
longjmp (env, -11);
+ #endif
}
return len;
if ((b.GetByte() != 0) || (b.GetByte() != 0) || b.ReadError())
{
Asn1Error << "BDecEoc: ERROR - non zero byte in EOC or end of data reached" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-12);
+ #else
longjmp (env, -12);
+ #endif
}
bytesDecoded += 2;
} /* BDecEoc */
// useful, but WITHOUT ANY WARRANTY; without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-null.cpp,v 1.2 2001/06/27 23:09:14 dmitch Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-null.cpp,v 1.3 2002/03/21 05:38:44 dmitch Exp $
// $Log: asn-null.cpp,v $
+// Revision 1.3 2002/03/21 05:38:44 dmitch
+// Radar 2868524: no more setjmp/longjmp in SNACC-generated code.
+//
+// Revision 1.2.44.1 2002/03/20 00:36:49 dmitch
+// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp.
+//
// Revision 1.2 2001/06/27 23:09:14 dmitch
// Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration.
//
if (elmtLen != 0)
{
Asn1Error << "AsnNull::BDecContent: ERROR - NULL values len is non-zero" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-13);
+ #else
longjmp (env, -13);
+ #endif
}
} /* AsnNull::BDecContent */
if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (UNIV, PRIM, NULLTYPE_TAG_CODE))
{
Asn1Error << "AsnNull::BDec: ERROR tag on NULL is wrong." << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-55);
+ #else
longjmp (env, -55);
+ #endif
}
elmtLen = BDecLen (b, bytesDecoded, env);
// useful, but WITHOUT ANY WARRANTY; without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-octs.cpp,v 1.2 2001/06/27 23:09:15 dmitch Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-octs.cpp,v 1.3 2002/03/21 05:38:44 dmitch Exp $
// $Log: asn-octs.cpp,v $
+// Revision 1.3 2002/03/21 05:38:44 dmitch
+// Radar 2868524: no more setjmp/longjmp in SNACC-generated code.
+//
+// Revision 1.2.44.1 2002/03/20 00:36:49 dmitch
+// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp.
+//
// Revision 1.2 2001/06/27 23:09:15 dmitch
// Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration.
//
void AsnOcts::Print (ostream &os) const
{
#ifndef NDEBUG
- int i;
+ unsigned i;
os << "'";
for (i = 0; i < octetLen; i++)
os << TO_HEX (octs[i] >> 4) << (TO_HEX (octs[i]));
if (b.ReadError())
{
Asn1Error << "BDecOctetString: ERROR - decoded past end of data" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-14);
+ #else
longjmp (env, -14);
+ #endif
}
/* add null terminator - this is not included in the str's len */
(tag != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE)))
{
Asn1Error << "AsnOcts::BDec: ERROR tag on OCTET STRING is wrong." << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-56);
+ #else
longjmp (env,-56);
+ #endif
}
elmtLen = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen, bytesDecoded, env);
if (refdLen == 0) /* end of data */
{
Asn1Error << "BDecConsOctetString: ERROR - attempt to decode past end of data" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-15);
+ #else
longjmp (env, -15);
+ #endif
}
refdLen = elmtLen1 - totalRefdLen;
}
else /* wrong tag */
{
Asn1Error << "BDecConsOctetString: ERROR - decoded non-OCTET STRING tag inside a constructed OCTET STRING" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-16);
+ #else
longjmp (env, -16);
+ #endif
}
} /* end of for */
// useful, but WITHOUT ANY WARRANTY; without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-oid.cpp,v 1.3 2001/06/27 23:09:15 dmitch Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-oid.cpp,v 1.4 2002/03/21 05:38:45 dmitch Exp $
// $Log: asn-oid.cpp,v $
+// Revision 1.4 2002/03/21 05:38:45 dmitch
+// Radar 2868524: no more setjmp/longjmp in SNACC-generated code.
+//
+// Revision 1.3.44.1 2002/03/20 00:36:50 dmitch
+// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp.
+//
// Revision 1.3 2001/06/27 23:09:15 dmitch
// Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration.
//
// write bytes except the last/least significant of the head arc number
// more bit is on
totalLen = elmtLen;
- int i;
+ unsigned i;
for (i = 1; i < elmtLen; i++)
{
*(tmpBuf++) = 0x80 | (headArcNum >> ((elmtLen-i)*7));
;
totalLen += elmtLen;
tmpArcNum = arcNumArr[i];
- for (int j = 1; j < elmtLen; j++)
+ for (unsigned j = 1; j < elmtLen; j++)
{
*(tmpBuf++) = 0x80 | (tmpArcNum >> ((elmtLen-j)*7));
}
// returns the number of arc numbers in the OID value
unsigned long int AsnOid::NumArcs() const
{
- int i;
+ unsigned i;
int numArcs;
for (numArcs=0, i=0; i < octetLen; )
if (b.ReadError())
{
Asn1Error << "BDecOctetString: ERROR - decoded past end of data" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-17);
+ #else
longjmp (env, -17);
+ #endif
}
bytesDecoded += elmtLen;
} /* AsnOid::BDecContent */
if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))
{
Asn1Error << "AsnOid::BDec: ERROR tag on OBJECT IDENTIFIER is wrong." << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-57);
+ #else
longjmp (env,-57);
+ #endif
}
elmtLen = BDecLen (b, bytesDecoded, env);
#ifndef NDEBUG
unsigned short int firstArcNum;
unsigned long int arcNum;
- int i;
+ unsigned i;
// print oid in
os << "{";
// useful, but WITHOUT ANY WARRANTY; without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-real.cpp,v 1.3 2001/06/27 23:09:15 dmitch Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-real.cpp,v 1.4 2002/03/21 05:38:45 dmitch Exp $
// $Log: asn-real.cpp,v $
+// Revision 1.4 2002/03/21 05:38:45 dmitch
+// Radar 2868524: no more setjmp/longjmp in SNACC-generated code.
+//
+// Revision 1.3.44.1 2002/03/20 00:36:50 dmitch
+// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp.
+//
// Revision 1.3 2001/06/27 23:09:15 dmitch
// Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration.
//
{
double d;
unsigned char *c;
- int i;
+ unsigned i;
c = (unsigned char*)&d;
c[0] = 0x7f;
unsigned int expLen;
int sign;
unsigned char buf[sizeof (double)];
- int i, mantissaLen;
+ unsigned i, mantissaLen;
unsigned char firstOctet;
/* no contents for 0.0 reals */
for (i = expLen; i > 0; i--)
{
b.PutByteRvs (exponent);
- exponent >> 8;
+ exponent >>= 8;
}
/* write the exponents length if nec */
{
unsigned char firstOctet;
unsigned char firstExpOctet;
- int i;
+ unsigned i;
unsigned int expLen;
double mantissa;
unsigned short base;
else
{
Asn1Error << "AsnReal::BDecContent: ERROR - unrecognized 1 octet length real number" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-18);
+ #else
longjmp (env, -18);
+ #endif
}
}
else
default:
Asn1Error << "AsnReal::BDecContent: ERROR - unsupported base for a binary real number." << endl;
- longjmp (env, -19);
- break;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-19);
+ #else
+ longjmp (env, -19);
+ #endif
+ break;
}
else /* decimal version */
{
Asn1Error << "AsnReal::BDecContent: ERROR - decimal REAL form is not currently supported" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-20);
+ #else
longjmp (env, -20);
+ #endif
}
}
if (BDecTag (b, bytesDecoded, env) != MAKE_TAG_ID (UNIV, PRIM, REAL_TAG_CODE))
{
Asn1Error << "AsnReal::BDec: ERROR tag on REAL is wrong." << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-58);
+ #else
longjmp (env,-58);
+ #endif
}
elmtLen = BDecLen (b, bytesDecoded, env);
// useful, but WITHOUT ANY WARRANTY; without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-tag.cpp,v 1.1.1.1 2001/05/18 23:14:06 mb Exp $
-// $Log: asn-tag.cpp,v $
-// Revision 1.1.1.1 2001/05/18 23:14:06 mb
-// Move from private repository to open source repository
-//
-// Revision 1.2 2001/05/05 00:59:17 rmurphy
-// Adding darwin license headers
-//
-// Revision 1.1 2000/06/15 18:44:58 dmitch
-// These snacc-generated source files are now checked in to allow cross-platform build.
-//
-// Revision 1.2 2000/06/08 20:05:36 dmitch
-// Mods for X port. These files are actually machine generated and probably don't need to be in CVS....
-//
-// Revision 1.1.1.1 2000/03/09 01:00:06 rmurphy
-// Base Fortissimo Tree
-//
-// Revision 1.1 1999/02/25 05:21:54 mb
-// Added snacc c++ library
-//
-// Revision 1.6 1997/09/03 12:10:30 wan
-// Patch to tag decoding for tags > 2^14 (thanks to Enrico Badella)
-//
-// Revision 1.5 1997/02/16 20:26:06 rj
-// check-in of a few cosmetic changes
-//
-// Revision 1.4 1995/07/24 20:33:17 rj
-// changed `_' to `-' in file names.
-//
-// Revision 1.3 1994/10/08 04:18:30 rj
-// code for meta structures added (provides information about the generated code itself).
-//
-// code for Tcl interface added (makes use of the above mentioned meta code).
-//
-// virtual inline functions (the destructor, the Clone() function, BEnc(), BDec() and Print()) moved from inc/*.h to src/*.C because g++ turns every one of them into a static non-inline function in every file where the .h file gets included.
-//
-// made Print() const (and some other, mainly comparison functions).
-//
-// several `unsigned long int' turned into `size_t'.
-//
-// Revision 1.2 1994/08/28 10:01:20 rj
-// comment leader fixed.
-//
-// Revision 1.1 1994/08/28 09:21:09 rj
-// first check-in. for a list of changes to the snacc-1.1 distribution please refer to the ChangeLog.
#include "asn-config.h"
#include "asn-len.h"
{
AsnTag tagId;
AsnTag tmpTagId;
- int i;
+ unsigned i;
tagId = ((AsnTag) b.GetByte()) << ((sizeof (AsnTag)-1) *8);
bytesDecoded++;
if (i > (sizeof (AsnTag)+1))
{
Asn1Error << "BDecTag: ERROR - tag value overflow" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-21);
+ #else
longjmp (env, -21);
+ #endif
}
}
if (b.ReadError())
{
Asn1Error << "BDecTag: ERROR - decoded past the end of data" << endl;
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-22);
+ #else
longjmp (env, -22);
+ #endif
}
return tagId;
//
// MS 92
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-type.cpp,v 1.2 2001/06/27 23:09:15 dmitch Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/asn-type.cpp,v 1.3 2002/03/21 05:38:45 dmitch Exp $
// $Log: asn-type.cpp,v $
+// Revision 1.3 2002/03/21 05:38:45 dmitch
+// Radar 2868524: no more setjmp/longjmp in SNACC-generated code.
+//
+// Revision 1.2.44.1 2002/03/20 00:36:50 dmitch
+// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp.
+//
// Revision 1.2 2001/06/27 23:09:15 dmitch
// Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration.
//
void AsnType::BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env)
{
Asn1Error << "ERROR - Attempt to decode an improperly formed ANY type (programming error)." << endl;
- longjmp (env, -80);
+ #if SNACC_EXCEPTION_ENABLE
+ SnaccExcep::throwMe(-80);
+ #else
+ longjmp (env, -80);
+ #endif
}
AsnLen AsnType::BEnc (BUF_TYPE b)
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
// NOTE: this is a machine generated file--editing not recommended
//
// asn-useful.cpp - class member functions for ASN.1 module ASN-USEFUL
//
-// This file was generated by snacc on Wed Jun 14 14:50:26 2000
+// This file was generated by snacc on Wed Mar 20 11:39:57 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
&& (tag != MAKE_TAG_ID (UNIV, CONS, OD_TAG_CODE)))
{
Asn1Error << "ObjectDescriptor::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 50);
+ SnaccExcep::throwMe(50);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ObjectDescriptor::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ObjectDescriptor::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *UTF8String::Clone() const
{
return new UTF8String;
&& (tag != MAKE_TAG_ID (UNIV, CONS, 12)))
{
Asn1Error << "UTF8String::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 49);
+ SnaccExcep::throwMe(49);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int UTF8String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int UTF8String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *NumericString::Clone() const
{
return new NumericString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, NUMERICSTRING_TAG_CODE)))
{
Asn1Error << "NumericString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 48);
+ SnaccExcep::throwMe(48);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int NumericString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int NumericString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *PrintableString::Clone() const
{
return new PrintableString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, PRINTABLESTRING_TAG_CODE)))
{
Asn1Error << "PrintableString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 47);
+ SnaccExcep::throwMe(47);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int PrintableString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int PrintableString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *TeletexString::Clone() const
{
return new TeletexString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, TELETEXSTRING_TAG_CODE)))
{
Asn1Error << "TeletexString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 46);
+ SnaccExcep::throwMe(46);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int TeletexString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int TeletexString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *T61String::Clone() const
{
return new T61String;
&& (tag != MAKE_TAG_ID (UNIV, CONS, TELETEXSTRING_TAG_CODE)))
{
Asn1Error << "T61String::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 45);
+ SnaccExcep::throwMe(45);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int T61String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int T61String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *VideotexString::Clone() const
{
return new VideotexString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, VIDEOTEXSTRING_TAG_CODE)))
{
Asn1Error << "VideotexString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 44);
+ SnaccExcep::throwMe(44);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int VideotexString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int VideotexString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *IA5String::Clone() const
{
return new IA5String;
&& (tag != MAKE_TAG_ID (UNIV, CONS, IA5STRING_TAG_CODE)))
{
Asn1Error << "IA5String::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 43);
+ SnaccExcep::throwMe(43);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int IA5String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int IA5String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *GraphicString::Clone() const
{
return new GraphicString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, GRAPHICSTRING_TAG_CODE)))
{
Asn1Error << "GraphicString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 42);
+ SnaccExcep::throwMe(42);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int GraphicString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int GraphicString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *VisibleString::Clone() const
{
return new VisibleString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, VISIBLESTRING_TAG_CODE)))
{
Asn1Error << "VisibleString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 41);
+ SnaccExcep::throwMe(41);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int VisibleString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int VisibleString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *ISO646String::Clone() const
{
return new ISO646String;
&& (tag != MAKE_TAG_ID (UNIV, CONS, VISIBLESTRING_TAG_CODE)))
{
Asn1Error << "ISO646String::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 40);
+ SnaccExcep::throwMe(40);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ISO646String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ISO646String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *GeneralString::Clone() const
{
return new GeneralString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, GENERALSTRING_TAG_CODE)))
{
Asn1Error << "GeneralString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 39);
+ SnaccExcep::throwMe(39);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int GeneralString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int GeneralString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *UTCTime::Clone() const
{
return new UTCTime;
&& (tag != MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE)))
{
Asn1Error << "UTCTime::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 38);
+ SnaccExcep::throwMe(38);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int UTCTime::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int UTCTime::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *GeneralizedTime::Clone() const
{
return new GeneralizedTime;
&& (tag != MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE)))
{
Asn1Error << "GeneralizedTime::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 37);
+ SnaccExcep::throwMe(37);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int GeneralizedTime::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int GeneralizedTime::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *UniversalString::Clone() const
{
return new UniversalString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, UNIVERSALSTRING_TAG_CODE)))
{
Asn1Error << "UniversalString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 36);
+ SnaccExcep::throwMe(36);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int UniversalString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int UniversalString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *BMPString::Clone() const
{
return new BMPString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, BMPSTRING_TAG_CODE)))
{
Asn1Error << "BMPString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 35);
+ SnaccExcep::throwMe(35);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int BMPString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int BMPString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
EXTERNALChoice::EXTERNALChoice()
{
choiceId = single_ASN1_typeCid;
&& (tag != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, 34);
+ SnaccExcep::throwMe(34);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, 33);
+ SnaccExcep::throwMe(33);
break;
} // end switch
} // EXTERNALChoice::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int EXTERNALChoice::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EXTERNALChoice::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EXTERNALChoice::Print (ostream &os) const
{
-#ifndef NDEBUG
+#ifndef NDEBUG
switch (choiceId)
{
case single_ASN1_typeCid:
break;
} // end of switch
- #endif /* NDEBUG */
+#endif /* NDEBUG */
} // EXTERNALChoice::Print
EXTERNAL::EXTERNAL()
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, 32);
+ SnaccExcep::throwMe(32);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, 31);
+ SnaccExcep::throwMe(31);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, EXTERNAL_TAG_CODE))
{
Asn1Error << "EXTERNAL::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 30);
+ SnaccExcep::throwMe(30);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int EXTERNAL::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EXTERNAL::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EXTERNAL::Print (ostream &os) const
{
-#ifndef NDEBUG
+#ifndef NDEBUG
os << "{ -- SEQUENCE --" << endl;
indentG += stdIndentG;
indentG -= stdIndentG;
Indent (os, indentG);
os << "}";
- #endif /* NDEBUG */
+#endif /* NDEBUG */
} // EXTERNAL::Print
// useful, but WITHOUT ANY WARRANTY; without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/str-stk.cpp,v 1.1.1.1 2001/05/18 23:14:06 mb Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/c++/str-stk.cpp,v 1.2 2002/02/07 04:30:04 mb Exp $
// $Log: str-stk.cpp,v $
+// Revision 1.2 2002/02/07 04:30:04 mb
+// Fixes required to build with gcc3.
+// Merged from branch PR-2848996
+// Bug #: 2848996
+// Submitted by:
+// Reviewed by: Turly O'Connor <turly@apple.com>
+//
+// Revision 1.1.1.1.12.1 2002/02/06 23:45:03 mb
+// Changes to allow building with gcc3
+//
// Revision 1.1.1.1 2001/05/18 23:14:06 mb
// Move from private repository to open source repository
//
struct Elmt *tmpStk;
// alloc bigger stack and copy old elmts to it
tmpStk = new struct Elmt[size + growSize];
- for (int i = 0; i < size; i++)
+ for (size_t i = 0; i < size; i++)
tmpStk[i] = stk[i];
delete stk;
stk = tmpStk;
-c++/asn-any.o: src/asn-any.cpp inc/asn-incl.h inc/asn-config.h \
- /usr/include/ctype.h /usr/include/runetype.h \
- /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
- /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-int.h \
- inc/asn-bool.h inc/asn-real.h inc/asn-oid.h inc/asn-octs.h \
- inc/asn-bits.h inc/str-stk.h inc/asn-enum.h inc/asn-null.h \
- inc/asn-any.h inc/hash.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/threading.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utilities.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssm.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmtype.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmconfig.h \
- /System/Library/Frameworks/CarbonCore.framework/Headers/ConditionalMacros.h \
- /System/Library/Frameworks/CarbonCore.framework/Headers/MacTypes.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/emmtype.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapi.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmerr.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapple.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utility_config.h \
- /usr/include/gcc/darwin/2.95.2/g++/../assert.h \
- /usr/include/gcc/darwin/2.95.2/g++/exception \
- /usr/include/gcc/darwin/2.95.2/g++/new \
- /usr/include/gcc/darwin/2.95.2/g++/string \
- /usr/include/gcc/darwin/2.95.2/g++/std/bastring.h \
- /usr/include/gcc/darwin/2.95.2/g++/cstddef \
- /usr/include/gcc/darwin/2.95.2/g++/std/straits.h \
- /usr/include/gcc/darwin/2.95.2/g++/cctype \
- /usr/include/gcc/darwin/2.95.2/g++/cstring \
- /usr/include/gcc/darwin/2.95.2/g++/alloc.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_config.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_alloc.h \
- /usr/include/gcc/darwin/2.95.2/g++/iterator \
- /usr/include/gcc/darwin/2.95.2/g++/stl_relops.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_iterator.h \
- /usr/include/gcc/darwin/2.95.2/g++/cassert \
- /usr/include/gcc/darwin/2.95.2/g++/std/bastring.cc \
- /usr/include/errno.h /usr/include/sys/errno.h \
- /System/Library/Frameworks/System.framework/Headers/pthread.h \
- /System/Library/Frameworks/System.framework/Headers/pthread_impl.h \
- /System/Library/Frameworks/System.framework/Headers/sched.h \
- /usr/include/time.h \
- /usr/include/gcc/darwin/2.95.2/g++/../machine/limits.h \
- /usr/include/ppc/limits.h \
- /System/Library/Frameworks/System.framework/Headers/mach/mach_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/host_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_statistics.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine.h \
- /System/Library/Frameworks/System.framework/Headers/mach/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/time_value.h \
- /System/Library/Frameworks/System.framework/Headers/mach/memory_object_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/port.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/exception_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_state.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_state.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/exception.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/exception.h \
- /System/Library/Frameworks/System.framework/Headers/mach/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/task_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/policy.h \
- /System/Library/Frameworks/System.framework/Headers/mach/task_special_ports.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_special_ports.h \
- /System/Library/Frameworks/System.framework/Headers/mach/clock_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_attributes.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_inherit.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_behavior.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_prot.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_sync.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_region.h \
- /System/Library/Frameworks/System.framework/Headers/mach/prof_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/kmod.h \
- /System/Library/Frameworks/System.framework/Headers/mach/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/std_types.h \
- /usr/include/limits.h /usr/include/sys/syslimits.h \
- /usr/include/sys/time.h inc/asn-useful.h inc/print.h \
- inc/sm_vdasnacc.h
-c++/asn-bits.o: src/asn-bits.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-bits.h \
- inc/str-stk.h
-c++/asn-bool.o: src/asn-bool.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-bool.h
-c++/asn-enum.o: src/asn-enum.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-int.h \
- inc/asn-enum.h
-c++/asn-int.o: src/asn-int.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-int.h
-c++/asn-len.o: src/asn-len.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h
-c++/asn-list.o: src/asn-list.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-list.h
-c++/asn-null.o: src/asn-null.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-null.h
-c++/asn-octs.o: src/asn-octs.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-bits.h \
- inc/str-stk.h inc/asn-octs.h
-c++/asn-oid.o: src/asn-oid.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h \
- /usr/include/gcc/darwin/2.95.2/g++/strstream.h \
- /usr/include/gcc/darwin/2.95.2/g++/strfile.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-oid.h \
- inc/print.h
-c++/asn-real.o: src/asn-real.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-real.h
-c++/asn-tag.o: src/asn-tag.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h
-c++/asn-type.o: src/asn-type.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h
-c++/hash.o: src/hash.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/hash.h
-c++/meta.o: src/meta.cpp inc/asn-incl.h inc/asn-config.h \
- /usr/include/ctype.h /usr/include/runetype.h \
- /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
- /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-int.h \
- inc/asn-bool.h inc/asn-real.h inc/asn-oid.h inc/asn-octs.h \
- inc/asn-bits.h inc/str-stk.h inc/asn-enum.h inc/asn-null.h \
- inc/asn-any.h inc/hash.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/threading.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utilities.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssm.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmtype.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmconfig.h \
- /System/Library/Frameworks/CarbonCore.framework/Headers/ConditionalMacros.h \
- /System/Library/Frameworks/CarbonCore.framework/Headers/MacTypes.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/emmtype.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapi.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmerr.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapple.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utility_config.h \
- /usr/include/gcc/darwin/2.95.2/g++/../assert.h \
- /usr/include/gcc/darwin/2.95.2/g++/exception \
- /usr/include/gcc/darwin/2.95.2/g++/new \
- /usr/include/gcc/darwin/2.95.2/g++/string \
- /usr/include/gcc/darwin/2.95.2/g++/std/bastring.h \
- /usr/include/gcc/darwin/2.95.2/g++/cstddef \
- /usr/include/gcc/darwin/2.95.2/g++/std/straits.h \
- /usr/include/gcc/darwin/2.95.2/g++/cctype \
- /usr/include/gcc/darwin/2.95.2/g++/cstring \
- /usr/include/gcc/darwin/2.95.2/g++/alloc.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_config.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_alloc.h \
- /usr/include/gcc/darwin/2.95.2/g++/iterator \
- /usr/include/gcc/darwin/2.95.2/g++/stl_relops.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_iterator.h \
- /usr/include/gcc/darwin/2.95.2/g++/cassert \
- /usr/include/gcc/darwin/2.95.2/g++/std/bastring.cc \
- /usr/include/errno.h /usr/include/sys/errno.h \
- /System/Library/Frameworks/System.framework/Headers/pthread.h \
- /System/Library/Frameworks/System.framework/Headers/pthread_impl.h \
- /System/Library/Frameworks/System.framework/Headers/sched.h \
- /usr/include/time.h \
- /usr/include/gcc/darwin/2.95.2/g++/../machine/limits.h \
- /usr/include/ppc/limits.h \
- /System/Library/Frameworks/System.framework/Headers/mach/mach_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/host_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_statistics.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine.h \
- /System/Library/Frameworks/System.framework/Headers/mach/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/time_value.h \
- /System/Library/Frameworks/System.framework/Headers/mach/memory_object_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/port.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/exception_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_state.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_state.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/exception.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/exception.h \
- /System/Library/Frameworks/System.framework/Headers/mach/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/task_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/policy.h \
- /System/Library/Frameworks/System.framework/Headers/mach/task_special_ports.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_special_ports.h \
- /System/Library/Frameworks/System.framework/Headers/mach/clock_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_attributes.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_inherit.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_behavior.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_prot.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_sync.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_region.h \
- /System/Library/Frameworks/System.framework/Headers/mach/prof_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/kmod.h \
- /System/Library/Frameworks/System.framework/Headers/mach/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/std_types.h \
- /usr/include/limits.h /usr/include/sys/syslimits.h \
- /usr/include/sys/time.h inc/asn-useful.h inc/print.h
-c++/print.o: src/print.cpp inc/asn-incl.h inc/asn-config.h \
- /usr/include/ctype.h /usr/include/runetype.h \
- /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
- /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-int.h \
- inc/asn-bool.h inc/asn-real.h inc/asn-oid.h inc/asn-octs.h \
- inc/asn-bits.h inc/str-stk.h inc/asn-enum.h inc/asn-null.h \
- inc/asn-any.h inc/hash.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/threading.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utilities.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssm.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmtype.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmconfig.h \
- /System/Library/Frameworks/CarbonCore.framework/Headers/ConditionalMacros.h \
- /System/Library/Frameworks/CarbonCore.framework/Headers/MacTypes.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/emmtype.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapi.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmerr.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapple.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utility_config.h \
- /usr/include/gcc/darwin/2.95.2/g++/../assert.h \
- /usr/include/gcc/darwin/2.95.2/g++/exception \
- /usr/include/gcc/darwin/2.95.2/g++/new \
- /usr/include/gcc/darwin/2.95.2/g++/string \
- /usr/include/gcc/darwin/2.95.2/g++/std/bastring.h \
- /usr/include/gcc/darwin/2.95.2/g++/cstddef \
- /usr/include/gcc/darwin/2.95.2/g++/std/straits.h \
- /usr/include/gcc/darwin/2.95.2/g++/cctype \
- /usr/include/gcc/darwin/2.95.2/g++/cstring \
- /usr/include/gcc/darwin/2.95.2/g++/alloc.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_config.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_alloc.h \
- /usr/include/gcc/darwin/2.95.2/g++/iterator \
- /usr/include/gcc/darwin/2.95.2/g++/stl_relops.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_iterator.h \
- /usr/include/gcc/darwin/2.95.2/g++/cassert \
- /usr/include/gcc/darwin/2.95.2/g++/std/bastring.cc \
- /usr/include/errno.h /usr/include/sys/errno.h \
- /System/Library/Frameworks/System.framework/Headers/pthread.h \
- /System/Library/Frameworks/System.framework/Headers/pthread_impl.h \
- /System/Library/Frameworks/System.framework/Headers/sched.h \
- /usr/include/time.h \
- /usr/include/gcc/darwin/2.95.2/g++/../machine/limits.h \
- /usr/include/ppc/limits.h \
- /System/Library/Frameworks/System.framework/Headers/mach/mach_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/host_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_statistics.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine.h \
- /System/Library/Frameworks/System.framework/Headers/mach/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/time_value.h \
- /System/Library/Frameworks/System.framework/Headers/mach/memory_object_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/port.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/exception_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_state.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_state.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/exception.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/exception.h \
- /System/Library/Frameworks/System.framework/Headers/mach/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/task_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/policy.h \
- /System/Library/Frameworks/System.framework/Headers/mach/task_special_ports.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_special_ports.h \
- /System/Library/Frameworks/System.framework/Headers/mach/clock_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_attributes.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_inherit.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_behavior.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_prot.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_sync.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_region.h \
- /System/Library/Frameworks/System.framework/Headers/mach/prof_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/kmod.h \
- /System/Library/Frameworks/System.framework/Headers/mach/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/std_types.h \
- /usr/include/limits.h /usr/include/sys/syslimits.h \
- /usr/include/sys/time.h inc/asn-useful.h inc/print.h
-c++/tcl-if.o: src/tcl-if.cpp /usr/include/fcntl.h /usr/include/sys/fcntl.h \
- /usr/include/sys/types.h /usr/include/sys/cdefs.h \
- /usr/include/machine/types.h /usr/include/ppc/types.h \
- /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
- /usr/include/machine/endian.h /usr/include/ppc/endian.h \
- /usr/include/gcc/darwin/2.95.2/g++/../assert.h /usr/include/unistd.h \
- /usr/include/sys/unistd.h /usr/include/signal.h \
- /usr/include/sys/signal.h /usr/include/machine/signal.h \
- /usr/include/ppc/signal.h /usr/include/stdlib.h \
- /usr/include/gcc/darwin/2.95.2/g++/strstream.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h /usr/include/stddef.h \
- /usr/include/stdio.h /usr/include/gcc/darwin/2.95.2/g++/strfile.h \
- /usr/include/gcc/darwin/2.95.2/g++/fstream.h /usr/include/string.h \
- inc/asn-incl.h inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/memory.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/math.h inc/snacc.h inc/config.h inc/policy.h \
- inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h inc/asn-int.h inc/asn-bool.h inc/asn-real.h inc/asn-oid.h \
- inc/asn-octs.h inc/asn-bits.h inc/str-stk.h inc/asn-enum.h \
- inc/asn-null.h inc/asn-any.h inc/hash.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/threading.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utilities.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssm.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmtype.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmconfig.h \
- /System/Library/Frameworks/CarbonCore.framework/Headers/ConditionalMacros.h \
- /System/Library/Frameworks/CarbonCore.framework/Headers/MacTypes.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/emmtype.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapi.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmerr.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapple.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utility_config.h \
- /usr/include/gcc/darwin/2.95.2/g++/exception \
- /usr/include/gcc/darwin/2.95.2/g++/new \
- /usr/include/gcc/darwin/2.95.2/g++/string \
- /usr/include/gcc/darwin/2.95.2/g++/std/bastring.h \
- /usr/include/gcc/darwin/2.95.2/g++/cstddef \
- /usr/include/gcc/darwin/2.95.2/g++/std/straits.h \
- /usr/include/gcc/darwin/2.95.2/g++/cctype \
- /usr/include/gcc/darwin/2.95.2/g++/cstring \
- /usr/include/gcc/darwin/2.95.2/g++/alloc.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_config.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_alloc.h \
- /usr/include/gcc/darwin/2.95.2/g++/iterator \
- /usr/include/gcc/darwin/2.95.2/g++/stl_relops.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_iterator.h \
- /usr/include/gcc/darwin/2.95.2/g++/cassert \
- /usr/include/gcc/darwin/2.95.2/g++/std/bastring.cc \
- /usr/include/errno.h /usr/include/sys/errno.h \
- /System/Library/Frameworks/System.framework/Headers/pthread.h \
- /System/Library/Frameworks/System.framework/Headers/pthread_impl.h \
- /System/Library/Frameworks/System.framework/Headers/sched.h \
- /usr/include/time.h \
- /usr/include/gcc/darwin/2.95.2/g++/../machine/limits.h \
- /usr/include/ppc/limits.h \
- /System/Library/Frameworks/System.framework/Headers/mach/mach_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/host_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_statistics.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine.h \
- /System/Library/Frameworks/System.framework/Headers/mach/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/time_value.h \
- /System/Library/Frameworks/System.framework/Headers/mach/memory_object_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/port.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/exception_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_state.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_state.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/exception.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/exception.h \
- /System/Library/Frameworks/System.framework/Headers/mach/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/task_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/policy.h \
- /System/Library/Frameworks/System.framework/Headers/mach/task_special_ports.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_special_ports.h \
- /System/Library/Frameworks/System.framework/Headers/mach/clock_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_attributes.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_inherit.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_behavior.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_prot.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_sync.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_region.h \
- /System/Library/Frameworks/System.framework/Headers/mach/prof_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/kmod.h \
- /System/Library/Frameworks/System.framework/Headers/mach/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/std_types.h \
- /usr/include/limits.h /usr/include/sys/syslimits.h \
- /usr/include/sys/time.h inc/asn-useful.h inc/print.h inc/tcl-if.h \
- inc/init.h
-c++/str-stk.o: src/str-stk.cpp inc/asn-config.h /usr/include/ctype.h \
- /usr/include/runetype.h /usr/include/machine/ansi.h \
- /usr/include/ppc/ansi.h /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/str-stk.h
-tkAppInit.o :
-c++/asn-useful.o: src/asn-useful.cpp inc/asn-incl.h inc/asn-config.h \
- /usr/include/ctype.h /usr/include/runetype.h \
- /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
- /usr/include/sys/cdefs.h \
- /usr/include/gcc/darwin/2.95.2/g++/iostream.h \
- /usr/include/gcc/darwin/2.95.2/g++/streambuf.h \
- /usr/include/gcc/darwin/2.95.2/g++/libio.h \
- /usr/include/gcc/darwin/2.95.2/g++/_G_config.h \
- /usr/include/sys/types.h /usr/include/machine/types.h \
- /usr/include/ppc/types.h /usr/include/machine/endian.h \
- /usr/include/ppc/endian.h /usr/include/stddef.h /usr/include/stdio.h \
- /usr/include/memory.h /usr/include/string.h /usr/include/setjmp.h \
- /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
- /usr/include/machine/signal.h /usr/include/ppc/signal.h \
- /usr/include/math.h inc/snacc.h inc/config.h /usr/include/stdlib.h \
- inc/policy.h inc/asn-buf.h inc/asn-len.h inc/asn-tag.h inc/asn-type.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tcl.h \
- /usr/include/gcc/darwin/2.95.2/g++/../stdarg.h \
- /System/Library/Frameworks/Tcl.framework/Headers/tclDecls.h \
- inc/meta.h /usr/include/unistd.h /usr/include/sys/unistd.h \
- /usr/include/signal.h /usr/include/sys/signal.h inc/asn-int.h \
- inc/asn-bool.h inc/asn-real.h inc/asn-oid.h inc/asn-octs.h \
- inc/asn-bits.h inc/str-stk.h inc/asn-enum.h inc/asn-null.h \
- inc/asn-any.h inc/hash.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/threading.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utilities.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssm.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmtype.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmconfig.h \
- /System/Library/Frameworks/CarbonCore.framework/Headers/ConditionalMacros.h \
- /System/Library/Frameworks/CarbonCore.framework/Headers/MacTypes.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/emmtype.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapi.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmerr.h \
- /System/Library/PrivateFrameworks/cdsa.framework/Headers/cssmapple.h \
- /System/Library/PrivateFrameworks/cdsa_utilities.framework/Headers/utility_config.h \
- /usr/include/gcc/darwin/2.95.2/g++/../assert.h \
- /usr/include/gcc/darwin/2.95.2/g++/exception \
- /usr/include/gcc/darwin/2.95.2/g++/new \
- /usr/include/gcc/darwin/2.95.2/g++/string \
- /usr/include/gcc/darwin/2.95.2/g++/std/bastring.h \
- /usr/include/gcc/darwin/2.95.2/g++/cstddef \
- /usr/include/gcc/darwin/2.95.2/g++/std/straits.h \
- /usr/include/gcc/darwin/2.95.2/g++/cctype \
- /usr/include/gcc/darwin/2.95.2/g++/cstring \
- /usr/include/gcc/darwin/2.95.2/g++/alloc.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_config.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_alloc.h \
- /usr/include/gcc/darwin/2.95.2/g++/iterator \
- /usr/include/gcc/darwin/2.95.2/g++/stl_relops.h \
- /usr/include/gcc/darwin/2.95.2/g++/stl_iterator.h \
- /usr/include/gcc/darwin/2.95.2/g++/cassert \
- /usr/include/gcc/darwin/2.95.2/g++/std/bastring.cc \
- /usr/include/errno.h /usr/include/sys/errno.h \
- /System/Library/Frameworks/System.framework/Headers/pthread.h \
- /System/Library/Frameworks/System.framework/Headers/pthread_impl.h \
- /System/Library/Frameworks/System.framework/Headers/sched.h \
- /usr/include/time.h \
- /usr/include/gcc/darwin/2.95.2/g++/../machine/limits.h \
- /usr/include/ppc/limits.h \
- /System/Library/Frameworks/System.framework/Headers/mach/mach_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/host_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_statistics.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine.h \
- /System/Library/Frameworks/System.framework/Headers/mach/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/boolean.h \
- /System/Library/Frameworks/System.framework/Headers/mach/time_value.h \
- /System/Library/Frameworks/System.framework/Headers/mach/memory_object_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/port.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/exception_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_status.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/thread_state.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/thread_state.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/exception.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/exception.h \
- /System/Library/Frameworks/System.framework/Headers/mach/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/processor_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/task_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/policy.h \
- /System/Library/Frameworks/System.framework/Headers/mach/task_special_ports.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_info.h \
- /System/Library/Frameworks/System.framework/Headers/mach/thread_special_ports.h \
- /System/Library/Frameworks/System.framework/Headers/mach/clock_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_attributes.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_inherit.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_behavior.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_prot.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_sync.h \
- /System/Library/Frameworks/System.framework/Headers/mach/vm_region.h \
- /System/Library/Frameworks/System.framework/Headers/mach/prof_types.h \
- /System/Library/Frameworks/System.framework/Headers/mach/kmod.h \
- /System/Library/Frameworks/System.framework/Headers/mach/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/machine/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/ppc/kern_return.h \
- /System/Library/Frameworks/System.framework/Headers/mach/std_types.h \
- /usr/include/limits.h /usr/include/sys/syslimits.h \
- /usr/include/sys/time.h inc/asn-useful.h inc/print.h
// useful, but WITHOUT ANY WARRANTY; without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/inc/asn-config.h,v 1.3 2001/06/27 23:09:16 dmitch Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/inc/asn-config.h,v 1.7 2002/06/12 18:36:31 dmitch Exp $
// $Log: asn-config.h,v $
+// Revision 1.7 2002/06/12 18:36:31 dmitch
+// Radar 2951933: Avoid including iostream in asn-config.h for NDEBUG builds.
+//
+// Revision 1.6.94.4 2002/06/11 22:59:03 dmitch
+// Radar 2951933.
+//
+// Revision 1.6.94.3 2002/06/11 22:34:50 dmitch
+// More endl cleanup.
+//
+// Revision 1.6.94.2 2002/06/11 22:27:28 dmitch
+// Clean up endl declaration for NDEBUG case.
+//
+// Revision 1.6.94.1 2002/06/10 23:19:08 dmitch
+// Radar 2934358 - avoid #include \<iostream\> in asn-config.h
+//
+// Revision 1.6 2002/04/18 18:58:08 dmitch
+// Radar 2904404 - avoid deprecated iostream.h
+//
+// Revision 1.5.24.1 2002/04/17 00:48:53 dmitch
+// Radar 2904404 - avoid deprecated iostream.h.
+//
+// Revision 1.5 2002/03/21 05:38:47 dmitch
+// Radar 2868524: no more setjmp/longjmp in SNACC-generated code.
+//
+// Revision 1.4.32.4 2002/03/20 20:56:37 dmitch
+// Further refinements for Radar 2868524: no more BDecPdu or BEncPdu.
+//
+// Revision 1.4.32.3 2002/03/20 02:54:08 dmitch
+// Avoid the unused and uninitialized ENV_TYPE var in BDecPdu.
+//
+// Revision 1.4.32.2 2002/03/20 01:28:02 dmitch
+// Added throw() to SnaccExcep destructor.
+//
+// Revision 1.4.32.1 2002/03/20 00:36:52 dmitch
+// Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp.
+//
+// Revision 1.4 2002/02/07 04:30:04 mb
+// Fixes required to build with gcc3.
+// Merged from branch PR-2848996
+// Bug #: 2848996
+// Submitted by:
+// Reviewed by: Turly O'Connor <turly@apple.com>
+//
+// Revision 1.3.10.1 2002/02/06 23:45:04 mb
+// Changes to allow building with gcc3
+//
// Revision 1.3 2001/06/27 23:09:16 dmitch
// Pusuant to Radar 2664258, avoid all cerr-based output in NDEBUG configuration.
//
#define _asn_config_h_
#include <ctype.h> /* for isprint() in <<op on AsnOcts */
-#include <iostream.h>
+
+#ifdef NDEBUG
+/* just get forward declarations */
+#include <iosfwd>
+namespace std {
+ extern ostream& endl(ostream& outs);
+}
+#else
+#include <iostream>
+#endif
+/* assume these... */
+using std::iostream;
+using std::ostream;
+using std::istream;
+using std::endl;
+
#include <memory.h>
#include <string.h>
#include <setjmp.h>
#include "snacc.h"
+using std::streamsize;
+
// used not only by AsnInt (asn-int.h), but by AsnNameDesc (meta.h) as well:
#if SIZEOF_INT == 4
# define I int
* - configure error handler
*/
#ifndef NDEBUG
-#define Asn1Error cerr
+#define Asn1Error std::cerr
#else
/* silent ostream */
#include "asn-buf.h"
#define BUF_TYPE AsnBuf &
+
+/*
+ * Enables throw/catch as replacement for setjmp/longjmp in C++ lib.
+ * BDecPdu still returns int (1 = OK, 0 = fail) in either config.
+ * The compiler gets this symbol from c-lib/inc/asn-config.h; runtime
+ * support gets this symbol from this file. There is currently no
+ * straightforward way to have one symbol used in both environments.
+ */
+#define SNACC_EXCEPTION_ENABLE 1
+
+/*
+ * With the SNACC_EXCEPTION_ENABLE mods, ENV_TYPE is not used, though
+ * it still appears in the BDec*() function.
+ */
+#if SNACC_EXCEPTION_ENABLE
+#define ENV_TYPE int
+#else
#define ENV_TYPE jmp_buf
+#endif /* SNACC_EXCEPTION_ENABLE */
+/*
+ * Enable BEncPdu, BDecPdu. Same remarks apply as above w.r.t the
+ * c++ config file.
+ */
+#define SNACC_ENABLE_PDU 0
+#if SNACC_ENABLE_PDU
+
+#if SNACC_EXCEPTION_ENABLE
/* return true if succeeded, false otherwise */
#define PDU_MEMBER_MACROS\
int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)\
\
int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)\
{\
- jmp_buf env;\
+\
+ bytesDecoded = 0;\
+ try\
+ {\
+ BDec (b, bytesDecoded, 0);\
+ return !b.ReadError();\
+ }\
+ catch(...) {\
+ return false;\
+ }\
+ }
+#else /* SNACC_EXCEPTION_ENABLE */
+#define PDU_MEMBER_MACROS\
+ int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)\
+ {\
+ bytesEncoded = BEnc (b);\
+ return !b.WriteError();\
+ }\
+\
+ int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)\
+ {\
+ ENV_TYPE env;\
int val;\
\
bytesDecoded = 0;\
else\
return false;\
}
+#endif /* SNACC_EXCEPTION_ENABLE */
+#else /* !SNACC_ENABLE_PDU */
+/* empty */
+#define PDU_MEMBER_MACROS
+#endif
+/*
+ * SNACC exception class
+ */
+#if SNACC_EXCEPTION_ENABLE
+
+#include <exception>
+
+class SnaccExcep : public std::exception {
+protected:
+ SnaccExcep(int err) : mErrNum(err) { }
+public:
+ virtual ~SnaccExcep() throw() {};
+ virtual int errNum() { return mErrNum; }
+ static void throwMe(int err); // implemented in cdsaUtils.cpp
+protected:
+ int mErrNum;
+};
+#endif /* SNACC_EXCEPTION_ENABLE */
#endif /* conditional include */
//
//
//
-// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/inc/asn-octs.h,v 1.1.1.1 2001/05/18 23:14:06 mb Exp $
+// $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/inc/asn-octs.h,v 1.2 2002/04/18 18:58:08 dmitch Exp $
// $Log: asn-octs.h,v $
+// Revision 1.2 2002/04/18 18:58:08 dmitch
+// Radar 2904404 - avoid deprecated iostream.h
+//
+// Revision 1.1.1.1.70.1 2002/04/17 00:48:53 dmitch
+// Radar 2904404 - avoid deprecated iostream.h.
+//
// Revision 1.1.1.1 2001/05/18 23:14:06 mb
// Move from private repository to open source repository
//
size_t Len() const { return octetLen; }
operator const char* () const { return octs; }
operator char* () { return octs; }
+
+ const char * Octs() const { return octs; }
#ifdef VDADER_RULES
bool operator == (const AsnOcts &o) const { if (OctsEquiv(o)) return true; else return false; }
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
// NOTE: this is a machine generated file--editing not recommended
//
// asn-useful.h - class definitions for ASN.1 module ASN-USEFUL
//
-// This file was generated by snacc on Thu Dec 21 14:15:26 2000
+// This file was generated by snacc on Wed Mar 20 10:07:04 2002
// UBC snacc by Mike Sample
// A couple of enhancements made by IBM European Networking Center
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
};
void BDecContent (BUF_TYPE b, AsnTag tag, AsnLen elmtLen, AsnLen &bytesDecoded, ENV_TYPE env);
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
AsnLen BEnc (BUF_TYPE b);
void BDec (BUF_TYPE b, AsnLen &bytesDecoded, ENV_TYPE env);
- int BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded);
- int BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded);
-
void Print (ostream &os) const;
};
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/* config.h. Generated automatically by configure. */
/* config.h.in. Generated automatically from configure.in by autoheader. */
/*
* file: acconfig.h
- *
- * $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c++-lib/inc/config.h,v 1.1.1.1 2001/05/18 23:14:06 mb Exp $
- * $Log: config.h,v $
- * Revision 1.1.1.1 2001/05/18 23:14:06 mb
- * Move from private repository to open source repository
- *
- * Revision 1.3 2001/05/05 00:59:18 rmurphy
- * Adding darwin license headers
- *
- * Revision 1.2 2000/12/22 00:21:57 dmitch
- * Misc. update and sync for clean build on Cheetah 1D7.
- *
- * Revision 1.1.1.1 1999/03/16 18:05:47 aram
- * Originals from SMIME Free Library.
- *
- * Revision 1.7 1997/03/03 11:58:26 wan
- * Final pre-delivery stuff (I hope).
- *
- * Revision 1.6 1997/02/28 13:39:34 wan
- * Modifications collected for new version 1.3: Bug fixes, tk4.2.
- *
- * Revision 1.5 1997/02/15 20:01:37 rj
- * check whether the compiler supports volatile functions (and whether abort() is volatile).
- *
- * Revision 1.4 1995/02/20 11:16:57 rj
- * cpp switch HAVE_VARIABLE_SIZED_AUTOMATIC_ARRAYS added.
- *
- * Revision 1.3 1995/02/13 14:46:49 rj
- * settings for IEEE_REAL_FMT/IEEE_REAL_LIB moved from {c_lib,c++_lib}/inc/asn_config.h to acconfig.h.
- *
- * Revision 1.2 1994/10/08 04:38:56 rj
- * slot for autoconf Tcl detection added.
- *
- * Revision 1.1 1994/09/01 00:51:19 rj
- * first check-in (new file).
- *
*/
/*
#define NULL_STR (Str_struct *) NULL
-
//extern "C" {
//#include <stdio.h> /**** Standard I/O includes ****/
//long vdasnacc_sortSetOf(Str_struct **strEnc, int icount);
//void free_Str_content(Str_struct *str);
//}
+#if SNACC_ENABLE_PDU
+/* Note no equivalent if !SNACC_ENABLE_PDU */
#define ENCODE_ANY(encodedData,asnAny)\
{\
CSM_Buffer *blob=new CSM_Buffer;\
DECODE_BUF((decodeData), blob)\
}
-// This macro is usually only necessary if a SNACC AsnBuf is used
-// immediately after being loaded by an application (e.g. consecutive
-// encode decode operations).
-#define SNACC_BUFRESET_READ(pSnaccBuf) (pSnaccBuf)->ResetInReadMode();
-#define SNACC_BUFRESET_WRITE(pSnaccBuf) (pSnaccBuf)->ResetInWriteRvsMode();
-
#define ENCODE_BUF_NO_ALLOC(encodeData, blob)\
{\
char *pchBuffer = (char *)calloc(1, \
free(pchBuffer);\
}
+#endif /* SNACC_ENABLE_PDU */
+
+// This macro is usually only necessary if a SNACC AsnBuf is used
+// immediately after being loaded by an application (e.g. consecutive
+// encode decode operations).
+#define SNACC_BUFRESET_READ(pSnaccBuf) (pSnaccBuf)->ResetInReadMode();
+#define SNACC_BUFRESET_WRITE(pSnaccBuf) (pSnaccBuf)->ResetInWriteRvsMode();
+
#define SM_ASSIGN_ANYBUF(lpBuf, asnAny)\
{\
(asnAny)->value = (AsnType *)new CSM_Buffer(*(lpBuf));\
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
// NOTE: this is a machine generated file--editing not recommended
//
// asn-useful.cpp - class member functions for ASN.1 module ASN-USEFUL
//
-// This file was generated by snacc on Wed Jun 14 14:50:26 2000
+// This file was generated by snacc on Wed Mar 20 11:39:57 2002
// UBC snacc written by Mike Sample
// A couple of enhancements made by IBM European Networking Center
&& (tag != MAKE_TAG_ID (UNIV, CONS, OD_TAG_CODE)))
{
Asn1Error << "ObjectDescriptor::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 50);
+ SnaccExcep::throwMe(50);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ObjectDescriptor::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ObjectDescriptor::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *UTF8String::Clone() const
{
return new UTF8String;
&& (tag != MAKE_TAG_ID (UNIV, CONS, 12)))
{
Asn1Error << "UTF8String::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 49);
+ SnaccExcep::throwMe(49);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int UTF8String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int UTF8String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *NumericString::Clone() const
{
return new NumericString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, NUMERICSTRING_TAG_CODE)))
{
Asn1Error << "NumericString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 48);
+ SnaccExcep::throwMe(48);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int NumericString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int NumericString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *PrintableString::Clone() const
{
return new PrintableString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, PRINTABLESTRING_TAG_CODE)))
{
Asn1Error << "PrintableString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 47);
+ SnaccExcep::throwMe(47);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int PrintableString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int PrintableString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *TeletexString::Clone() const
{
return new TeletexString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, TELETEXSTRING_TAG_CODE)))
{
Asn1Error << "TeletexString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 46);
+ SnaccExcep::throwMe(46);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int TeletexString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int TeletexString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *T61String::Clone() const
{
return new T61String;
&& (tag != MAKE_TAG_ID (UNIV, CONS, TELETEXSTRING_TAG_CODE)))
{
Asn1Error << "T61String::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 45);
+ SnaccExcep::throwMe(45);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int T61String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int T61String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *VideotexString::Clone() const
{
return new VideotexString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, VIDEOTEXSTRING_TAG_CODE)))
{
Asn1Error << "VideotexString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 44);
+ SnaccExcep::throwMe(44);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int VideotexString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int VideotexString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *IA5String::Clone() const
{
return new IA5String;
&& (tag != MAKE_TAG_ID (UNIV, CONS, IA5STRING_TAG_CODE)))
{
Asn1Error << "IA5String::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 43);
+ SnaccExcep::throwMe(43);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int IA5String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int IA5String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *GraphicString::Clone() const
{
return new GraphicString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, GRAPHICSTRING_TAG_CODE)))
{
Asn1Error << "GraphicString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 42);
+ SnaccExcep::throwMe(42);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int GraphicString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int GraphicString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *VisibleString::Clone() const
{
return new VisibleString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, VISIBLESTRING_TAG_CODE)))
{
Asn1Error << "VisibleString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 41);
+ SnaccExcep::throwMe(41);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int VisibleString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int VisibleString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *ISO646String::Clone() const
{
return new ISO646String;
&& (tag != MAKE_TAG_ID (UNIV, CONS, VISIBLESTRING_TAG_CODE)))
{
Asn1Error << "ISO646String::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 40);
+ SnaccExcep::throwMe(40);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int ISO646String::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int ISO646String::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *GeneralString::Clone() const
{
return new GeneralString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, GENERALSTRING_TAG_CODE)))
{
Asn1Error << "GeneralString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 39);
+ SnaccExcep::throwMe(39);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int GeneralString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int GeneralString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *UTCTime::Clone() const
{
return new UTCTime;
&& (tag != MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE)))
{
Asn1Error << "UTCTime::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 38);
+ SnaccExcep::throwMe(38);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int UTCTime::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int UTCTime::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *GeneralizedTime::Clone() const
{
return new GeneralizedTime;
&& (tag != MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE)))
{
Asn1Error << "GeneralizedTime::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 37);
+ SnaccExcep::throwMe(37);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int GeneralizedTime::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int GeneralizedTime::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *UniversalString::Clone() const
{
return new UniversalString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, UNIVERSALSTRING_TAG_CODE)))
{
Asn1Error << "UniversalString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 36);
+ SnaccExcep::throwMe(36);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int UniversalString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int UniversalString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
AsnType *BMPString::Clone() const
{
return new BMPString;
&& (tag != MAKE_TAG_ID (UNIV, CONS, BMPSTRING_TAG_CODE)))
{
Asn1Error << "BMPString::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 35);
+ SnaccExcep::throwMe(35);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int BMPString::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int BMPString::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
EXTERNALChoice::EXTERNALChoice()
{
choiceId = single_ASN1_typeCid;
&& (tag != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE)))
{
Asn1Error << "Unexpected Tag" << endl;
- longjmp (env, 34);
+ SnaccExcep::throwMe(34);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
default:
Asn1Error << "ERROR - unexpected tag in CHOICE" << endl;
- longjmp (env, 33);
+ SnaccExcep::throwMe(33);
break;
} // end switch
} // EXTERNALChoice::BDecContent
BDecContent (b, tag, elmtLen, bytesDecoded, env);
}
-int EXTERNALChoice::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EXTERNALChoice::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EXTERNALChoice::Print (ostream &os) const
{
+#ifndef NDEBUG
switch (choiceId)
{
case single_ASN1_typeCid:
break;
} // end of switch
+#endif /* NDEBUG */
} // EXTERNALChoice::Print
EXTERNAL::EXTERNAL()
else
{
Asn1Error << "ERROR - SEQUENCE is missing non-optional elmt." << endl;
- longjmp (env, 32);
+ SnaccExcep::throwMe(32);
}
bytesDecoded += seqBytesDecoded;
else if (seqBytesDecoded != elmtLen0)
{
Asn1Error << "ERROR - Length discrepancy on sequence." << endl;
- longjmp (env, 31);
+ SnaccExcep::throwMe(31);
}
else
return;
if ((tag = BDecTag (b, bytesDecoded, env)) != MAKE_TAG_ID (UNIV, CONS, EXTERNAL_TAG_CODE))
{
Asn1Error << "EXTERNAL::BDec: ERROR - wrong tag" << endl;
- longjmp (env, 30);
+ SnaccExcep::throwMe(30);
}
elmtLen1 = BDecLen (b, bytesDecoded, env);
BDecContent (b, tag, elmtLen1, bytesDecoded, env);
}
-int EXTERNAL::BEncPdu (BUF_TYPE b, AsnLen &bytesEncoded)
-{
- bytesEncoded = BEnc (b);
- return !b.WriteError();
-}
-
-int EXTERNAL::BDecPdu (BUF_TYPE b, AsnLen &bytesDecoded)
-{
- ENV_TYPE env;
- int val;
-
- bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
- BDec (b, bytesDecoded, env);
- return !b.ReadError();
- }
- else
- return false;
-}
-
void EXTERNAL::Print (ostream &os) const
{
+#ifndef NDEBUG
os << "{ -- SEQUENCE --" << endl;
indentG += stdIndentG;
indentG -= stdIndentG;
Indent (os, indentG);
os << "}";
+#endif /* NDEBUG */
} // EXTERNAL::Print
* All AsnType subclasses implement this either via PDU_MEMBER_MACROS
* for SecuritySNACCRuntime built-in types, or explicitly for all
* other classes using asn-useful.h. To faciliate a global "one
- * routine for encode/decode" which operattes on AsnType &'s, we have
- * to explicitly provide this here. Why this is no in AsnType, I don't
+ * routine for encode/decode" which operates on AsnType &'s, we have
+ * to explicitly provide this here. Why this is not in AsnType, I don't
* know.
*/
static int SC_BDecPDU(
AsnLen &bytesDecoded)
{
ENV_TYPE env;
- int val;
bytesDecoded = 0;
- if ((val = setjmp (env)) == 0)
- {
+ try {
asnObj.BDec(b, bytesDecoded, env);
return !b.ReadError();
}
- else
+ catch(...) {
return false;
+ }
}
static int SC_BEncPdu(
contentLen >>= 8;
}
}
+
+/*
+ * Explicitly non-inlined SnaccError throw
+ */
+void SnaccExcep::throwMe(int err)
+{
+ throw SnaccExcep(err);
+}
#endif
#include "sm_vdasnacc.h"
+#ifndef NDEBUG
#include <iomanip>
+#endif
#if defined(macintosh) || defined(__APPLE__)
-Thu Dec 21 14:52:17 PST 2000
+Wed Mar 20 11:39:57 PST 2002
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/*
* asn-useful.c
*
* "ASN-USEFUL" ASN.1 module encode/decode/print/free C src.
*
- * This file was generated by snacc on Thu Jun 8 12:35:27 2000
+ * This file was generated by snacc on Tue Mar 19 07:24:46 2002
*
* UBC snacc written by Mike Sample
*
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/*
* asn-useful.h
*
* "ASN-USEFUL" ASN.1 module C type definitions and prototypes
*
- * This .h file was generated by snacc on Thu Jun 8 12:35:27 2000
+ * This .h file was generated by snacc on Tue Mar 19 07:24:46 2002
*
* UBC snacc written compiler by Mike Sample
*
-asn-len.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-len.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h
-asn-tag.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-tag.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h
-asn-int.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-int.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-int.h
-asn-bool.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-bool.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-bool.h
-asn-bits.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-bits.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h \
- inc/asn-len.h inc/asn-tag.h inc/str-stk.h inc/asn-bits.h
-asn-octs.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+ /usr/include/string.h inc/asn-len.h inc/asn-tag.h inc/str-stk.h \
+ inc/asn-bits.h
+asn-octs.o : /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/str-stk.h inc/asn-bits.h inc/asn-octs.h
-asn-oid.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-oid.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-octs.h inc/asn-oid.h
-asn-real.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-real.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-real.h
-asn-null.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-null.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-null.h
-asn-list.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-list.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-list.h
-asn-enum.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-enum.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-int.h inc/asn-enum.h
-str-stk.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+str-stk.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/str-stk.h
-nibble-alloc.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h
-print.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+nibble-alloc.o : inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/exp-buf.h \
+ inc/print.h /usr/include/string.h
+print.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h
-asn-any.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-any.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-oid.h inc/asn-octs.h inc/asn-int.h inc/asn-any.h \
inc/hash.h
-hash.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+hash.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/hash.h
-exp-buf.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+exp-buf.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/gen-buf.h
sbuf.o :
tbl-dec.o :
tbl-dbg.o :
tbl-print.o :
tbl-util.o :
-asn-useful.o : inc/asn-incl.h inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
- inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
- inc/hash.h inc/asn-list.h inc/asn-useful.h
+asn-useful.o : inc/asn-incl.h inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/exp-buf.h \
+ inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \
+ inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \
+ inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \
+ inc/asn-useful.h
tbl.o :
-asn-len.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-len.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h
-asn-tag.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-tag.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h
-asn-int.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-int.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-int.h
-asn-bool.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-bool.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-bool.h
-asn-bits.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-bits.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h \
- inc/asn-len.h inc/asn-tag.h inc/str-stk.h inc/asn-bits.h
-asn-octs.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+ /usr/include/string.h inc/asn-len.h inc/asn-tag.h inc/str-stk.h \
+ inc/asn-bits.h
+asn-octs.o : /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/str-stk.h inc/asn-bits.h inc/asn-octs.h
-asn-oid.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-oid.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-octs.h inc/asn-oid.h
-asn-real.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-real.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-real.h
-asn-null.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-null.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-null.h
-asn-list.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-list.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-list.h
-asn-enum.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-enum.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-int.h inc/asn-enum.h
-str-stk.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+str-stk.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/str-stk.h
-nibble-alloc.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h
-print.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+nibble-alloc.o : inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/exp-buf.h \
+ inc/print.h /usr/include/string.h
+print.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h
-asn-any.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-any.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-oid.h inc/asn-octs.h inc/asn-int.h inc/asn-any.h \
inc/hash.h
-hash.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+hash.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/hash.h
-exp-buf.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+exp-buf.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/gen-buf.h
sbuf.o :
tbl-dec.o :
tbl-dbg.o :
tbl-print.o :
tbl-util.o :
-asn-useful.o : inc/asn-incl.h inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/exp-buf.h inc/print.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
- inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
- inc/hash.h inc/asn-list.h inc/asn-useful.h
+asn-useful.o : inc/asn-incl.h inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/exp-buf.h \
+ inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \
+ inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \
+ inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \
+ inc/asn-useful.h
tbl.o :
-asn-len.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-len.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h
-asn-tag.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-tag.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h
-asn-int.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-int.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-int.h
-asn-bool.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-bool.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-bool.h
-asn-bits.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-bits.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h \
- inc/asn-len.h inc/asn-tag.h inc/str-stk.h inc/asn-bits.h
-asn-octs.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+ /usr/include/string.h inc/asn-len.h inc/asn-tag.h inc/str-stk.h \
+ inc/asn-bits.h
+asn-octs.o : /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/str-stk.h inc/asn-bits.h inc/asn-octs.h
-asn-oid.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-oid.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-octs.h inc/asn-oid.h
-asn-real.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-real.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-real.h
-asn-null.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-null.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-null.h
-asn-list.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-list.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-list.h
-asn-enum.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-enum.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-int.h inc/asn-enum.h
-str-stk.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+str-stk.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/str-stk.h
-nibble-alloc.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h
-print.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+nibble-alloc.o : inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/min-buf.h \
+ inc/print.h /usr/include/string.h
+print.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h
-asn-any.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-any.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-oid.h inc/asn-octs.h inc/asn-int.h inc/asn-any.h \
inc/hash.h
-hash.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+hash.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/hash.h
exp-buf.o :
sbuf.o :
tbl-dbg.o :
tbl-print.o :
tbl-util.o :
-asn-useful.o : inc/asn-incl.h inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/min-buf.h inc/print.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
- inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
- inc/hash.h inc/asn-list.h inc/asn-useful.h
+asn-useful.o : inc/asn-incl.h inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/min-buf.h \
+ inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \
+ inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \
+ inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \
+ inc/asn-useful.h
tbl.o :
-asn-len.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-len.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h
-asn-tag.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-tag.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h
-asn-int.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-int.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-int.h
-asn-bool.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-bool.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-bool.h
-asn-bits.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-bits.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h \
- inc/asn-len.h inc/asn-tag.h inc/str-stk.h inc/asn-bits.h
-asn-octs.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+ /usr/include/string.h inc/asn-len.h inc/asn-tag.h inc/str-stk.h \
+ inc/asn-bits.h
+asn-octs.o : /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/str-stk.h inc/asn-bits.h inc/asn-octs.h
-asn-oid.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-oid.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-octs.h inc/asn-oid.h
-asn-real.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-real.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-real.h
-asn-null.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-null.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-null.h
-asn-list.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-list.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-list.h
-asn-enum.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-enum.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-int.h inc/asn-enum.h
-str-stk.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+str-stk.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/str-stk.h
-nibble-alloc.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h
-print.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+nibble-alloc.o : inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/sbuf.h \
+ inc/print.h /usr/include/string.h
+print.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h
-asn-any.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-any.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-oid.h inc/asn-octs.h inc/asn-int.h inc/asn-any.h \
inc/hash.h
-hash.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+hash.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/hash.h
exp-buf.o :
sbuf.o :
tbl-dbg.o :
tbl-print.o :
tbl-util.o :
-asn-useful.o : inc/asn-incl.h inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/sbuf.h inc/print.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
- inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
- inc/hash.h inc/asn-list.h inc/asn-useful.h
+asn-useful.o : inc/asn-incl.h inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/sbuf.h \
+ inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \
+ inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \
+ inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \
+ inc/asn-useful.h
tbl.o :
-asn-len.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-len.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h
-asn-tag.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-tag.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h
-asn-int.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-int.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-int.h
-asn-bool.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-bool.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-bool.h
-asn-bits.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-bits.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h \
- inc/asn-len.h inc/asn-tag.h inc/str-stk.h inc/asn-bits.h
-asn-octs.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+ /usr/include/string.h inc/asn-len.h inc/asn-tag.h inc/str-stk.h \
+ inc/asn-bits.h
+asn-octs.o : /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/str-stk.h inc/asn-bits.h inc/asn-octs.h
-asn-oid.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-oid.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-octs.h inc/asn-oid.h
-asn-real.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-real.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-real.h
-asn-null.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-null.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-null.h
-asn-list.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-list.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-list.h
-asn-enum.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-enum.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-int.h inc/asn-enum.h
-str-stk.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+str-stk.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/str-stk.h
-nibble-alloc.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h
-print.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+nibble-alloc.o : inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \
+ inc/print.h /usr/include/string.h
+print.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h
-asn-any.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+asn-any.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-oid.h inc/asn-octs.h inc/asn-int.h inc/asn-any.h \
inc/hash.h
-hash.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+hash.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/hash.h
-exp-buf.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+exp-buf.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/exp-buf.h
-sbuf.o : inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+sbuf.o : inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/sbuf.h
-tbl-dec.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
- inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
- inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \
- inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h
-tbl-enc.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
- inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
- inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \
- inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h
-tbl-free.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
- inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
- inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \
- inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h
-tbl-gen.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- inc/tbl-gen.h inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
- inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
- inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \
- inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h
+tbl-dec.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \
+ inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \
+ inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \
+ inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \
+ inc/asn-useful.h inc/tbl.h inc/tbl-util.h inc/tbl-enc.h inc/tbl-dec.h \
+ inc/tbl-print.h inc/tbl-free.h
+tbl-enc.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \
+ inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \
+ inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \
+ inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \
+ inc/asn-useful.h inc/tbl.h inc/tbl-util.h inc/tbl-enc.h inc/tbl-dec.h \
+ inc/tbl-print.h inc/tbl-free.h
+tbl-free.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \
+ inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \
+ inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \
+ inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \
+ inc/asn-useful.h inc/tbl.h inc/tbl-util.h inc/tbl-enc.h inc/tbl-dec.h \
+ inc/tbl-print.h inc/tbl-free.h
+tbl-gen.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h inc/tbl-gen.h inc/tbl-incl.h inc/asn-incl.h \
+ inc/asn-config.h /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \
+ inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \
+ inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \
+ inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \
+ inc/asn-useful.h inc/tbl.h inc/tbl-util.h inc/tbl-enc.h inc/tbl-dec.h \
+ inc/tbl-print.h inc/tbl-free.h
tbl-dbg.o : inc/tbl-dbg.h inc/tbl-gen.h inc/tbl-incl.h inc/asn-incl.h \
- inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
- inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
- inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \
- inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h
-tbl-print.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+ inc/asn-config.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \
inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h
-tbl-util.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
- inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
- inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h inc/tbl-util.h \
- inc/tbl-enc.h inc/tbl-dec.h inc/tbl-print.h inc/tbl-free.h inc/sbuf.h
-asn-useful.o : inc/asn-incl.h inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
- inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
- inc/hash.h inc/asn-list.h inc/asn-useful.h
-tbl.o : inc/asn-incl.h inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h inc/nibble-alloc.h inc/gen-buf.h inc/print.h inc/asn-len.h \
- inc/asn-tag.h inc/asn-bool.h inc/asn-int.h inc/asn-enum.h inc/asn-real.h \
- inc/asn-octs.h inc/asn-bits.h inc/asn-oid.h inc/asn-null.h inc/asn-any.h \
- inc/hash.h inc/asn-list.h inc/asn-useful.h inc/tbl.h
+tbl-print.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \
+ inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \
+ inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \
+ inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \
+ inc/asn-useful.h inc/tbl.h inc/tbl-util.h inc/tbl-enc.h inc/tbl-dec.h \
+ inc/tbl-print.h inc/tbl-free.h
+tbl-util.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h inc/tbl-incl.h inc/asn-incl.h inc/asn-config.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \
+ inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \
+ inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \
+ inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \
+ inc/asn-useful.h inc/tbl.h inc/tbl-util.h inc/tbl-enc.h inc/tbl-dec.h \
+ inc/tbl-print.h inc/tbl-free.h inc/sbuf.h
+asn-useful.o : inc/asn-incl.h inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \
+ inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \
+ inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \
+ inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \
+ inc/asn-useful.h
+tbl.o : inc/asn-incl.h inc/asn-config.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h inc/nibble-alloc.h inc/gen-buf.h \
+ inc/print.h inc/asn-len.h inc/asn-tag.h inc/asn-bool.h inc/asn-int.h \
+ inc/asn-enum.h inc/asn-real.h inc/asn-octs.h inc/asn-bits.h \
+ inc/asn-oid.h inc/asn-null.h inc/asn-any.h inc/hash.h inc/asn-list.h \
+ inc/asn-useful.h inc/tbl.h
* This source code is distributed in the hope that it will be
* useful, but WITHOUT ANY WARRANTY; without even the implied warranty
* of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- *
- * $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/c-lib/inc/asn-config.h,v 1.1.1.1 2001/05/18 23:14:08 mb Exp $
- * $Log: asn-config.h,v $
- * Revision 1.1.1.1 2001/05/18 23:14:08 mb
- * Move from private repository to open source repository
- *
- * Revision 1.2 2001/05/05 00:59:22 rmurphy
- * Adding darwin license headers
- *
- * Revision 1.1.1.1 1999/03/16 18:06:20 aram
- * Originals from SMIME Free Library.
- *
- * Revision 1.6 1997/03/13 09:15:16 wan
- * Improved dependency generation for stupid makedepends.
- * Corrected PeekTag to peek into buffer only as far as necessary.
- * Added installable error handler.
- * Fixed small glitch in idl-code generator (Markku Savela <msa@msa.tte.vtt.fi>).
- *
- * Revision 1.5 1995/07/24 21:01:11 rj
- * changed `_' to `-' in file names.
- *
- * Revision 1.4 1995/02/13 14:47:33 rj
- * settings for IEEE_REAL_FMT/IEEE_REAL_LIB moved from {c_lib,c++_lib}/inc/asn_config.h to acconfig.h.
- *
- * Revision 1.3 1994/10/08 04:46:20 rj
- * config.h -> snacc.h, which now is the toplevel config file.
- *
- * Revision 1.2 1994/08/31 23:53:05 rj
- * redundant code moved into ../../config.h.bot
- *
- * Revision 1.1 1994/08/28 09:21:25 rj
- * first check-in. for a list of changes to the snacc-1.1 distribution please refer to the ChangeLog.
- *
*/
#ifndef _asn_config_h_
#include "print.h" /* for printing set up */
+/*
+ * Enables throw/catch as replacement for setjmp/longjmp in C++ lib.
+ * BDecPdu still returns int (1 = OK, 0 = fail) in either config.
+ * The compiler gets this symbol from this file; runtime support uses
+ * the same symbol in c++_lib/inc/asn-config.h There is currently no
+ * straightforward way to have one symbol used in both environments.
+ */
+#define SNACC_EXCEPTION_ENABLE 1
+
+/*
+ * Enable BEncPdu, BDecPdu. Same remarks apply as above w.r.t the
+ * c++ config file.
+ */
+#define SNACC_ENABLE_PDU 0
+
#endif /* conditional include */
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/*
* asn-useful.h
*
* "ASN-USEFUL" ASN.1 module C type definitions and prototypes
*
- * This .h file was generated by snacc on Thu Jun 8 12:35:27 2000
+ * This .h file was generated by snacc on Tue Mar 19 07:24:46 2002
*
* UBC snacc written compiler by Mike Sample
*
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/*
* tbl.h
*
* "TBL" ASN.1 module C type definitions and prototypes
*
- * This .h file was generated by snacc on Thu Jun 8 12:35:28 2000
+ * This .h file was generated by snacc on Tue Mar 19 07:24:47 2002
*
* UBC snacc written compiler by Mike Sample
*
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/*
* asn-useful.c
*
* "ASN-USEFUL" ASN.1 module encode/decode/print/free C src.
*
- * This file was generated by snacc on Thu Jun 8 12:35:27 2000
+ * This file was generated by snacc on Tue Mar 19 07:24:46 2002
*
* UBC snacc written by Mike Sample
*
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
#if TTBL
/*
* tbl.c
*
* "TBL" ASN.1 module encode/decode/print/free C src.
*
- * This file was generated by snacc on Thu Jun 8 12:35:28 2000
+ * This file was generated by snacc on Tue Mar 19 07:24:47 2002
*
* UBC snacc written by Mike Sample
*
-Thu Jun 8 12:37:29 PDT 2000
+Wed Mar 20 11:39:20 PST 2002
-Thu Jun 8 12:37:28 PDT 2000
+Wed Mar 20 11:39:20 PST 2002
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
#if TTBL
/*
* tbl.c
*
* "TBL" ASN.1 module encode/decode/print/free C src.
*
- * This file was generated by snacc on Thu Jun 8 12:35:28 2000
+ * This file was generated by snacc on Tue Mar 19 07:24:47 2002
*
* UBC snacc written by Mike Sample
*
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/*
* tbl.h
*
* "TBL" ASN.1 module C type definitions and prototypes
*
- * This .h file was generated by snacc on Thu Jun 8 12:35:28 2000
+ * This .h file was generated by snacc on Tue Mar 19 07:24:47 2002
*
* UBC snacc written compiler by Mike Sample
*
* INSERT_VDA_COMMENTS
*
*
- * $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/compiler/back-ends/c++-gen/gen-code.c,v 1.3 2001/06/27 23:51:42 dmitch Exp $
+ * $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/compiler/back-ends/c++-gen/gen-code.c,v 1.4 2002/03/21 05:38:53 dmitch Exp $
* $Log: gen-code.c,v $
+ * Revision 1.4 2002/03/21 05:38:53 dmitch
+ * Radar 2868524: no more setjmp/longjmp in SNACC-generated code.
+ *
+ * Revision 1.3.44.3 2002/03/20 20:56:39 dmitch
+ * Further refinements for Radar 2868524: no more BDecPdu or BEncPdu.
+ *
+ * Revision 1.3.44.2 2002/03/20 02:53:09 dmitch
+ * Avoid the unused and uninitialized jmp_buf var in BDecPdu.
+ *
+ * Revision 1.3.44.1 2002/03/20 00:36:59 dmitch
+ * Radar 2868524: SNACC-generated code now uses throw/catch instead of setjmp/longjmp.
+ *
* Revision 1.3 2001/06/27 23:51:42 dmitch
* Reimplement partial fix for Radar 2664258: Print() routines are now empty stubs in NDEBUG config.
*
} /* PrintMakeTag */
-
static void
PrintPduMemberFcns PARAMS ((src, hdr, r, cln),
FILE *src _AND_
CxxRules *r _AND_
char *cln)
{
+#if SNACC_ENABLE_PDU
if (printEncodersG)
{
fprintf (hdr, " int B%s (%s b, %s &bytesEncoded);\n", r->encodePduBaseName, bufTypeNameG, lenTypeNameG);
fprintf (src, "int %s::B%s (%s b, %s &bytesDecoded)\n", cln, r->decodePduBaseName, bufTypeNameG, lenTypeNameG);
fprintf (src, "{\n");
+ #if !SNACC_EXCEPTION_ENABLE
fprintf (src, " %s env;\n", envTypeNameG);
fprintf (src, " int val;\n\n");
+ #endif
fprintf (src, " bytesDecoded = 0;\n");
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " try\n");
+ fprintf (src, " {\n");
+ fprintf (src, " BDec (b, bytesDecoded, 0);\n");
+ fprintf (src, " return !b.ReadError();\n");
+ fprintf (src, " }\n");
+ fprintf (src, " catch(...)\n");
+ fprintf (src, " {\n");
+ fprintf (src, " return false;\n");
+ fprintf (src, " }\n");
+ #else /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " if ((val = setjmp (env)) == 0)\n");
fprintf (src, " {\n");
fprintf (src, " BDec (b, bytesDecoded, env);\n");
fprintf (src, " { cerr << \"longjmp return value is \" << val << endl;\n");
fprintf (src, " return false; }\n");
*/
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, "}\n\n");
}
fprintf (hdr, "\n");
-
+#endif /* SNACC_ENABLE_PDU */
} /* PrintPduMemberFcns */
}
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"%s::B%s: ERROR - wrong tag\" << endl;\n", td->cxxTypeDefInfo->className, r->decodeBaseName);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n");
fprintf (src, " elmtLen%d = BDecLen (b, bytesDecoded, env);\n", ++elmtLevel);
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"Unexpected Tag\" << endl;\n");
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n\n");
fprintf (src, " elmtLen%d = BDecLen (b, bytesDecoded, env);\n", ++elmtLevel);
fprintf (src, " default:\n");
fprintf (src, " Asn1Error << \"ERROR - unexpected tag in CHOICE\" << endl;\n");
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " break;\n");
fprintf (src, " } // end switch\n");
fprintf (src, "MAKE_TAG_ID (%s, %s, %d))", classStr, formStr, tag->code);
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"%s::B%s: ERROR - wrong tag\" << endl;\n", td->cxxTypeDefInfo->className, r->decodeBaseName);
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n");
fprintf (src, " extraLen%d = BDecLen (b, bytesDecoded, env);\n", ++elmtLevel);
}
fprintf (src, " else if (elmtLen0 != 0)\n");
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"Expected an empty sequence\" << endl;\n");
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n");
/*
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"Unexpected Tag\" << endl;\n");
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n\n");
fprintf (src, " elmtLen%d = BDecLen (b, seqBytesDecoded, env);\n", ++elmtLevel);
}
fprintf (src, " else\n");
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"ERROR - SEQUENCE is missing non-optional elmt.\" << endl;\n");
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n\n");
}
else
fprintf (src, " else if (seqBytesDecoded != elmtLen0)\n");
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"ERROR - Length discrepancy on sequence.\" << endl;\n");
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n");
fprintf (src, " else\n");
fprintf (src, " return;\n");
fprintf (src, "MAKE_TAG_ID (%s, %s, %d))\n", classStr, formStr, tag->code);
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"%s::B%s: ERROR - wrong tag\" << endl;\n", td->cxxTypeDefInfo->className, r->decodeBaseName);
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n");
fprintf (src, " elmtLen%d = BDecLen (b, bytesDecoded, env);\n", ++elmtLevel);
fprintf (src, " else if (elmtLen0 != 0)\n");
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"Expected an empty sequence\" << endl;\n");
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n");
/* forget about potential extension types for now
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"Unexpected Tag\" << endl;\n");
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n\n");
fprintf (src, " elmtLen%d = BDecLen (b, setBytesDecoded, env);\n", ++elmtLevel);
} /* for each elmt */
fprintf (src, " default:\n");
fprintf (src, " Asn1Error << \"Unexpected Tag on SET elmt.\" << endl;\n");
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " } // end switch\n");
fprintf (src, " } // end for loop\n");
fprintf (src, " bytesDecoded += setBytesDecoded;\n");
fprintf (src, " if (mandatoryElmtsDecoded != %d)\n", mandatoryElmtCount);
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"ERROR - non-optional SET element missing.\" << endl;\n");
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n");
} /* if not empty set clause */
fprintf (src, "MAKE_TAG_ID (%s, %s, %d))\n", classStr, formStr, tag->code);
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"%s::B%s: ERROR - wrong tag\" << endl;\n", td->cxxTypeDefInfo->className, r->decodeBaseName);
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n");
fprintf (src, " elmtLen%d = BDecLen (b, bytesDecoded, env);\n", ++elmtLevel);
fprintf (src, "MAKE_TAG_ID (%s, %s, %d))\n", classStr, formStr, tag->code);
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"%s::B%s: ERROR - wrong tag\" << endl;\n", td->cxxTypeDefInfo->className, r->decodeBaseName);
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n");
fprintf (src, " elmtLen%d = BDecLen (b, bytesDecoded, env);\n", ++elmtLevel);
fprintf (src, "))\n");
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"Unexpected Tag\" << endl;\n");
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n\n");
fprintf (src, " elmtLen%d = BDecLen (b, listBytesDecoded, env);\n", ++elmtLevel);
}
fprintf (src, " {\n");
fprintf (src, " Asn1Error << \"Unexpected Tag\" << endl;\n");
- fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #if SNACC_EXCEPTION_ENABLE
+ fprintf (src, " SnaccExcep::throwMe(%d);\n", longJmpValG--);
+ #else
+ fprintf (src, " longjmp (env, %d);\n", longJmpValG--);
+ #endif /* SNACC_EXCEPTION_ENABLE */
fprintf (src, " }\n\n");
fprintf (src, " elmtLen%d = BDecLen (b, listBytesDecoded, env);\n", ++elmtLevel);
*
* "TBL" ASN.1 module encode/decode/print/free C src.
*
- * This file was generated by snacc on Tue Jun 19 16:55:23 2001
+ * This file was generated by snacc on Tue Mar 19 07:24:43 2002
*
* UBC snacc written by Mike Sample
*
*
* "TBL" ASN.1 module C type definitions and prototypes
*
- * This .h file was generated by snacc on Tue Jun 19 16:55:23 2001
+ * This .h file was generated by snacc on Tue Mar 19 07:24:43 2002
*
* UBC snacc written compiler by Mike Sample
*
-lex-asn1.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+lex-asn1.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/exports.h core/parse-asn1.h core/parser.h \
- core/lex-stuff.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/errno.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/errno.h
-parse-asn1.o : ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- ../policy.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h \
- ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h \
- ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h \
- ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h \
- ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h \
- ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h core/asn1module.h \
- core/lib-types.h core/snacc-util.h core/exports.h core/parser.h \
- core/lex-stuff.h
-define.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
- core/define.h
-dependency.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
+ core/lex-stuff.h /usr/include/errno.h /usr/include/sys/errno.h
+parse-asn1.o : ../snacc.h ../config.h /usr/include/stdlib.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/sys/cdefs.h ../policy.h /usr/include/string.h \
+ /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
+ core/asn1module.h core/lib-types.h core/snacc-util.h core/exports.h \
+ core/parser.h core/lex-stuff.h
+define.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
+ /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \
+ ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \
+ ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \
+ ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \
+ ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \
+ ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \
+ ../c-lib/inc/asn-useful.h core/define.h
+dependency.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
+ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
+ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
+ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
+ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
+ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/snacc-util.h core/dependency.h
-do-macros.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+do-macros.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/ctype.h /usr/include/runetype.h \
+ ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/define.h back-ends/str-util.h core/normalize.h \
core/snacc-util.h core/do-macros.h
-err-chk.o : /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+err-chk.o : /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/snacc-util.h back-ends/tag-util.h core/define.h \
core/err-chk.h
-exports.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+exports.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/snacc-util.h core/exports.h
-gen-tbls.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+gen-tbls.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/tbl.h core/gen-tbls.h
lib-types.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
- core/asn1module.h core/lib-types.h
-link-types.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \
+ ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \
+ ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \
+ ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \
+ ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \
+ ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \
+ ../c-lib/inc/asn-useful.h core/asn1module.h core/lib-types.h
+link-types.o : /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
+ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
+ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
+ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
+ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
+ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/snacc-util.h core/link-types.h
-link-values.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+link-values.o : /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/snacc-util.h core/link-values.h
-mem.o : ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- ../policy.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/mem.h
-meta.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+mem.o : ../snacc.h ../config.h /usr/include/stdlib.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/sys/cdefs.h ../policy.h /usr/include/stdio.h \
+ /usr/include/sys/types.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/mem.h
+meta.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h core/meta.h
-normalize.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+normalize.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/oid.h core/lib-types.h core/snacc-util.h \
core/normalize.h
-oid.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+oid.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/oid.h
-print.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+print.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/lib-types.h core/print.h
-recursive.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+recursive.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/recursive.h core/snacc-util.h
-snacc.o : ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- ../policy.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/time.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/time.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/limits.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/limits.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h \
- ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h \
- ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h \
- ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h \
- ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h \
- ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h ../version.h \
- core/asn1module.h core/exports.h core/parser.h core/dependency.h \
- core/link-types.h core/link-values.h core/err-chk.h core/print.h \
- core/recursive.h core/define.h core/normalize.h core/do-macros.h \
- core/snacc-util.h core/meta.h back-ends/str-util.h \
+snacc.o : ../snacc.h ../config.h /usr/include/stdlib.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/sys/cdefs.h ../policy.h /usr/include/sys/time.h \
+ /usr/include/sys/types.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/time.h \
+ /usr/include/machine/limits.h /usr/include/ppc/limits.h \
+ /usr/include/string.h /usr/include/stdio.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
+ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
+ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
+ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
+ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
+ ../version.h core/asn1module.h core/exports.h core/parser.h \
+ core/dependency.h core/link-types.h core/link-values.h core/err-chk.h \
+ core/print.h core/recursive.h core/define.h core/normalize.h \
+ core/do-macros.h core/snacc-util.h core/meta.h back-ends/str-util.h \
back-ends/c-gen/rules.h back-ends/c-gen/type-info.h \
back-ends/c-gen/gen-code.h back-ends/c++-gen/rules.h \
back-ends/c++-gen/types.h back-ends/c++-gen/gen-code.h core/gen-tbls.h \
back-ends/idl-gen/rules.h back-ends/idl-gen/types.h \
back-ends/idl-gen/gen-code.h
-snacc-util.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+snacc-util.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/lib-types.h core/define.h core/snacc-util.h
-val-parser.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+val-parser.o : /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/snacc-util.h core/oid.h core/val-parser.h
str-util.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/unistd.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h \
- core/asn1module.h core/define.h back-ends/c-gen/rules.h \
- back-ends/c-gen/type-info.h back-ends/c-gen/kwd.h \
- back-ends/c++-gen/kwd.h back-ends/str-util.h
-tag-util.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \
+ ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \
+ ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \
+ ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \
+ ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \
+ ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \
+ ../c-lib/inc/asn-useful.h /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/unistd.h /usr/include/string.h core/asn1module.h \
+ core/define.h back-ends/c-gen/rules.h back-ends/c-gen/type-info.h \
+ back-ends/c-gen/kwd.h back-ends/c++-gen/kwd.h back-ends/str-util.h
+tag-util.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
+ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
+ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
+ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
+ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
+ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/define.h core/lib-types.h back-ends/c-gen/rules.h \
back-ends/c-gen/type-info.h back-ends/str-util.h core/snacc-util.h \
back-ends/c-gen/util.h back-ends/tag-util.h
cond.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
- back-ends/cond.h
-type-info.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \
+ ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \
+ ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \
+ ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \
+ ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \
+ ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \
+ ../c-lib/inc/asn-useful.h back-ends/cond.h
+type-info.o : /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
+ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
+ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
+ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
+ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
+ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/snacc-util.h core/define.h back-ends/str-util.h \
back-ends/c-gen/rules.h back-ends/c-gen/type-info.h
-util.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+util.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h back-ends/c-gen/rules.h core/snacc-util.h \
back-ends/c-gen/util.h
rules.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
- core/asn1module.h back-ends/c-gen/rules.h
-gen-code.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \
+ ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \
+ ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \
+ ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \
+ ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \
+ ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \
+ ../c-lib/inc/asn-useful.h core/asn1module.h back-ends/c-gen/rules.h
+gen-code.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
+ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
+ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
+ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
+ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
+ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/print.h back-ends/c-gen/rules.h \
back-ends/c-gen/type-info.h back-ends/c-gen/util.h back-ends/cond.h \
back-ends/c-gen/gen-type.h back-ends/c-gen/gen-enc.h \
back-ends/c-gen/gen-dec.h back-ends/c-gen/gen-vals.h \
back-ends/c-gen/gen-free.h back-ends/c-gen/gen-print.h \
back-ends/c-gen/gen-any.h back-ends/c-gen/gen-code.h
-gen-type.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+gen-type.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/print.h back-ends/c-gen/rules.h \
back-ends/c-gen/type-info.h back-ends/c-gen/util.h \
back-ends/c-gen/gen-type.h
-gen-enc.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+gen-enc.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/define.h back-ends/c-gen/rules.h \
back-ends/c-gen/type-info.h back-ends/str-util.h back-ends/c-gen/util.h \
back-ends/tag-util.h core/snacc-util.h back-ends/c-gen/gen-enc.h
-gen-dec.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+gen-dec.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/define.h core/lib-types.h back-ends/c-gen/rules.h \
back-ends/c-gen/type-info.h back-ends/str-util.h core/snacc-util.h \
back-ends/c-gen/util.h back-ends/tag-util.h back-ends/c-gen/gen-dec.h
-gen-vals.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+gen-vals.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/oid.h core/asn1module.h core/define.h core/lib-types.h \
back-ends/c-gen/rules.h back-ends/c-gen/type-info.h back-ends/str-util.h \
core/snacc-util.h back-ends/c-gen/util.h back-ends/c-gen/kwd.h \
back-ends/c-gen/gen-vals.h
-gen-free.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+gen-free.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/define.h back-ends/c-gen/rules.h \
back-ends/c-gen/type-info.h back-ends/str-util.h back-ends/c-gen/util.h \
back-ends/c-gen/gen-free.h
-gen-print.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+gen-print.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/define.h back-ends/c-gen/rules.h \
back-ends/c-gen/type-info.h back-ends/str-util.h back-ends/c-gen/util.h \
back-ends/c-gen/gen-print.h
-gen-any.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+gen-any.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h back-ends/c-gen/rules.h core/define.h \
back-ends/str-util.h back-ends/c-gen/gen-vals.h core/lib-types.h \
back-ends/c-gen/gen-any.h
-kwd.o : ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- ../policy.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h \
+kwd.o : ../snacc.h ../config.h /usr/include/stdlib.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/sys/cdefs.h ../policy.h /usr/include/string.h \
back-ends/c-gen/kwd.h
-kwd.o : ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- ../policy.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h \
+kwd.o : ../snacc.h ../config.h /usr/include/stdlib.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/sys/cdefs.h ../policy.h /usr/include/string.h \
back-ends/c++-gen/kwd.h
-types.o : /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+types.o : /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/define.h core/asn1module.h core/snacc-util.h back-ends/str-util.h \
back-ends/c++-gen/rules.h back-ends/c++-gen/kwd.h \
back-ends/c++-gen/types.h
rules.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
- core/asn1module.h back-ends/c++-gen/rules.h
-gen-code.o : ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- ../policy.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/time.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/time.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/limits.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/limits.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h \
- ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h \
- ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h \
- ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h \
- ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h \
- ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h core/asn1module.h \
- core/define.h core/lib-types.h back-ends/c++-gen/rules.h \
- back-ends/c++-gen/types.h back-ends/cond.h back-ends/str-util.h \
- core/snacc-util.h core/print.h back-ends/tag-util.h core/meta.h \
- back-ends/c++-gen/gen-vals.h back-ends/c++-gen/gen-any.h \
+ /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \
+ ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \
+ ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \
+ ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \
+ ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \
+ ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \
+ ../c-lib/inc/asn-useful.h core/asn1module.h back-ends/c++-gen/rules.h
+gen-code.o : ../snacc.h ../config.h /usr/include/stdlib.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/sys/cdefs.h ../policy.h /usr/include/sys/time.h \
+ /usr/include/sys/types.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h /usr/include/time.h \
+ /usr/include/machine/limits.h /usr/include/ppc/limits.h \
+ /usr/include/string.h /usr/include/stdio.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
+ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
+ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
+ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
+ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
+ core/asn1module.h core/define.h core/lib-types.h \
+ back-ends/c++-gen/rules.h back-ends/c++-gen/types.h back-ends/cond.h \
+ back-ends/str-util.h core/snacc-util.h core/print.h back-ends/tag-util.h \
+ core/meta.h back-ends/c++-gen/gen-vals.h back-ends/c++-gen/gen-any.h \
back-ends/c++-gen/gen-code.h
-gen-vals.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+gen-vals.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/oid.h core/define.h core/lib-types.h \
back-ends/str-util.h core/snacc-util.h back-ends/c++-gen/rules.h \
back-ends/c++-gen/gen-vals.h
-gen-any.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+gen-any.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/define.h back-ends/str-util.h \
back-ends/c++-gen/rules.h back-ends/c++-gen/gen-vals.h core/lib-types.h \
back-ends/c++-gen/gen-any.h
rules.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
- core/asn1module.h back-ends/idl-gen/rules.h
-types.o : /System/Library/Frameworks/System.framework/Headers/bsd/ctype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/runetype.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \
+ ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \
+ ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \
+ ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \
+ ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \
+ ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \
+ ../c-lib/inc/asn-useful.h core/asn1module.h back-ends/idl-gen/rules.h
+types.o : /usr/include/ctype.h /usr/include/runetype.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
+ ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
+ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
+ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
+ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
+ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/define.h core/asn1module.h core/snacc-util.h back-ends/str-util.h \
back-ends/idl-gen/rules.h back-ends/c++-gen/kwd.h \
back-ends/idl-gen/types.h
-gen-any.o : /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+gen-any.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/define.h back-ends/str-util.h \
back-ends/idl-gen/rules.h back-ends/idl-gen/gen-vals.h core/lib-types.h \
back-ends/idl-gen/gen-any.h
-gen-code.o : ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- ../policy.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/string.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h \
- ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h \
- ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h \
- ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h \
- ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h \
- ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h core/asn1module.h \
- core/define.h core/lib-types.h back-ends/idl-gen/rules.h \
- back-ends/idl-gen/types.h back-ends/cond.h back-ends/str-util.h \
- core/snacc-util.h core/print.h back-ends/tag-util.h \
+gen-code.o : ../snacc.h ../config.h /usr/include/stdlib.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/sys/cdefs.h ../policy.h /usr/include/string.h \
+ /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
+ ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
+ ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
+ ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
+ ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
+ core/asn1module.h core/define.h core/lib-types.h \
+ back-ends/idl-gen/rules.h back-ends/idl-gen/types.h back-ends/cond.h \
+ back-ends/str-util.h core/snacc-util.h core/print.h back-ends/tag-util.h \
back-ends/idl-gen/gen-vals.h back-ends/idl-gen/gen-any.h \
back-ends/idl-gen/gen-code.h
-gen-vals.o : \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
+gen-vals.o : /usr/include/stdio.h /usr/include/sys/types.h \
+ /usr/include/sys/cdefs.h /usr/include/machine/types.h \
+ /usr/include/ppc/types.h /usr/include/machine/ansi.h \
+ /usr/include/ppc/ansi.h /usr/include/machine/endian.h \
+ /usr/include/ppc/endian.h ../c-lib/inc/asn-incl.h \
+ ../c-lib/inc/asn-config.h /usr/include/setjmp.h \
+ /usr/include/machine/setjmp.h /usr/include/ppc/setjmp.h \
+ /usr/include/machine/signal.h /usr/include/ppc/signal.h \
+ /usr/include/math.h ../snacc.h ../config.h /usr/include/stdlib.h \
../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
+ ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/inc/asn-useful.h \
core/asn1module.h core/oid.h core/define.h core/lib-types.h \
back-ends/str-util.h core/snacc-util.h back-ends/idl-gen/rules.h \
back-ends/idl-gen/gen-vals.h
tbl.o : ../c-lib/inc/asn-incl.h ../c-lib/inc/asn-config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdio.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/sys/cdefs.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/types.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/ansi.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/endian.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/setjmp.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/machine/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/ppc/signal.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/math.h \
- ../snacc.h ../config.h \
- /System/Library/Frameworks/System.framework/Headers/bsd/stdlib.h \
- ../policy.h ../c-lib/inc/mem.h ../c-lib/inc/exp-buf.h \
- ../c-lib/inc/print.h ../c-lib/inc/asn-len.h ../c-lib/inc/asn-tag.h \
- ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h ../c-lib/inc/asn-enum.h \
- ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h ../c-lib/inc/asn-bits.h \
- ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h ../c-lib/inc/asn-any.h \
- ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h ../c-lib/boot/asn-useful.h \
- core/tbl.h
+ /usr/include/stdio.h /usr/include/sys/types.h /usr/include/sys/cdefs.h \
+ /usr/include/machine/types.h /usr/include/ppc/types.h \
+ /usr/include/machine/ansi.h /usr/include/ppc/ansi.h \
+ /usr/include/machine/endian.h /usr/include/ppc/endian.h \
+ /usr/include/setjmp.h /usr/include/machine/setjmp.h \
+ /usr/include/ppc/setjmp.h /usr/include/machine/signal.h \
+ /usr/include/ppc/signal.h /usr/include/math.h ../snacc.h ../config.h \
+ /usr/include/stdlib.h ../policy.h ../c-lib/inc/mem.h \
+ ../c-lib/inc/exp-buf.h ../c-lib/inc/print.h ../c-lib/inc/asn-len.h \
+ ../c-lib/inc/asn-tag.h ../c-lib/inc/asn-bool.h ../c-lib/inc/asn-int.h \
+ ../c-lib/inc/asn-enum.h ../c-lib/inc/asn-real.h ../c-lib/inc/asn-octs.h \
+ ../c-lib/inc/asn-bits.h ../c-lib/inc/asn-oid.h ../c-lib/inc/asn-null.h \
+ ../c-lib/inc/asn-any.h ../c-lib/inc/hash.h ../c-lib/inc/asn-list.h \
+ ../c-lib/inc/asn-useful.h core/tbl.h
-Thu Jun 8 12:35:10 PDT 2000
+Wed Mar 20 11:39:19 PST 2002
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/*
* tbl.c
*
* "TBL" ASN.1 module encode/decode/print/free C src.
*
- * This file was generated by snacc on Thu Jun 8 12:35:09 2000
+ * This file was generated by snacc on Tue Mar 19 07:24:43 2002
*
* UBC snacc written by Mike Sample
*
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/*
* tbl.h
*
* "TBL" ASN.1 module C type definitions and prototypes
*
- * This .h file was generated by snacc on Thu Jun 8 12:35:09 2000
+ * This .h file was generated by snacc on Tue Mar 19 07:24:43 2002
*
* UBC snacc written compiler by Mike Sample
*
ac_cv_func_memcpy=${ac_cv_func_memcpy=yes}
ac_cv_func_memset=${ac_cv_func_memset=yes}
ac_cv_func_vprintf=${ac_cv_func_vprintf=yes}
-ac_cv_have_x=${ac_cv_have_x='have_x=no'}
+ac_cv_have_x=${ac_cv_have_x=have_x=no}
ac_cv_header_dirent_dirent_h=${ac_cv_header_dirent_dirent_h=yes}
ac_cv_header_fcntl_h=${ac_cv_header_fcntl_h=yes}
ac_cv_header_malloc_h=${ac_cv_header_malloc_h=no}
ac_cv_header_memory_h=${ac_cv_header_memory_h=yes}
ac_cv_header_stdc=${ac_cv_header_stdc=yes}
ac_cv_header_string_h=${ac_cv_header_string_h=yes}
+ac_cv_header_tcl_h=${ac_cv_header_tcl_h=yes}
ac_cv_header_time=${ac_cv_header_time=yes}
ac_cv_header_unistd_h=${ac_cv_header_unistd_h=yes}
ac_cv_lib_dir_opendir=${ac_cv_lib_dir_opendir=no}
ac_cv_lib_fl_yywrap=${ac_cv_lib_fl_yywrap=no}
+ac_cv_lib_ld_ldopen=${ac_cv_lib_ld_ldopen=no}
ac_cv_lib_m_sin=${ac_cv_lib_m_sin=no}
+ac_cv_lib_tcl_Tcl_CreateInterp=${ac_cv_lib_tcl_Tcl_CreateInterp=yes}
+ac_cv_lib_tk_Tk_CreateWindow=${ac_cv_lib_tk_Tk_CreateWindow=no}
ac_cv_path_install=${ac_cv_path_install='/usr/bin/install -c'}
ac_cv_prog_AR=${ac_cv_prog_AR=ar}
ac_cv_prog_CC=${ac_cv_prog_CC=cc}
ac_cv_prog_MKDEP=${ac_cv_prog_MKDEP=mkdep}
ac_cv_prog_PATCH=${ac_cv_prog_PATCH=patch}
ac_cv_prog_RANLIB=${ac_cv_prog_RANLIB=ranlib}
+ac_cv_prog_TCLSH=${ac_cv_prog_TCLSH=tclsh}
ac_cv_prog_YACC=${ac_cv_prog_YACC='bison -y'}
ac_cv_prog_cc_cc_c_o=${ac_cv_prog_cc_cc_c_o=yes}
ac_cv_prog_cc_cross=${ac_cv_prog_cc_cross=no}
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/* config.h. Generated automatically by configure. */
/* config.h.in. Generated automatically from configure.in by autoheader. */
/*
* file: acconfig.h
- *
- * $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/config.h,v 1.1.1.1 2001/05/18 23:14:04 mb Exp $
- * $Log: config.h,v $
- * Revision 1.1.1.1 2001/05/18 23:14:04 mb
- * Move from private repository to open source repository
- *
- * Revision 1.5 2001/05/05 00:59:16 rmurphy
- * Adding darwin license headers
- *
- * Revision 1.4 2000/12/21 23:56:19 dmitch
- * Misc. updates for clean build on Cheetah 1D7.
- *
- * Revision 1.1.1.1 1999/03/16 18:05:47 aram
- * Originals from SMIME Free Library.
- *
- * Revision 1.7 1997/03/03 11:58:26 wan
- * Final pre-delivery stuff (I hope).
- *
- * Revision 1.6 1997/02/28 13:39:34 wan
- * Modifications collected for new version 1.3: Bug fixes, tk4.2.
- *
- * Revision 1.5 1997/02/15 20:01:37 rj
- * check whether the compiler supports volatile functions (and whether abort() is volatile).
- *
- * Revision 1.4 1995/02/20 11:16:57 rj
- * cpp switch HAVE_VARIABLE_SIZED_AUTOMATIC_ARRAYS added.
- *
- * Revision 1.3 1995/02/13 14:46:49 rj
- * settings for IEEE_REAL_FMT/IEEE_REAL_LIB moved from {c_lib,c++_lib}/inc/asn_config.h to acconfig.h.
- *
- * Revision 1.2 1994/10/08 04:38:56 rj
- * slot for autoconf Tcl detection added.
- *
- * Revision 1.1 1994/09/01 00:51:19 rj
- * first check-in (new file).
- *
*/
/*
configure:2652: checking for memcmp
configure:2709: checking for X
configure:3543: checking for tclsh
+configure:3576: checking for tcl.h
+configure:3603: checking for ldopen in -lld
+configure:3643: checking for Tcl_CreateInterp in -ltcl
+configure:3680: checking for Tk_CreateWindow in -ltk
configure:3800: checking for latex
configure:3835: checking for bibtex
configure:3870: checking for dvips
# Generated automatically by configure.
# Run this file to recreate the current configuration.
# This directory was configured as follows,
-# on host dougsx:
+# on host localhost:
#
# ./configure
#
s%@mandir@%${prefix}/man%g
s%@SET_MAKE@%%g
s%@CC@%cc%g
-s%@MKDEP_CCINC@%-I/usr/local/include -I/usr/libexec/ppc/2.95.2
-/usr/libexec/ppc/include -F/System/Library/PrivateFrameworks%g
+s%@MKDEP_CCINC@%-I/usr/local/include -I/usr/libexec/gcc/darwin/ppc/2.95.2/include -F/System/Library/PrivateFrameworks%g
s%@CPP@%cc -E -traditional-cpp%g
s%@CXX@%c++%g
s%@SNACC_NOVOLAT@%%g
s%@X_PRE_LIBS@%%g
s%@X_LIBS@%%g
s%@X_EXTRA_LIBS@%%g
-s%@TCLSH@%false%g
+s%@TCLSH@%tclsh%g
s%@TCLLIBS@%%g
s%@TREELIBS@%%g
s%@LATEX@%false%g
# (unless it is the file Generated automatically from makehead.in by configure.)
#
# INSERT_VDA_COMMENTS
-#
-# $Header: /cvs/Darwin/Security/SecuritySNACCRuntime/makehead,v 1.1.1.1 2001/05/18 23:14:04 mb Exp $
-# $Log: makehead,v $
-# Revision 1.1.1.1 2001/05/18 23:14:04 mb
-# Move from private repository to open source repository
-#
-# Revision 1.4 2000/06/15 18:50:16 dmitch
-# Doc change only.
-#
-# Revision 1.1.1.1 1999/03/16 18:05:49 aram
-# Originals from SMIME Free Library.
-#
-# Revision 1.7 1997/02/16 16:44:50 rj
-# made return *this after calling abort()'' a compile time option.
-#
-# Revision 1.6 1995/09/07 18:38:39 rj
-# PSBOOK and PSNUP added. (they get used in .../doc/makefile)
-#
-# manext and mandir split into two pairs, for sections 1 and n.
-#
-# Revision 1.5 1995/07/24 14:59:35 rj
-# new macros added:
-# libexecdir for architecture-specific stuff
-# tcldir under libdir (architecture independent)
-# TCLSH
-# DEPENDENCIES for c*-lib's multiple dependencies via recursive make calls
-# TREELIBS for tree-3.6 widget libs
-# PATCH for c-lib to patch tbl.h
-# TCL-P utility prog that returns whether the tcl interface should be made as exit code
-#
-# Revision 1.4 1995/02/18 11:53:46 rj
-# added a small hack to find gcc's hidden include directory to pass it to makedepend. this shall enable X11's makedepend to find .h files a little more the way gcc does.
-#
-# Revision 1.3 1995/02/13 14:53:58 rj
-# CFLAGS, CXXFLAGS and LDFLAGS moved from the various makefiles to here.
-#
-# Revision 1.2 1994/10/08 04:30:32 rj
-# Tcl and X11 libs added
-#
-# Revision 1.1 1994/09/01 00:51:23 rj
-# first check-in (new file).
#
srcdir = .
ECHO = echo
-TCLSH = false
+TCLSH = tclsh
SNACC_NOVOLAT =
MKDEP = mkdep
-MKDEP_CCINC = -I/usr/local/include -I/usr/libexec/ppc/2.95.2/include
+MKDEP_CCINC = -I/usr/local/include -I/usr/libexec/gcc/darwin/ppc/2.95.2/include -F/System/Library/PrivateFrameworks
DEPENDENCIES = dependencies
archiveVersion = 1;
classes = {
};
- objectVersion = 31;
+ objectVersion = 36;
objects = {
00FA20B2FFD8762011CD2A97 = {
buildRules = (
);
buildSettings = {
COPY_PHASE_STRIP = NO;
+ OPTIMIZATION_CFLAGS = "-O0";
};
isa = PBXBuildStyle;
name = Development;
isa = PBXBuildStyle;
name = Deployment;
};
+//000
+//001
+//002
+//003
+//004
+//050
+//051
+//052
+//053
+//054
0509B1B6FF15460611CD283A = {
isa = PBXFrameworkReference;
path = SecuritySNACCRuntime.framework;
refType = 3;
};
+//050
+//051
+//052
+//053
+//054
+//150
+//151
+//152
+//153
+//154
15CACFCEFF6579E2D0A17CE7 = {
isa = PBXFileReference;
name = cdsaUtils.cpp;
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 15CACFD2FF657BF5D0A17CE7 = {
- isa = PBXFrameworkReference;
- name = cdsa_utilities.framework;
- path = /System/Library/PrivateFrameworks/cdsa_utilities.framework;
- refType = 0;
- };
- 15CACFD3FF657BF5D0A17CE7 = {
- fileRef = 15CACFD2FF657BF5D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
+//150
+//151
+//152
+//153
+//154
+//3D0
+//3D1
+//3D2
+//3D3
+//3D4
3D3E9FE5FEF01C90D0A17CE7 = {
buildStyles = (
00FA20B2FFD8762011CD2A97,
isa = PBXProject;
mainGroup = 3D3E9FE6FEF01C90D0A17CE7;
productRefGroup = 5D41A7C1FEF026FFD0A17CE7;
- projectDirPath = .;
+ projectDirPath = "";
targets = (
6B215E98FEF02818D0A17CE7,
5D41A7C3FEF026FFD0A17CE7,
6B215E9BFEF02ACDD0A17CE7,
6B215E9CFEF02ACDD0A17CE7,
15CACFCEFF6579E2D0A17CE7,
- 15CACFD2FF657BF5D0A17CE7,
+ 9D176EDF02478EF100003D05,
);
isa = PBXGroup;
refType = 4;
FRAMEWORK_SEARCH_PATHS = "";
HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\"";
LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
OTHER_CFLAGS = "";
OTHER_LDFLAGS = "";
OTHER_REZFLAGS = "";
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
};
buildToolPath = /usr/bin/make;
- conditionalBuildSettings = {
- };
dependencies = (
);
isa = PBXLegacyTarget;
settingsToPassOnCommandLine = 280;
shouldUseHeadermap = 0;
};
+//3D0
+//3D1
+//3D2
+//3D3
+//3D4
+//5D0
+//5D1
+//5D2
+//5D3
+//5D4
5D41A792FEF026FFD0A17CE7 = {
isa = PBXFileReference;
name = "asn-any.cpp";
buildSettings = {
DYLIB_COMPATIBILITY_VERSION = 1;
DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYMROOT)\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
+ FRAMEWORK_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
FRAMEWORK_VERSION = A;
HEADER_SEARCH_PATHS = "";
INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
OTHER_CFLAGS = "-DVDADER_RULES";
- OTHER_LDFLAGS = "-lstdc++ -sectorder __TEXT __text $(APPLE_INTERNAL_DIR)/OrderFiles/SecuritySNACCRuntime.order";
+ OTHER_LDFLAGS = "\"-lstdc++\"";
OTHER_LIBTOOL_FLAGS = "";
OTHER_REZFLAGS = "";
PRINCIPAL_CLASS = "";
PRODUCT_NAME = SecuritySNACCRuntime;
- SECTORDER_FLAGS = "";
+ SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(APPLE_INTERNAL_DIR)/OrderFiles/SecuritySNACCRuntime.order\"";
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
WRAPPER_EXTENSION = framework;
};
- conditionalBuildSettings = {
- };
dependencies = (
);
isa = PBXFrameworkTarget;
15CACFD1FF657A5BD0A17CE7,
);
isa = PBXHeadersBuildPhase;
- name = Headers;
};
5D41A7C5FEF026FFD0A17CE7 = {
fileRef = 5D41A7A5FEF026FFD0A17CE7;
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7C6FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7C7FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7C8FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7C9FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7CAFEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7CBFEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7CCFEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7CDFEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7CEFEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7CFFEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7D0FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7D1FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7D2FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7D3FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7D4FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7D5FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7D6FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7D7FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7D8FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7D9FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7DAFEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7DBFEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7DCFEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7DDFEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7DEFEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7DFFEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7E0FEF026FFD0A17CE7 = {
ATTRIBUTES = (
Public,
);
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
};
};
5D41A7E1FEF026FFD0A17CE7 = {
files = (
);
isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
};
5D41A7E2FEF026FFD0A17CE7 = {
buildActionMask = 2147483647;
15CACFCFFF6579E2D0A17CE7,
);
isa = PBXSourcesBuildPhase;
- name = Sources;
};
5D41A7E3FEF026FFD0A17CE7 = {
fileRef = 5D41A792FEF026FFD0A17CE7;
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
5D41A7F6FEF026FFD0A17CE7 = {
buildActionMask = 2147483647;
files = (
- 15CACFD3FF657BF5D0A17CE7,
+ 9D176FDC02478EF100003D05,
);
isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
};
5D41A7F7FEF026FFD0A17CE7 = {
buildActionMask = 2147483647;
files = (
);
isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
};
+//5D0
+//5D1
+//5D2
+//5D3
+//5D4
+//6B0
+//6B1
+//6B2
+//6B3
+//6B4
6B215E98FEF02818D0A17CE7 = {
buildPhases = (
);
FRAMEWORK_SEARCH_PATHS = "";
HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\"";
LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
OTHER_CFLAGS = "";
OTHER_LDFLAGS = "";
OTHER_REZFLAGS = "";
SECTORDER_FLAGS = "";
WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
};
- conditionalBuildSettings = {
- };
dependencies = (
6B215E9AFEF02818D0A17CE7,
);
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
isa = PBXBuildFile;
settings = {
ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
);
};
};
+//6B0
+//6B1
+//6B2
+//6B3
+//6B4
+//9D0
+//9D1
+//9D2
+//9D3
+//9D4
+ 9D176EDF02478EF100003D05 = {
+ isa = PBXFrameworkReference;
+ name = Security.framework;
+ path = /System/Library/Frameworks/Security.framework;
+ refType = 0;
+ };
+ 9D176FDC02478EF100003D05 = {
+ fileRef = 9D176EDF02478EF100003D05;
+ isa = PBXBuildFile;
+ settings = {
+ };
+ };
};
rootObject = 3D3E9FE5FEF01C90D0A17CE7;
}
-Thu Dec 21 15:42:05 PST 2000
+Tue Mar 19 10:27:31 PST 2002
SessionAttributeBits attributes)
{
BEGIN_API
-
- // just to be on the safe side, drop any cached connection to the SecurityServer
- server.reset();
// unless the (expert) caller has already done so, create a sub-bootstrap and set it
// note that this is inherently thread-unfriendly; we can't do anything about that
// (caller's responsibility)
Bootstrap bootstrap;
if (!(flags & sessionKeepCurrentBootstrap)) {
- TaskPort self;
- bootstrap = bootstrap.subset(self);
- self.bootstrap(bootstrap);
+ TaskPort self;
+ bootstrap = bootstrap.subset(TaskPort());
+ self.bootstrap(bootstrap);
}
// now call the SecurityServer and tell it to initialize the (new) session
server().setupSession(flags, attributes);
-
+
END_API(CSSM)
}
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
/*
- * Authorization.h
- * Authorization -- APIs for implementing access control in applications and daemons.
- *
- * Copyright (C) 2000, 2001 by Apple Computer, Inc., all rights reserved
- *
+ * Authorization.h -- APIs for implementing access control in applications
+ * and daemons.
*/
-#if !defined(__Authorization__)
-#define __Authorization__ 1
+#ifndef _SECURITY_AUTHORIZATION_H_
+#define _SECURITY_AUTHORIZATION_H_
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
#include <stdio.h>
If any of the operations that the preference panel wishes to perform are currently not allowed the lock icon in the window would show up in the locked state. Otherwise it would show up unlocked.
- When the user locks the lock AuthorizationFree() is called with the kAuthorizationFreeFlagDestroy to destroy any authorization rights that have been aquired.
+ When the user locks the lock AuthorizationFree() is called with the kAuthorizationFlagDestroyRights to destroy any authorization rights that have been aquired.
When the user unlocks the lock AuthorizationCreate() is called with the kAuthorizationFlagInteractionAllowed and kAuthorizationFlagExtendRights flags to obtain all required rights. The old authorization object can be freed by calling AuthorizationFree() with no flags.
/*!
@function AuthorizationFree
- Destroy an AutorizationRef object. If the kAuthorizationFreeFlagDestroy flag is passed,
+ Destroy an AutorizationRef object. If the kAuthorizationFlagDestroyRights flag is passed,
any rights associated with the authorization are lost. Otherwise, only local resources
are released, and the rights may still be available to other clients.
@param authorization The (valid) authorization reference to externalize
@param extForm Pointer to an AuthorizationExternalForm variable to fill.
- @result TBD
+ @result errAuthorizationSuccess 0 No error.
+
+ errAuthorizationExternalizeNotAllowed -60009 Externalizing this authorization is not allowed.
+
+ errAuthorizationInvalidRef -60002 The authorization parameter is invalid.
+
+
*/
OSStatus AuthorizationMakeExternalForm(AuthorizationRef authorization,
AuthorizationExternalForm *extForm);
@param extForm Pointer to an AuthorizationExternalForm value.
@param authorization Will be filled with a valid AuthorizationRef on success.
- @result TBD
+ @result errAuthorizationInternalizeNotAllowed -60010 Internalizing this authorization is not allowed.
*/
OSStatus AuthorizationCreateFromExternalForm(const AuthorizationExternalForm *extForm,
AuthorizationRef *authorization);
}
#endif
-#endif /* ! __Authorization__ */
+#endif /* !_SECURITY_AUTHORIZATION_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * AuthorizationData.cpp
+ * Authorization
+ *
+ * Created by Michael Brouwer on Thu Oct 12 2000.
+ * Copyright (c) 2000 Apple Computer Inc. All rights reserved.
+ *
+ */
+
+#include "AuthorizationData.h"
+
+
+namespace Authorization {
+
+
+//
+// Right class
+//
+Right &
+Right::overlay(AuthorizationItem &item)
+{
+ return static_cast<Right &>(item);
+}
+
+Right *
+Right::overlay(AuthorizationItem *item)
+{
+ return static_cast<Right *>(item);
+}
+
+Right::Right()
+{
+ name = "";
+ valueLength = 0;
+ value = NULL;
+ flags = 0;
+}
+
+Right::Right(AuthorizationString inName, size_t inValueLength, const void *inValue)
+{
+ name = inName;
+ valueLength = inValueLength;
+ value = const_cast<void *>(inValue);
+}
+
+Right::~Right()
+{
+}
+
+bool
+Right::operator < (const Right &other) const
+{
+ return strcmp(name, other.name) < 0;
+}
+
+
+//
+// RightSet class
+//
+const AuthorizationRights RightSet::gEmptyRights = { 0, NULL };
+
+RightSet::RightSet(const AuthorizationRights *rights) :
+mRights(const_cast<AuthorizationRights *>(rights ? rights : &gEmptyRights))
+{
+}
+
+RightSet::RightSet(const RightSet &other)
+{
+ mRights = other.mRights;
+}
+
+RightSet::~RightSet()
+{
+}
+
+RightSet::const_reference
+RightSet::back() const
+{
+ // @@@ Should this if empty::throwMe()?
+ return static_cast<const_reference>(mRights->items[size() - 1]);
+}
+
+
+//
+// MutableRightSet class
+//
+MutableRightSet::MutableRightSet(size_t count, const Right &element) :
+mCapacity(count)
+{
+ mRights = new AuthorizationRights();
+ mRights->items = reinterpret_cast<pointer>(malloc(sizeof(Right) * mCapacity));
+ if (!mRights->items)
+ {
+ delete mRights;
+ throw std::bad_alloc();
+ }
+
+ mRights->count = count;
+ for (size_type ix = 0; ix < count; ++ix)
+ mRights->items[ix] = element;
+}
+
+MutableRightSet::MutableRightSet(const RightSet &other)
+{
+ size_type count = other.size();
+ mCapacity = count;
+ mRights = new AuthorizationRights();
+
+ mRights->items = reinterpret_cast<pointer>(malloc(sizeof(Right) * mCapacity));
+ if (!mRights->items)
+ {
+ delete mRights;
+ throw std::bad_alloc();
+ }
+
+ mRights->count = count;
+ for (size_type ix = 0; ix < count; ++ix)
+ mRights->items[ix] = other.mRights->items[ix];
+}
+
+MutableRightSet::~MutableRightSet()
+{
+ free(mRights->items);
+ delete mRights;
+}
+
+MutableRightSet &
+MutableRightSet::operator = (const RightSet &other)
+{
+ size_type count = other.size();
+ if (capacity() < count)
+ grow(count);
+
+ mRights->count = count;
+ for (size_type ix = 0; ix < count; ++ix)
+ mRights->items[ix] = other.mRights->items[ix];
+
+ return *this;
+}
+
+void
+MutableRightSet::swap(MutableRightSet &other)
+{
+ AuthorizationRights *rights = mRights;
+ size_t capacity = mCapacity;
+ mRights = other.mRights;
+ mCapacity = other.mCapacity;
+ other.mRights = rights;
+ other.mCapacity = capacity;
+}
+
+MutableRightSet::reference
+MutableRightSet::back()
+{
+ // @@@ Should this if empty::throwMe()?
+ return static_cast<reference>(mRights->items[size() - 1]);
+}
+
+void
+MutableRightSet::push_back(const_reference right)
+{
+ if (size() >= capacity())
+ grow(capacity() + 1);
+
+ mRights->items[mRights->count] = right;
+ mRights->count++;
+}
+
+void
+MutableRightSet::pop_back()
+{
+ // @@@ Should this if empty::throwMe()?
+ if (!empty())
+ mRights->count--;
+}
+
+void
+MutableRightSet::grow(size_type min_capacity)
+{
+ size_type newCapacity = mCapacity * mCapacity;
+ if (newCapacity < min_capacity)
+ newCapacity = min_capacity;
+
+ void *newItems = realloc(mRights->items, sizeof(*mRights->items) * newCapacity);
+ if (!newItems)
+ throw std::bad_alloc();
+
+ mRights->items = reinterpret_cast<pointer>(newItems);
+ mCapacity = newCapacity;
+}
+
+
+} // end namespace Authorization
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * AuthorizationData.h
+ * Authorization
+ *
+ * Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved
+ *
+ */
+
+#ifndef _H_AUTHORIZATIONDATA
+#define _H_AUTHORIZATIONDATA 1
+
+#include <Security/Authorization.h>
+#include <Security/AuthorizationPlugin.h>
+
+// ptrdiff_t needed, so including STL type closest
+#include <vector>
+
+namespace Authorization
+{
+
+
+class MutableRightSet;
+class RightSet;
+
+class Right : protected AuthorizationItem
+{
+ friend class MutableRightSet;
+ friend class RightSet;
+public:
+ static Right &overlay(AuthorizationItem &item);
+ static Right *overlay(AuthorizationItem *item);
+ Right();
+ Right(AuthorizationString name, size_t valueLength, const void *value);
+ ~Right();
+
+ bool operator < (const Right &other) const;
+ AuthorizationString rightName() const { return name; }
+ size_t argumentLength() const { return valueLength; }
+ const void *argument() const { return value; }
+};
+
+
+/* A RightSet is a Container and a Back Insertion Sequence, but it is not a Sequence. Also it only
+ implements the const members of Container and Back Insertion Sequence. */
+class RightSet
+{
+ friend class MutableRightSet;
+public:
+ // Container required memebers
+ typedef Right value_type;
+ typedef const Right &const_reference;
+ typedef const Right *const_pointer;
+ typedef const_pointer const_iterator;
+ typedef ptrdiff_t difference_type;
+ typedef size_t size_type;
+
+ RightSet(const AuthorizationRights *rights = NULL);
+ RightSet(const RightSet &other);
+ ~RightSet();
+
+ size_type size() const { return mRights->count; }
+ size_type max_size() const { return INT_MAX; }
+ const_iterator begin() const { return static_cast<const_pointer>(mRights->items); }
+ const_iterator end() const { return static_cast<const_pointer>(&mRights->items[mRights->count]); }
+ bool empty() const { return size() == 0; }
+
+ // Back Insertion Sequence required memebers
+ const_reference back() const;
+
+ // Other convenience members
+ operator const AuthorizationRights *() const { return mRights; }
+private:
+ RightSet &operator = (const RightSet &other);
+
+protected:
+ static const AuthorizationRights gEmptyRights;
+ AuthorizationRights *mRights;
+};
+
+
+/* A MutableRightSet is a Container and a Back Insertion Sequence, but it is not a Sequence. */
+class MutableRightSet : public RightSet
+{
+public:
+ // Container required memebers
+ typedef Right &reference;
+ typedef Right *pointer;
+ typedef pointer iterator;
+
+ MutableRightSet(size_t count = 0, const Right &element = Right());
+ MutableRightSet(const RightSet &other);
+ ~MutableRightSet();
+
+ MutableRightSet &operator = (const RightSet &other);
+
+ iterator begin() { return static_cast<pointer>(mRights->items); }
+ iterator end() { return static_cast<pointer>(&mRights->items[mRights->count]); }
+ void swap(MutableRightSet &other);
+
+ // Back Insertion Sequence required memebers
+ reference back();
+ void push_back(const_reference right);
+ void pop_back();
+
+ // Other convenience members
+ size_type capacity() const { return mCapacity; }
+private:
+ void grow(size_type min_capacity);
+
+ size_type mCapacity;
+};
+
+typedef RightSet AuthItemSet;
+typedef MutableRightSet MutableAuthItemSet;
+
+class FindAuthItemByRightName
+{
+public:
+ FindAuthItemByRightName(const char *find_name) : name(find_name) { }
+
+ bool operator()( const Right& right )
+ {
+ return (!strcmp(name, right.rightName()));
+ }
+ bool operator()( const AuthorizationItem* item )
+ {
+ return (!strcmp(name, item->name));
+ }
+
+private:
+ const char *name;
+};
+
+
+}; // namespace Authorization
+
+#endif /* ! _H_AUTHORIZATIONDATA */
* Copyright (c) 2000 Apple Computer Inc. All rights reserved.
*
*/
-
#include "AuthorizationEngine.h"
+#include <Security/AuthorizationWalkers.h>
#include "server.h"
#include "authority.h"
#include <Security/AuthorizationTags.h>
#include <Security/logging.h>
+#include <Security/cfutilities.h>
#include <Security/debugging.h>
+#include "session.h"
#include <CoreFoundation/CFData.h>
#include <CoreFoundation/CFNumber.h>
#include <unistd.h>
#include <grp.h>
#include <pwd.h>
+#include <Security/checkpw.h>
-// for longname lookup
-#include <netinfo/ni.h>
-// private header (lu_utils.h from lookup project)
-extern "C" {
-int lookupd_query(ni_proplist *l, ni_proplist ***out);
-ni_proplist *lookupd_make_query(char *cat, char *fmt, ...);
-int _lu_running(void);
+// checkpw() that uses provided struct passwd
+extern "C"
+{
+int checkpw_internal( const char* userName, const char* password, const struct passwd *pw );
}
-using namespace Authorization;
+namespace Authorization {
+
//
// Errors to be thrown
{
}
-const char *Error::what() const
+const char *Error::what() const throw()
{ return "Authorization error"; }
-CSSM_RETURN Error::cssmError() const
+CSSM_RETURN Error::cssmError() const throw()
{ return error; } // @@@ eventually...
-OSStatus Error::osStatus() const
+OSStatus Error::osStatus() const throw()
{ return error; }
void Error::throwMe(int err) { throw Error(err); }
const char *user = username.c_str();
struct passwd *pw = getpwnam(user);
- do
- {
- if ( !pw && _lu_running() ) {
- // try lookup query to find passed username as a long name (realname in NI-speak)
- ni_proplist **out = NULL;
- // query "user" records. "k" specifies position of keys in varargs
- ni_proplist *in = lookupd_make_query("user", "kv", "realname", user);
- if (!in) break;
-
- int results = lookupd_query(in, &out);
- ni_proplist_free(in);
- if (!out) break;
-
- // Find the first, if any, name value in returned records, getpwnam, and dispose of them
- for (int i=0; i<results; ++i) {
- ni_proplist *nipl = out[i];
- for (unsigned int j=0; !pw && j< nipl->ni_proplist_len; j++) {
- if ( !strcmp(nipl->ni_proplist_val[j].nip_name, "name") &&
- (nipl->ni_proplist_val[j].nip_val.ni_namelist_len > 0) )
- pw = getpwnam( *(nipl->ni_proplist_val[j].nip_val.ni_namelist_val) );
- }
- ni_proplist_free(nipl);
- }
- free(out);
- }
+ do {
- if (!pw)
- {
- debug("autheval", "user %s not found, creating invalid credential", user);
- break;
- }
+ if (!pw)
+ {
+ debug("autheval", "user %s not found, creating invalid credential", user);
+ break;
+ }
- if (pw->pw_passwd != NULL && pw->pw_passwd[0])
- {
- const char *passwd = password.c_str();
- if (strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd))
- {
- debug("autheval", "password for user %s is invalid, creating invalid credential", user);
+ const char *passwd = password.c_str();
+ int checkpw_status = checkpw_internal(user, passwd, pw);
+
+ if (checkpw_status != CHECKPW_SUCCESS)
+ {
+ debug("autheval", "checkpw() for user %s failed with error %d, creating invalid credential", user, checkpw_status);
break;
- }
- }
+ }
- debug("autheval", "password for user %s is ok, creating%s credential",
+ debug("autheval", "checkpw() for user %s succeeded, creating%s credential",
user, mShared ? " shared" : "");
mUsername = string ( pw->pw_name );
mUid = pw->pw_uid;
mGid = pw->pw_gid;
mValid = true;
- }
+
+ endpwent();
+ }
while (0);
-
- if (pw)
- endpwent();
}
}
-//
-// Right class
-//
-Right &
-Right::overlay(AuthorizationItem &item)
-{
- return static_cast<Right &>(item);
-}
-
-Right *
-Right::overlay(AuthorizationItem *item)
-{
- return static_cast<Right *>(item);
-}
-
-Right::Right()
-{
- name = "";
- valueLength = 0;
- value = NULL;
- flags = 0;
-}
-
-Right::Right(AuthorizationString inName, size_t inValueLength, const void *inValue)
-{
- name = inName;
- valueLength = inValueLength;
- value = const_cast<void *>(inValue);
-}
-
-Right::~Right()
-{
-}
-
-bool
-Right::operator < (const Right &other) const
-{
- return strcmp(name, other.name) < 0;
-}
-
-
-//
-// RightSet class
-//
-const AuthorizationRights RightSet::gEmptyRights = { 0, NULL };
-
-RightSet::RightSet(const AuthorizationRights *rights) :
-mRights(const_cast<AuthorizationRights *>(rights ? rights : &gEmptyRights))
-{
-}
-
-RightSet::RightSet(const RightSet &other)
-{
- mRights = other.mRights;
-}
-
-RightSet::~RightSet()
-{
-}
-
-RightSet::const_reference
-RightSet::back() const
-{
- // @@@ Should this if empty::throwMe()?
- return static_cast<const_reference>(mRights->items[size() - 1]);
-}
-
-
-//
-// MutableRightSet class
-//
-MutableRightSet::MutableRightSet(size_t count, const Right &element) :
-mCapacity(count)
-{
- mRights = new AuthorizationRights();
- mRights->items = reinterpret_cast<pointer>(malloc(sizeof(Right) * mCapacity));
- if (!mRights->items)
- {
- delete mRights;
- throw std::bad_alloc();
- }
-
- mRights->count = count;
- for (size_type ix = 0; ix < count; ++ix)
- mRights->items[ix] = element;
-}
-
-MutableRightSet::MutableRightSet(const RightSet &other)
-{
- size_type count = other.size();
- mCapacity = count;
- mRights = new AuthorizationRights();
-
- mRights->items = reinterpret_cast<pointer>(malloc(sizeof(Right) * mCapacity));
- if (!mRights->items)
- {
- delete mRights;
- throw std::bad_alloc();
- }
-
- mRights->count = count;
- for (size_type ix = 0; ix < count; ++ix)
- mRights->items[ix] = other.mRights->items[ix];
-}
-
-MutableRightSet::~MutableRightSet()
-{
- free(mRights->items);
- delete mRights;
-}
-
-MutableRightSet &
-MutableRightSet::operator = (const RightSet &other)
-{
- size_type count = other.size();
- if (capacity() < count)
- grow(count);
-
- mRights->count = count;
- for (size_type ix = 0; ix < count; ++ix)
- mRights->items[ix] = other.mRights->items[ix];
-
- return *this;
-}
-
-void
-MutableRightSet::swap(MutableRightSet &other)
-{
- AuthorizationRights *rights = mRights;
- size_t capacity = mCapacity;
- mRights = other.mRights;
- mCapacity = other.mCapacity;
- other.mRights = rights;
- other.mCapacity = capacity;
-}
-
-MutableRightSet::reference
-MutableRightSet::back()
-{
- // @@@ Should this if empty::throwMe()?
- return static_cast<reference>(mRights->items[size() - 1]);
-}
-
-void
-MutableRightSet::push_back(const_reference right)
-{
- if (size() >= capacity())
- grow(capacity() + 1);
-
- mRights->items[mRights->count] = right;
- mRights->count++;
-}
-
-void
-MutableRightSet::pop_back()
-{
- // @@@ Should this if empty::throwMe()?
- if (!empty())
- mRights->count--;
-}
-
-void
-MutableRightSet::grow(size_type min_capacity)
-{
- size_type newCapacity = mCapacity * mCapacity;
- if (newCapacity < min_capacity)
- newCapacity = min_capacity;
-
- void *newItems = realloc(mRights->items, sizeof(*mRights->items) * newCapacity);
- if (!newItems)
- throw std::bad_alloc();
-
- mRights->items = reinterpret_cast<pointer>(newItems);
- mCapacity = newCapacity;
-}
-
-
//
// Rule class
//
CFStringRef Rule::kAllowRootID = CFSTR("allow-root");
CFStringRef Rule::kDenyID = CFSTR("deny");
CFStringRef Rule::kAllowID = CFSTR("allow");
+CFStringRef Rule::kEvalMechID = CFSTR("eval");
Rule::Rule() :
}
else if (CFGetTypeID(cfRule) == CFDictionaryGetTypeID())
{
- mType = kUserInGroup;
CFDictionaryRef dict = reinterpret_cast<CFDictionaryRef>(cfRule);
CFTypeRef groupTag = CFDictionaryGetValue(dict, kUserInGroupID);
- if (!groupTag || CFGetTypeID(groupTag) != CFStringGetTypeID())
- Error::throwMe();
- CFStringRef group = reinterpret_cast<CFStringRef>(groupTag);
- char buffer[512];
- const char *ptr = CFStringGetCStringPtr(group, kCFStringEncodingUTF8);
- if (ptr == NULL)
- {
- if (CFStringGetCString(group, buffer, 512, kCFStringEncodingUTF8))
- ptr = buffer;
- else
- Error::throwMe();
- }
-
- mGroupName = string(ptr);
-
- mMaxCredentialAge = DBL_MAX;
- CFTypeRef timeoutTag = CFDictionaryGetValue(dict, kTimeoutID);
- if (timeoutTag)
- {
- if (CFGetTypeID(timeoutTag) != CFNumberGetTypeID())
- Error::throwMe();
- CFNumberGetValue(reinterpret_cast<CFNumberRef>(timeoutTag), kCFNumberDoubleType, &mMaxCredentialAge);
- }
-
- CFTypeRef sharedTag = CFDictionaryGetValue(dict, kSharedID);
- mShared = false;
- if (sharedTag)
- {
- if (CFGetTypeID(sharedTag) != CFBooleanGetTypeID())
- Error::throwMe();
- mShared = CFBooleanGetValue(reinterpret_cast<CFBooleanRef>(sharedTag));
- }
+ // Probably a user in group rule
+ if (groupTag)
+ {
+ if (CFGetTypeID(groupTag) != CFStringGetTypeID())
+ Error::throwMe();
+
+ mType = kUserInGroup;
+
+ CFStringRef group = reinterpret_cast<CFStringRef>(groupTag);
+ char buffer[512];
+ const char *ptr = CFStringGetCStringPtr(group, kCFStringEncodingUTF8);
+ if (ptr == NULL)
+ {
+ if (CFStringGetCString(group, buffer, 512, kCFStringEncodingUTF8))
+ ptr = buffer;
+ else
+ Error::throwMe();
+ }
+
+ mGroupName = string(ptr);
+
+ mMaxCredentialAge = DBL_MAX;
+ CFTypeRef timeoutTag = CFDictionaryGetValue(dict, kTimeoutID);
+ if (timeoutTag)
+ {
+ if (CFGetTypeID(timeoutTag) != CFNumberGetTypeID())
+ Error::throwMe();
+ CFNumberGetValue(reinterpret_cast<CFNumberRef>(timeoutTag), kCFNumberDoubleType, &mMaxCredentialAge);
+ }
+
+ CFTypeRef sharedTag = CFDictionaryGetValue(dict, kSharedID);
+ mShared = false;
+ if (sharedTag)
+ {
+ if (CFGetTypeID(sharedTag) != CFBooleanGetTypeID())
+ Error::throwMe();
+ mShared = CFBooleanGetValue(reinterpret_cast<CFBooleanRef>(sharedTag));
+ }
+
+ CFTypeRef allowRootTag = CFDictionaryGetValue(dict, kAllowRootID);
+ mAllowRoot = false;
+ if (allowRootTag)
+ {
+ if (CFGetTypeID(allowRootTag) != CFBooleanGetTypeID())
+ Error::throwMe();
+ mAllowRoot = CFBooleanGetValue(reinterpret_cast<CFBooleanRef>(allowRootTag));
+ }
+ debug("authrule", "rule user in group \"%s\" timeout %g%s%s",
+ mGroupName.c_str(), mMaxCredentialAge, mShared ? " shared" : "",
+ mAllowRoot ? " allow-root" : "");
+ }
+ else
+ {
+ CFTypeRef mechTag = CFDictionaryGetValue(dict, kEvalMechID);
+ if (mechTag)
+ {
+ if (CFGetTypeID(mechTag) != CFStringGetTypeID())
+ Error::throwMe();
+
+ mType = kEvalMech;
+
+ CFStringRef eval = reinterpret_cast<CFStringRef>(mechTag);
+ char buffer[512];
+ const char *ptr = CFStringGetCStringPtr(eval, kCFStringEncodingUTF8);
+ if (ptr == NULL)
+ {
+ if (CFStringGetCString(eval, buffer, 512, kCFStringEncodingUTF8))
+ ptr = buffer;
+ else
+ Error::throwMe();
+ }
+ mEvalDef = string(ptr);
+ }
+ else
+ Error::throwMe();
+ }
- CFTypeRef allowRootTag = CFDictionaryGetValue(dict, kAllowRootID);
- mAllowRoot = false;
- if (allowRootTag)
- {
- if (CFGetTypeID(allowRootTag) != CFBooleanGetTypeID())
- Error::throwMe();
- mAllowRoot = CFBooleanGetValue(reinterpret_cast<CFBooleanRef>(allowRootTag));
- }
- debug("authrule", "rule user in group \"%s\" timeout %g%s%s",
- mGroupName.c_str(), mMaxCredentialAge, mShared ? " shared" : "",
- mAllowRoot ? " allow-root" : "");
}
}
mGroupName(other.mGroupName),
mMaxCredentialAge(other.mMaxCredentialAge),
mShared(other.mShared),
-mAllowRoot(other.mAllowRoot)
+mAllowRoot(other.mAllowRoot),
+mEvalDef(other.mEvalDef)
{
}
mMaxCredentialAge = other.mMaxCredentialAge;
mShared = other.mShared;
mAllowRoot = other.mAllowRoot;
+ mEvalDef = other.mEvalDef;
return *this;
}
{
}
+
+OSStatus
+Rule::evaluateMechanism(const AuthorizationEnvironment *environment, AuthorizationToken &auth, CredentialSet &outCredentials)
+{
+ assert(mType == kEvalMech);
+
+ if (mEvalDef.length() == 0) // no definition
+ return kAuthorizationResultAllow;
+
+ // mechanisms are split by commas
+ vector<string> mechanismNames;
+ {
+ string::size_type cursor = 0, comma = 0;
+ string token = "";
+
+ while (cursor < mEvalDef.length())
+ {
+ comma = mEvalDef.find(',', cursor);
+ if (comma == string::npos)
+ comma = mEvalDef.length();
+
+ token = mEvalDef.substr(cursor, comma - cursor);
+
+ // skip empty tokens
+ if (token.length() > 0)
+ mechanismNames.push_back(token);
+
+ cursor = comma + 1;
+ }
+ }
+
+ // @@@ configuration does not support arguments
+ const AuthorizationValueVector arguments = { 0, NULL };
+ MutableAuthItemSet *context = NULL;
+ AuthItemSet *hints = NULL;
+ AuthorizationItemSet *outHints = NULL, *outContext = NULL;
+ bool userInteraction = true;
+
+ CssmAllocator& alloc = CssmAllocator::standard();
+
+ AuthorizationResult result = kAuthorizationResultAllow;
+ vector<string>::iterator currentMechanism = mechanismNames.begin();
+
+ while ( (result == kAuthorizationResultAllow) &&
+ (currentMechanism != mechanismNames.end()) ) // iterate mechanisms
+ {
+ AuthorizationItemSet *inHints, *inContext;
+
+ // release after invocation, ignored for first pass
+ if (outContext)
+ {
+ inContext = outContext;
+ debug("SSevalMech", "set up context %p as input", inContext);
+ delete context;
+ context = new MutableAuthItemSet(inContext);
+ }
+ else
+ {
+ inContext = &auth.infoSet(); // returns deep copy
+ debug("SSevalMech", "set up stored context %p as input", inContext);
+ delete context;
+ context = new MutableAuthItemSet(inContext);
+ }
+
+ if (outHints)
+ {
+ inHints = outHints;
+ debug("SSevalMech", "set up hints %p as input", inHints);
+ delete hints;
+ hints = new AuthItemSet(outHints);
+ }
+ else
+ {
+ inHints = NULL;
+ debug("SSevalMech", "set up environment hints %p as input", environment);
+ delete hints;
+ hints = new AuthItemSet(environment);
+ }
+
+ string::size_type extPlugin = currentMechanism->find(':');
+ if (extPlugin != string::npos)
+ {
+ // no whitespace removal
+ string pluginIn(currentMechanism->substr(0, extPlugin));
+ string mechanismIn(currentMechanism->substr(extPlugin + 1));
+ debug("SSevalMech", "external mech %s:%s", pluginIn.c_str(), mechanismIn.c_str());
+
+ bool mechExecOk = false; // successfully ran a mechanism
+
+ try
+ {
+ Process &cltProc = Server::active().connection().process;
+ // Authorization preserves creator's UID in setuid processes
+ uid_t cltUid = (cltProc.uid() != 0) ? cltProc.uid() : auth.creatorUid();
+ debug("SSevalMech", "Mechanism invocation by process %d (UID %d)", cltProc.pid(), cltUid);
+ QueryInvokeMechanism client(cltUid, auth);
+
+ mechExecOk = client(pluginIn, mechanismIn, &arguments, *hints, *context, &result, outHints, outContext);
+ debug("SSevalMech", "new context %p, new hints %p", outContext, outHints);
+ }
+ catch (...) {
+ debug("SSevalMech", "exception from mech eval or client death");
+ // various server problems, but only if it really failed
+ if (mechExecOk != true)
+ result = kAuthorizationResultUndefined;
+ }
+
+ debug("SSevalMech", "evaluate(plugin: %s, mechanism: %s) %s, result: %lu.", pluginIn.c_str(), mechanismIn.c_str(), (mechExecOk == true) ? "succeeded" : "failed", result);
+ debug("SSevalMech", "mech eval okay");
+
+ // Things worked and there is new context, so get rid of old
+ if (mechExecOk)
+ {
+ if (inContext)
+ {
+ debug("SSevalMech", "release input context %p", inContext);
+ alloc.free(inContext);
+ }
+ if (inHints)
+ {
+ debug("SSevalMech", "release input hints %p", inHints);
+ alloc.free(inHints);
+ }
+ }
+ else
+ {
+ // reset previous context and hints
+ debug("SSevalMech", "resetting previous input context %p and hints %p", inContext, inHints);
+ outContext = inContext;
+ outHints = inHints;
+ }
+ }
+ else
+ {
+ // internal mechanisms - no glue
+ if (*currentMechanism == "authinternal")
+ {
+ debug("SSevalMech", "evaluate authinternal");
+ result = kAuthorizationResultDeny;
+ do {
+ MutableAuthItemSet::iterator found = find_if(context->begin(), context->end(), FindAuthItemByRightName(kAuthorizationEnvironmentUsername) );
+ if (found == context->end())
+ break;
+ string username(static_cast<const char *>(found->argument()), found->argumentLength());
+ debug("SSevalMech", "found username");
+ found = find_if(context->begin(), context->end(), FindAuthItemByRightName(kAuthorizationEnvironmentPassword) );
+ if (found == context->end())
+ break;
+ string password(static_cast<const char *>(found->argument()), found->argumentLength());
+ debug("SSevalMech", "found password");
+ Credential newCredential(username, password, true); // create a new shared credential
+ if (newCredential->isValid())
+ {
+ outCredentials.clear(); // only keep last one
+ debug("SSevalMech", "inserting new credential");
+ outCredentials.insert(newCredential);
+ result = kAuthorizationResultAllow;
+ } else
+ result = kAuthorizationResultDeny;
+ } while (0);
+ }
+ else
+ if (*currentMechanism == "push_hints_to_context")
+ {
+ debug("SSevalMech", "evaluate push_hints_to_context");
+ userInteraction = false; // we can't talk to the user
+ result = kAuthorizationResultAllow; // snarfcredential doesn't block evaluation, ever, it may restart
+ // clean up current context
+ if (inContext)
+ {
+ debug("SSevalMech", "release input context %p", inContext);
+ alloc.free(inContext);
+ }
+ // create out context from input hints, no merge
+ // @@@ global copy template not being invoked...
+ outContext = Copier<AuthorizationItemSet>(*hints).keep();
+ }
+ else
+ if (*currentMechanism == "switch_to_user")
+ {
+ try {
+ Process &cltProc = Server::active().connection().process;
+ // Authorization preserves creator's UID in setuid processes
+ uid_t cltUid = (cltProc.uid() != 0) ? cltProc.uid() : auth.creatorUid();
+ debug("SSevalMech", "terminating agent at request of process %d (UID %d)\n", cltProc.pid(), cltUid);
+ QueryTerminateAgent client(cltUid, auth);
+ client();
+ } catch (...) {
+ // Not our agent
+ }
+ result = kAuthorizationResultAllow;
+ }
+
+
+
+ }
+
+
+ // we own outHints and outContext
+ switch(result)
+ {
+ case kAuthorizationResultAllow:
+ debug("SSevalMech", "result allow");
+ currentMechanism++;
+ break;
+ case kAuthorizationResultDeny:
+ debug("SSevalMech", "result deny");
+ if (inContext)
+ {
+ debug("SSevalMech", "abort eval, release input context %p", inContext);
+ alloc.free(inContext);
+ }
+ if (inHints)
+ {
+ debug("SSevalMech", "abort eval, release input hints %p", inHints);
+ alloc.free(inHints);
+ }
+ outContext = outHints = NULL; // making sure things get reset
+ if (userInteraction)
+ {
+ currentMechanism = mechanismNames.begin();
+ result = kAuthorizationResultAllow; // stay in loop
+ }
+ break;
+ case kAuthorizationResultUndefined:
+ debug("SSevalMech", "result undefined");
+ break; // abort evaluation
+ case kAuthorizationResultUserCanceled:
+ debug("SSevalMech", "result canceled");
+ break; // stop evaluation, return some sideband
+ default:
+ break; // abort evaluation
+ }
+ }
+
+ // End of evaluation, if last step produced meaningful data, incorporate
+ if ((result == kAuthorizationResultAllow) ||
+ (result == kAuthorizationResultUserCanceled)) // @@@ can only pass back sideband through context
+ {
+ debug("SSevalMech", "make new context %p available", outContext);
+ auth.setInfoSet(*outContext);
+ outContext = NULL;
+ }
+
+ // clean up last outContext and outHints, if any
+ if (outContext)
+ {
+ debug("SSevalMech", "release output context %p", outContext);
+ alloc.free(outContext);
+ }
+ if (outHints)
+ {
+ debug("SSevalMech", "release output hints %p", outHints);
+ alloc.free(outHints);
+ }
+
+ // deny on user cancel
+ switch(result)
+ {
+ case kAuthorizationResultUndefined:
+ return errAuthorizationDenied;
+ case kAuthorizationResultDeny:
+ return errAuthorizationDenied;
+ default:
+ return errAuthorizationSuccess; // @@@ cancel should return cancelled
+ }
+}
+
OSStatus
Rule::evaluate(const Right &inRight,
const AuthorizationEnvironment *environment, AuthorizationFlags flags,
CFAbsoluteTime now, const CredentialSet *inCredentials, CredentialSet &credentials,
- const AuthorizationToken &auth)
+ AuthorizationToken &auth)
{
switch (mType)
{
case kUserInGroup:
debug("autheval", "rule is user in group");
break;
- default:
+ case kEvalMech:
+ debug("autheval", "rule evalutes mechanisms");
+ return evaluateMechanism(environment, auth, credentials);
+ default:
Error::throwMe();
}
{
OSStatus status = evaluate(inRight, environment, now, *it, true);
if (status != errAuthorizationDenied)
+ {
+ // add credential to authinfo
+ auth.setCredentialInfo(*it);
return status;
+ }
}
// Second -- go though the credentials passed in to this authorize operation by the state management layer.
// Add the credential we used to the output set.
// @@@ Deal with potential credential merges.
credentials.insert(*it);
+ // add credential to authinfo
+ auth.setCredentialInfo(*it);
+
return status;
}
else if (status != errAuthorizationDenied)
if (!(flags & kAuthorizationFlagInteractionAllowed))
return errAuthorizationInteractionNotAllowed;
- QueryAuthorizeByGroup query;
+ Process &cltProc = Server::active().connection().process;
+ // Authorization preserves creator's UID in setuid processes
+ uid_t cltUid = (cltProc.uid() != 0) ? cltProc.uid() : auth.creatorUid();
+ IFDEBUG(debug("autheval", "Auth query from process %d (UID %d)", cltProc.pid(), cltUid));
+ QueryAuthorizeByGroup query(cltUid, auth);
string usernamehint;
- // @@@ This should really be the loginname of the proccess that originally created the AuthorizationRef.
- // For now we get the pw_name of the user with the uid of the calling process.
- uid_t uid = query.uid();
- if (uid)
- {
+ // username hint is taken from the user who created the authorization, unless it's clearly ineligible
+ if (uid_t uid = auth.creatorUid()) {
struct passwd *pw = getpwuid(uid);
if (pw != NULL)
{
// Check if username will authorize the request and set username to
// be used as a hint to the user if so
if (evaluate(inRight, environment, now, Credential(pw->pw_name, pw->pw_uid, pw->pw_gid, mShared), true) == errAuthorizationSuccess) {
+
// user long name as hint
usernamehint = string( pw->pw_gecos );
+#if 0
// minus other gecos crud
size_t comma = usernamehint.find(',');
if (comma)
usernamehint = usernamehint.substr(0, comma);
// or fallback to short username
- if (usernamehint.size() == 0)
+#endif
+ if (usernamehint.size() == 0)
usernamehint = string( pw->pw_name );
} //fi
} //fi
// @@@ Deal with potential credential merges.
credentials.insert(newCredential);
query.done();
+
+ // add credential to authinfo
+ auth.setCredentialInfo(newCredential);
+
return errAuthorizationSuccess;
}
else if (status != errAuthorizationDenied)
return errAuthorizationDenied;
// Is this the default group of this user?
- // <grp.h> declares gr_gid int, as opposed to advertised (getgrent(3)) gid_t
+ // PR-2875126 <grp.h> declares gr_gid int, as opposed to advertised (getgrent(3)) gid_t
+ // When this is fixed this warning should go away.
if (credential->gid() == gr->gr_gid)
{
debug("autheval", "user %s has group %s(%d) as default group, granting right %s",
void
Engine::updateRules(CFAbsoluteTime now)
{
- if (mRules.empty())
+ StLock<Mutex> _(mLock);
+ if (mRules.empty())
readRules();
else
{
Engine::getRule(const Right &inRight) const
{
string key(inRight.rightName());
+ // Lock the rulemap
+ StLock<Mutex> _(mLock);
for (;;)
{
RuleMap::const_iterator it = mRules.find(key);
OSStatus
Engine::authorize(const RightSet &inRights, const AuthorizationEnvironment *environment,
AuthorizationFlags flags, const CredentialSet *inCredentials, CredentialSet *outCredentials,
- MutableRightSet *outRights, const AuthorizationToken &auth)
+ MutableRightSet *outRights, AuthorizationToken &auth)
{
CredentialSet credentials;
MutableRightSet rights;
return status;
}
+
+} // end namespace Authorization
*
*/
-#if !defined(__AuthorizationEngine__)
-#define __AuthorizationEngine__ 1
+#ifndef _H_AUTHORIZATIONENGINE
+#define _H_AUTHORIZATIONENGINE 1
#include <Security/Authorization.h>
+#include <Security/AuthorizationPlugin.h>
+#include "AuthorizationData.h"
+
#include <Security/refcount.h>
+#include <Security/threading.h>
#include <Security/osxsigning.h>
#include "agentquery.h"
Error(int err);
public:
const int error;
- virtual CSSM_RETURN cssmError() const;
- virtual OSStatus osStatus() const;
- virtual const char *what () const;
+ virtual CSSM_RETURN cssmError() const throw();
+ virtual OSStatus osStatus() const throw();
+ virtual const char *what () const throw();
// @@@ Default value should be internal error.
static void throwMe(int err = -1) __attribute((noreturn));
};
};
-class MutableRightSet;
-class RightSet;
-
-class Right : protected AuthorizationItem
-{
- friend MutableRightSet;
- friend RightSet;
-public:
- static Right &overlay(AuthorizationItem &item);
- static Right *overlay(AuthorizationItem *item);
- Right();
- Right(AuthorizationString name, size_t valueLength, const void *value);
- ~Right();
-
- bool operator < (const Right &other) const;
- AuthorizationString rightName() const { return name; }
- size_t argumentLength() const { return valueLength; }
- const void *argument() const { return value; }
-};
-
-
-/* A RightSet is a Container and a Back Insertion Sequence, but it is not a Sequence. Also it only
- implements the const members of Container and Back Insertion Sequence. */
-class RightSet
-{
- friend class MutableRightSet;
-public:
- // Container required memebers
- typedef Right value_type;
- typedef const Right &const_reference;
- typedef const Right *const_pointer;
- typedef const_pointer const_iterator;
- typedef ptrdiff_t difference_type;
- typedef size_t size_type;
-
- RightSet(const AuthorizationRights *rights = NULL);
- RightSet(const RightSet &other);
- ~RightSet();
-
- size_type size() const { return mRights->count; }
- size_type max_size() const { return INT_MAX; }
- const_iterator begin() const { return static_cast<const_pointer>(mRights->items); }
- const_iterator end() const { return static_cast<const_pointer>(&mRights->items[mRights->count]); }
- bool empty() const { return size() == 0; }
-
- // Back Insertion Sequence required memebers
- const_reference back() const;
-
- // Other convenience members
- operator const AuthorizationRights *() const { return mRights; }
-private:
- RightSet &operator = (const RightSet &other);
-
-protected:
- static const AuthorizationRights gEmptyRights;
- AuthorizationRights *mRights;
-};
-
-
-/* A MutableRightSet is a Container and a Back Insertion Sequence, but it is not a Sequence. */
-class MutableRightSet : public RightSet
-{
-public:
- // Container required memebers
- typedef Right &reference;
- typedef Right *pointer;
- typedef pointer iterator;
-
- MutableRightSet(size_t count = 0, const Right &element = Right());
- MutableRightSet(const RightSet &other);
- ~MutableRightSet();
-
- MutableRightSet &operator = (const RightSet &other);
-
- iterator begin() { return static_cast<pointer>(mRights->items); }
- iterator end() { return static_cast<pointer>(&mRights->items[mRights->count]); }
- void swap(MutableRightSet &other);
-
- // Back Insertion Sequence required memebers
- reference back();
- void push_back(const_reference right);
- void pop_back();
-
- // Other convenience members
- size_type capacity() const { return mCapacity; }
-private:
- void grow(size_type min_capacity);
-
- size_type mCapacity;
-};
-
-
typedef set<Credential> CredentialSet;
OSStatus evaluate(const Right &inRight, const AuthorizationEnvironment *environment,
AuthorizationFlags flags, CFAbsoluteTime now,
const CredentialSet *inCredentials, CredentialSet &credentials,
- const AuthorizationToken &auth);
+ AuthorizationToken &auth);
private:
OSStatus evaluate(const Right &inRight, const AuthorizationEnvironment *environment,
OSStatus obtainCredential(QueryAuthorizeByGroup &client, const Right &inRight,
const AuthorizationEnvironment *environment, const char *usernameHint,
Credential &outCredential, SecurityAgent::Reason reason);
+ OSStatus evaluateMechanism(const AuthorizationEnvironment *environment, AuthorizationToken &auth, CredentialSet &outCredentials);
+
enum Type
{
kDeny,
kAllow,
- kUserInGroup
+ kUserInGroup,
+ kEvalMech
} mType;
string mGroupName;
CFTimeInterval mMaxCredentialAge;
bool mShared;
bool mAllowRoot;
+ string mEvalDef;
static CFStringRef kUserInGroupID;
static CFStringRef kTimeoutID;
static CFStringRef kAllowRootID;
static CFStringRef kDenyID;
static CFStringRef kAllowID;
+ static CFStringRef kEvalMechID;
+
};
OSStatus authorize(const RightSet &inRights, const AuthorizationEnvironment *environment,
AuthorizationFlags flags, const CredentialSet *inCredentials, CredentialSet *outCredentials,
- MutableRightSet *outRights, const AuthorizationToken &auth);
+ MutableRightSet *outRights, AuthorizationToken &auth);
private:
void updateRules(CFAbsoluteTime now);
void readRules();
CFAbsoluteTime mLastChecked;
struct timespec mRulesFileMtimespec;
- typedef map<Right, Rule> RightMap;
typedef map<string, Rule> RuleMap;
RuleMap mRules;
+ mutable Mutex mLock;
};
}; // namespace Authorization
-#endif /* ! __AuthorizationEngine__ */
+#endif /* ! _H_AUTHORIZATIONENGINE */
*/
typedef const AuthorizationString AuthorizationMechanismId;
+/*!
+@typedef AuthorizationPluginId
+ @@@ Not used by plugin writers
+ */
+typedef const AuthorizationString AuthorizationPluginId;
+
+
+
/*!
@typedef AuthorizationPluginRef
An instance of a plugin (even though there will probably only be one).
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
/*
- * AuthorizationTags.h
- * Authorization -- Right tags for implementing access control in applications and daemons
- *
- * Copyright: (c) 2000, 2001 by Apple Computer, Inc., all rights reserved
- *
+ * AuthorizationTags.h -- Right tags for implementing access control in
+ * applications and daemons
*/
-#if !defined(__AuthorizationTags__)
-#define __AuthorizationTags__ 1
+#ifndef _SECURITY_AUTHORIZATIONTAGS_H_
+#define _SECURITY_AUTHORIZATIONTAGS_H_
/*!
*/
#define kAuthorizationRightExecute "system.privilege.admin"
-#endif /* ! __AuthorizationTags__ */
+#endif /* !_SECURITY_AUTHORIZATIONTAGS_H_ */
#define __AuthorizationWalkers__ 1
#include <Security/Authorization.h>
+#include <Security/AuthorizationPlugin.h>
#include <Security/walkers.h>
+#include <Security/cssmwalkers.h> // char * walker
namespace Security
{
return itemSet;
}
+template <class Action>
+void walk(Action &operate, AuthorizationValue &authvalue)
+{
+ operate(authvalue.data, authvalue.length);
+}
+
+template <class Action>
+AuthorizationValueVector *walk(Action &operate, AuthorizationValueVector * &valueVector)
+{
+ operate(valueVector);
+ operate(valueVector->values, valueVector->count * sizeof(AuthorizationValue));
+ for (uint32 n = 0; n < valueVector->count; n++)
+ walk(operate, valueVector->values[n]);
+ return valueVector;
+}
+
+
+
} // end namespace DataWalkers
} // end namespace Security
<true/>
</dict>
+<!-- Login mechanism based rule. Not for general use, yet.
+ -->
+ <key>system.login.console</key>
+ <dict>
+ <key>eval</key>
+ <string>loginwindow_builtin:login,authinternal,loginwindow_builtin:success</string>
+<!-- krb5auth:authenticate can be used to hinge local authentication
+ on a successful kerberos authentication.
+ -->
+ </dict>
+ <key>system.login.pam</key>
+ <dict>
+ <key>eval</key>
+ <string>push_hints_to_context,authinternal</string>
+ </dict>
+ <key>system.login.tty</key>
+ <dict>
+ <key>eval</key>
+ <string>push_hints_to_context,authinternal</string>
+ </dict>
+ <key>system.login.done</key>
+ <dict>
+ <key>eval</key>
+ <string>switch_to_user</string>
+ </dict>
+<!-- krb5auth:login can be used to do kerberos authentication as a
+ side-effect of logging in. Local username/password will be used.
+ -->
+
+<!-- This right is checked by the Admin framework when making changes to
+ the system preferences.
+ Credentials remain valid forever.
+ An acquired credential is shared amongst all clients.
+ If the proccess that created the AuthorizationRef has uid = 0 this right
+ will automatically be granted.
+ -->
+ <key>system.preferences</key>
+ <dict>
+ <key>group</key>
+ <string>admin</string>
+ <key>shared</key>
+ <true/>
+ <key>allow-root</key>
+ <true/>
+ </dict>
+
+<!-- The following right is checked for printing to locked printers. -->
+ <key>system.printingmanager</key>
+ <dict>
+ <key>group</key>
+ <string>admin</string>
+ <key>shared</key>
+ <false/>
+ <key>timeout</key>
+ <integer>0</integer>
+ </dict>
+
+<!-- See authopen(1) for information on the use of this right. -->
+ <key>sys.openfile.</key>
+ <dict>
+ <key>group</key>
+ <string>admin</string>
+ <key>shared</key>
+ <false/>
+ <key>timeout</key>
+ <integer>300</integer>
+ </dict>
+
<!-- All other rights will be matched by this rule.
Credentials remain valid 5 minutes after they've been obtained.
An acquired credential is shared amongst all clients.
debug("authexec", "child exec(%s:%s)",
trampoline, pathToTool);
if (const char **argv = argVector(trampoline, pathToTool, mboxFdText, arguments))
- execv(trampoline, (char *const[])argv);
+ execv(trampoline, (char *const*)argv);
debug("authexec", "trampoline exec failed (errno=%d)", errno);
-
+
// execute failed - tell the parent
{
OSStatus error = errAuthorizationToolExecuteFailure;
# Created and modified by checkpoint; do not edit
# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:14:00 mb Exp $
-# $Name: Security-30~1 $
+# $Name: $
ProjectName: SecurityServer
ProjectVersion: 17.1
+++ /dev/null
-{
- archiveVersion = 1;
- classes = {
- };
- objectVersion = 26;
- objects = {
- 04E694E6FED2FFD1D0A17CE7 = {
- isa = PBXProject;
- knownPlatforms = (
- );
- mainGroup = 04E694E7FED2FFD1D0A17CE7;
- productRefGroup = 04E694E8FED30093D0A17CE7;
- projectDirPath = .;
- targets = (
- 04E694EDFED30093D0A17CE7,
- 04E694EFFED30093D0A17CE7,
- 04E694F6FED30093D0A17CE7,
- 04E694FBFED30093D0A17CE7,
- 04E69500FED30093D0A17CE7,
- 6106C772FEDC677AD0A17CE7,
- 6106C789FEDC6E50D0A17CE7,
- 6106C78FFEDC6E50D0A17CE7,
- );
- };
- 04E694E7FED2FFD1D0A17CE7 = {
- children = (
- 6106C76EFEDC677AD0A17CE7,
- 04E69508FED301E6D0A17CE7,
- 04E69509FED301E6D0A17CE7,
- 04E6950AFED301E6D0A17CE7,
- 04E6950BFED301E6D0A17CE7,
- 6106C784FEDC6E50D0A17CE7,
- 04E694E8FED30093D0A17CE7,
- );
- isa = PBXGroup;
- refType = 4;
- };
- 04E694E8FED30093D0A17CE7 = {
- children = (
- 04E694E9FED30093D0A17CE7,
- 04E694EAFED30093D0A17CE7,
- 04E694EBFED30093D0A17CE7,
- 04E694ECFED30093D0A17CE7,
- 6106C787FEDC6E50D0A17CE7,
- 6106C788FEDC6E50D0A17CE7,
- );
- isa = PBXGroup;
- name = Products;
- refType = 4;
- };
- 04E694E9FED30093D0A17CE7 = {
- isa = PBXFrameworkReference;
- path = YarrowClient.framework;
- refType = 3;
- };
- 04E694EAFED30093D0A17CE7 = {
- isa = PBXLibraryReference;
- path = libYarrowServer.a;
- refType = 3;
- };
- 04E694EBFED30093D0A17CE7 = {
- isa = PBXLibraryReference;
- path = libYarrowCore.a;
- refType = 3;
- };
- 04E694ECFED30093D0A17CE7 = {
- isa = PBXLibraryReference;
- path = libzlibcomp.a;
- refType = 3;
- };
- 04E694EDFED30093D0A17CE7 = {
- buildPhases = (
- );
- buildSettings = {
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 04E694F5FED30093D0A17CE7,
- 04E69507FED30108D0A17CE7,
- 43DC8711FEDDB331D0A17CE7,
- 43DC8712FEDDB331D0A17CE7,
- );
- isa = PBXAggregateTarget;
- name = World;
- productName = World;
- shouldUseHeadermap = 0;
- };
- 04E694EFFED30093D0A17CE7 = {
- buildPhases = (
- 04E694F0FED30093D0A17CE7,
- 04E694F1FED30093D0A17CE7,
- 04E694F2FED30093D0A17CE7,
- 04E694F3FED30093D0A17CE7,
- 04E694F4FED30093D0A17CE7,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_VERSION = A;
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "-I$(SRCROOT) -I$(SYMROOT) ";
- OTHER_LDFLAGS = "-L$(SYMROOT)";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRINCIPAL_CLASS = "";
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = framework;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 6106C779FEDC6816D0A17CE7,
- );
- isa = PBXFrameworkTarget;
- name = YarrowClient;
- productInstallPath = /Local/Library/Frameworks;
- productName = YarrowClient;
- productReference = 04E694E9FED30093D0A17CE7;
- productSettings = {
- CFBundleDevelopmentRegion = English;
- CFBundleExecutable = "";
- CFBundleGetInfoString = "";
- CFBundleIconFile = "";
- CFBundleIdentifier = "";
- CFBundleInfoDictionaryVersion = 6.0;
- CFBundleName = "";
- CFBundlePackageType = FMWK;
- CFBundleShortVersionString = "";
- CFBundleSignature = "????";
- CFBundleVersion = 0.0.1d1;
- };
- shouldUseHeadermap = 0;
- };
- 04E694F0FED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 04E69552FED30608D0A17CE7,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 04E694F1FED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 04E694F2FED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 6106C77AFEDC6816D0A17CE7,
- 6106C781FEDC68F3D0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 04E694F3FED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 0C1E98FCFED45995D0A17CE7,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 04E694F4FED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 04E694F5FED30093D0A17CE7 = {
- isa = PBXTargetDependency;
- target = 04E694F6FED30093D0A17CE7;
- };
- 04E694F6FED30093D0A17CE7 = {
- buildPhases = (
- 04E694F7FED30093D0A17CE7,
- 04E694F8FED30093D0A17CE7,
- 04E694F9FED30093D0A17CE7,
- 04E694FAFED30093D0A17CE7,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "-DDEBUG -I$(SRCROOT) -I$(SYMROOT)/include -I$(SYMROOT) ";
- OTHER_LDFLAGS = "-L$(SYMROOT) -lYarrowCore";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-format -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 04E69505FED30108D0A17CE7,
- 6106C776FEDC6816D0A17CE7,
- );
- isa = PBXLibraryTarget;
- name = YarrowServer;
- productName = libYarrowServer.a;
- productReference = 04E694EAFED30093D0A17CE7;
- shouldUseHeadermap = 0;
- };
- 04E694F7FED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 04E69547FED30594D0A17CE7,
- 04E69548FED30594D0A17CE7,
- 04E69559FED31996D0A17CE7,
- 04E69564FED355A1D0A17CE7,
- 0C1E98F6FED35C9BD0A17CE7,
- 0C1E98FEFED464D0D0A17CE7,
- 6106C777FEDC6816D0A17CE7,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 04E694F8FED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 04E6954FFED30608D0A17CE7,
- 04E6955AFED31996D0A17CE7,
- 04E6955DFED35405D0A17CE7,
- 0C1E9900FED46617D0A17CE7,
- 162B3B2AFED9E757D0A17CE7,
- 6106C778FEDC6816D0A17CE7,
- 6106C77FFEDC68F3D0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 04E694F9FED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 04E694FAFED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 04E694FBFED30093D0A17CE7 = {
- buildPhases = (
- 04E694FCFED30093D0A17CE7,
- 04E694FDFED30093D0A17CE7,
- 04E694FEFED30093D0A17CE7,
- 04E694FFFED30093D0A17CE7,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "-I$(SRCROOT)";
- OTHER_LDFLAGS = "-L$(SYMROOT) -lzlibcomp";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 04E69506FED30108D0A17CE7,
- );
- isa = PBXLibraryTarget;
- name = YarrowCore;
- productInstallPath = /usr/local/lib;
- productName = libYarrowCore.a;
- productReference = 04E694EBFED30093D0A17CE7;
- shouldUseHeadermap = 0;
- };
- 04E694FCFED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 04E69531FED302B0D0A17CE7,
- 04E69532FED302B0D0A17CE7,
- 04E69533FED302B0D0A17CE7,
- 04E69534FED302B0D0A17CE7,
- 04E69535FED302B0D0A17CE7,
- 04E69536FED302B0D0A17CE7,
- 04E69537FED302B0D0A17CE7,
- 04E69538FED302B0D0A17CE7,
- 04E69539FED302B0D0A17CE7,
- 04E6953AFED302B0D0A17CE7,
- 04E6953BFED302B0D0A17CE7,
- 04E6953CFED302B0D0A17CE7,
- 04E6953DFED302B0D0A17CE7,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 04E694FDFED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 04E6953EFED302B0D0A17CE7,
- 04E6953FFED302B0D0A17CE7,
- 04E69540FED302B0D0A17CE7,
- 04E69541FED302B0D0A17CE7,
- 04E69543FED302B0D0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 04E694FEFED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 04E694FFFED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 04E69500FED30093D0A17CE7 = {
- buildPhases = (
- 04E69501FED30093D0A17CE7,
- 04E69502FED30093D0A17CE7,
- 04E69503FED30093D0A17CE7,
- 04E69504FED30093D0A17CE7,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXLibraryTarget;
- name = "zlib compress";
- productName = libzlibcomp.a;
- productReference = 04E694ECFED30093D0A17CE7;
- shouldUseHeadermap = 0;
- };
- 04E69501FED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 04E69515FED301E6D0A17CE7,
- 04E69516FED301E6D0A17CE7,
- 04E69517FED301E6D0A17CE7,
- 04E69518FED301E6D0A17CE7,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 04E69502FED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 04E69519FED301E6D0A17CE7,
- 04E6951AFED301E6D0A17CE7,
- 04E6951BFED301E6D0A17CE7,
- 04E6951CFED301E6D0A17CE7,
- 04E6951DFED301E6D0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 04E69503FED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 04E69504FED30093D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 04E69505FED30108D0A17CE7 = {
- isa = PBXTargetDependency;
- target = 04E694FBFED30093D0A17CE7;
- };
- 04E69506FED30108D0A17CE7 = {
- isa = PBXTargetDependency;
- target = 04E69500FED30093D0A17CE7;
- };
- 04E69507FED30108D0A17CE7 = {
- isa = PBXTargetDependency;
- target = 04E694EFFED30093D0A17CE7;
- };
- 04E69508FED301E6D0A17CE7 = {
- children = (
- 04E6954AFED30608D0A17CE7,
- 6106C773FEDC6816D0A17CE7,
- 0C1E98FBFED45995D0A17CE7,
- );
- isa = PBXGroup;
- name = YarrowClient;
- refType = 4;
- };
- 04E69509FED301E6D0A17CE7 = {
- children = (
- 04E69544FED30594D0A17CE7,
- 04E6954CFED30608D0A17CE7,
- 04E69545FED30594D0A17CE7,
- 162B3B29FED9E757D0A17CE7,
- 04E69557FED31996D0A17CE7,
- 04E69558FED31996D0A17CE7,
- 04E69563FED355A1D0A17CE7,
- 04E6955CFED35405D0A17CE7,
- 0C1E98FDFED464D0D0A17CE7,
- 0C1E98FFFED46617D0A17CE7,
- 6106C775FEDC6816D0A17CE7,
- 6106C774FEDC6816D0A17CE7,
- 0C1E98F5FED35C9BD0A17CE7,
- 07DD2236FEED91E4D0A17CE7,
- );
- isa = PBXGroup;
- name = YarrowServer;
- path = "";
- refType = 4;
- };
- 04E6950AFED301E6D0A17CE7 = {
- children = (
- 04E69521FED302B0D0A17CE7,
- 04E69523FED302B0D0A17CE7,
- 04E69522FED302B0D0A17CE7,
- 04E69524FED302B0D0A17CE7,
- 04E69525FED302B0D0A17CE7,
- 04E69527FED302B0D0A17CE7,
- 04E69526FED302B0D0A17CE7,
- 04E69528FED302B0D0A17CE7,
- 04E6952AFED302B0D0A17CE7,
- 04E69529FED302B0D0A17CE7,
- 04E6952CFED302B0D0A17CE7,
- 04E6952BFED302B0D0A17CE7,
- 04E6952EFED302B0D0A17CE7,
- 04E6952FFED302B0D0A17CE7,
- 04E6951EFED302B0D0A17CE7,
- 04E6951FFED302B0D0A17CE7,
- 04E69520FED302B0D0A17CE7,
- 04E69530FED302B0D0A17CE7,
- );
- isa = PBXGroup;
- name = YarrowCoreLib;
- path = "";
- refType = 4;
- };
- 04E6950BFED301E6D0A17CE7 = {
- children = (
- 04E6950CFED301E6D0A17CE7,
- 04E6950DFED301E6D0A17CE7,
- 04E69511FED301E6D0A17CE7,
- 04E6950EFED301E6D0A17CE7,
- 04E69512FED301E6D0A17CE7,
- 04E6950FFED301E6D0A17CE7,
- 04E69514FED301E6D0A17CE7,
- 04E69510FED301E6D0A17CE7,
- 04E69513FED301E6D0A17CE7,
- );
- isa = PBXGroup;
- name = zlib;
- path = "";
- refType = 4;
- };
- 04E6950CFED301E6D0A17CE7 = {
- isa = PBXFileReference;
- name = adler32.c;
- path = zlib/adler32.c;
- refType = 4;
- };
- 04E6950DFED301E6D0A17CE7 = {
- isa = PBXFileReference;
- name = compress.c;
- path = zlib/compress.c;
- refType = 4;
- };
- 04E6950EFED301E6D0A17CE7 = {
- isa = PBXFileReference;
- name = deflate.c;
- path = zlib/deflate.c;
- refType = 4;
- };
- 04E6950FFED301E6D0A17CE7 = {
- isa = PBXFileReference;
- name = trees.c;
- path = zlib/trees.c;
- refType = 4;
- };
- 04E69510FED301E6D0A17CE7 = {
- isa = PBXFileReference;
- name = zutil.c;
- path = zlib/zutil.c;
- refType = 4;
- };
- 04E69511FED301E6D0A17CE7 = {
- isa = PBXFileReference;
- name = deflate.h;
- path = zlib/deflate.h;
- refType = 4;
- };
- 04E69512FED301E6D0A17CE7 = {
- isa = PBXFileReference;
- name = trees.h;
- path = zlib/trees.h;
- refType = 4;
- };
- 04E69513FED301E6D0A17CE7 = {
- isa = PBXFileReference;
- name = zlib.h;
- path = zlib/zlib.h;
- refType = 4;
- };
- 04E69514FED301E6D0A17CE7 = {
- isa = PBXFileReference;
- name = zutil.h;
- path = zlib/zutil.h;
- refType = 4;
- };
- 04E69515FED301E6D0A17CE7 = {
- fileRef = 04E69511FED301E6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69516FED301E6D0A17CE7 = {
- fileRef = 04E69512FED301E6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69517FED301E6D0A17CE7 = {
- fileRef = 04E69513FED301E6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69518FED301E6D0A17CE7 = {
- fileRef = 04E69514FED301E6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69519FED301E6D0A17CE7 = {
- fileRef = 04E6950CFED301E6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6951AFED301E6D0A17CE7 = {
- fileRef = 04E6950DFED301E6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6951BFED301E6D0A17CE7 = {
- fileRef = 04E6950EFED301E6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6951CFED301E6D0A17CE7 = {
- fileRef = 04E6950FFED301E6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6951DFED301E6D0A17CE7 = {
- fileRef = 04E69510FED301E6D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6951EFED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = WindowsTypesForMac.h;
- path = YarrowCoreLib/include/WindowsTypesForMac.h;
- refType = 4;
- };
- 04E6951FFED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = yarrow.h;
- path = YarrowCoreLib/include/yarrow.h;
- refType = 4;
- };
- 04E69520FED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = yarrowUtils.h;
- path = YarrowCoreLib/include/yarrowUtils.h;
- refType = 4;
- };
- 04E69521FED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = assertverify.h;
- path = YarrowCoreLib/src/assertverify.h;
- refType = 4;
- };
- 04E69522FED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = comp.c;
- path = YarrowCoreLib/src/comp.c;
- refType = 4;
- };
- 04E69523FED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = comp.h;
- path = YarrowCoreLib/src/comp.h;
- refType = 4;
- };
- 04E69524FED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = entropysources.h;
- path = YarrowCoreLib/src/entropysources.h;
- refType = 4;
- };
- 04E69525FED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = macOnly.h;
- path = YarrowCoreLib/src/macOnly.h;
- refType = 4;
- };
- 04E69526FED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = prng.c;
- path = YarrowCoreLib/src/prng.c;
- refType = 4;
- };
- 04E69527FED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = prng.h;
- path = YarrowCoreLib/src/prng.h;
- refType = 4;
- };
- 04E69528FED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = prngpriv.h;
- path = YarrowCoreLib/src/prngpriv.h;
- refType = 4;
- };
- 04E69529FED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = sha1mod.c;
- path = YarrowCoreLib/src/sha1mod.c;
- refType = 4;
- };
- 04E6952AFED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = sha1mod.h;
- path = YarrowCoreLib/src/sha1mod.h;
- refType = 4;
- };
- 04E6952BFED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = smf.cpp;
- path = YarrowCoreLib/src/smf.cpp;
- refType = 4;
- };
- 04E6952CFED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = smf.h;
- path = YarrowCoreLib/src/smf.h;
- refType = 4;
- };
- 04E6952EFED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = userdefines.h;
- path = YarrowCoreLib/src/userdefines.h;
- refType = 4;
- };
- 04E6952FFED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = usersources.h;
- path = YarrowCoreLib/src/usersources.h;
- refType = 4;
- };
- 04E69530FED302B0D0A17CE7 = {
- isa = PBXFileReference;
- name = yarrowUtils.c;
- path = YarrowCoreLib/src/yarrowUtils.c;
- refType = 4;
- };
- 04E69531FED302B0D0A17CE7 = {
- fileRef = 04E6951EFED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69532FED302B0D0A17CE7 = {
- fileRef = 04E6951FFED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69533FED302B0D0A17CE7 = {
- fileRef = 04E69520FED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69534FED302B0D0A17CE7 = {
- fileRef = 04E69521FED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69535FED302B0D0A17CE7 = {
- fileRef = 04E69523FED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69536FED302B0D0A17CE7 = {
- fileRef = 04E69524FED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69537FED302B0D0A17CE7 = {
- fileRef = 04E69525FED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69538FED302B0D0A17CE7 = {
- fileRef = 04E69527FED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69539FED302B0D0A17CE7 = {
- fileRef = 04E69528FED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6953AFED302B0D0A17CE7 = {
- fileRef = 04E6952AFED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6953BFED302B0D0A17CE7 = {
- fileRef = 04E6952CFED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6953CFED302B0D0A17CE7 = {
- fileRef = 04E6952EFED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6953DFED302B0D0A17CE7 = {
- fileRef = 04E6952FFED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6953EFED302B0D0A17CE7 = {
- fileRef = 04E69522FED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6953FFED302B0D0A17CE7 = {
- fileRef = 04E69526FED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69540FED302B0D0A17CE7 = {
- fileRef = 04E69529FED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69541FED302B0D0A17CE7 = {
- fileRef = 04E6952BFED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69543FED302B0D0A17CE7 = {
- fileRef = 04E69530FED302B0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69544FED30594D0A17CE7 = {
- isa = PBXFileReference;
- name = debug.h;
- path = YarrowServer/debug.h;
- refType = 4;
- };
- 04E69545FED30594D0A17CE7 = {
- isa = PBXFileReference;
- name = entropyFile.h;
- path = YarrowServer/entropyFile.h;
- refType = 4;
- };
- 04E69547FED30594D0A17CE7 = {
- fileRef = 04E69544FED30594D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69548FED30594D0A17CE7 = {
- fileRef = 04E69545FED30594D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6954AFED30608D0A17CE7 = {
- isa = PBXFileReference;
- name = YarrowClient.h;
- path = YarrowClient/YarrowClient.h;
- refType = 4;
- };
- 04E6954CFED30608D0A17CE7 = {
- isa = PBXFileReference;
- name = debug.c;
- path = YarrowServer/debug.c;
- refType = 4;
- };
- 04E6954FFED30608D0A17CE7 = {
- fileRef = 04E6954CFED30608D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69552FED30608D0A17CE7 = {
- fileRef = 04E6954AFED30608D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69557FED31996D0A17CE7 = {
- isa = PBXFileReference;
- name = MacYarrow_OSX.h;
- path = YarrowServer/MacYarrow_OSX.h;
- refType = 4;
- };
- 04E69558FED31996D0A17CE7 = {
- isa = PBXFileReference;
- name = MacYarrow_OSX.cpp;
- path = YarrowServer/MacYarrow_OSX.cpp;
- refType = 4;
- };
- 04E69559FED31996D0A17CE7 = {
- fileRef = 04E69557FED31996D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6955AFED31996D0A17CE7 = {
- fileRef = 04E69558FED31996D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E6955CFED35405D0A17CE7 = {
- isa = PBXFileReference;
- name = systemEntropy.c;
- path = YarrowServer/systemEntropy.c;
- refType = 4;
- };
- 04E6955DFED35405D0A17CE7 = {
- fileRef = 04E6955CFED35405D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E69563FED355A1D0A17CE7 = {
- isa = PBXFileReference;
- name = systemEntropy.h;
- path = YarrowServer/systemEntropy.h;
- refType = 4;
- };
- 04E69564FED355A1D0A17CE7 = {
- fileRef = 04E69563FED355A1D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 07DD2236FEED91E4D0A17CE7 = {
- isa = PBXFrameworkReference;
- name = CarbonCore.framework;
- path = /System/Library/Frameworks/CarbonCore.framework;
- refType = 0;
- };
- 07DD2238FEED926BD0A17CE7 = {
- isa = PBXFrameworkReference;
- name = CarbonCore.framework;
- path = /System/Library/Frameworks/CarbonCore.framework;
- refType = 0;
- };
- 07DD2239FEED926BD0A17CE7 = {
- fileRef = 07DD2238FEED926BD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0C1E98F5FED35C9BD0A17CE7 = {
- isa = PBXFileReference;
- name = kdebug_private.h;
- path = YarrowServer/kdebug_private.h;
- refType = 4;
- };
- 0C1E98F6FED35C9BD0A17CE7 = {
- fileRef = 0C1E98F5FED35C9BD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0C1E98FBFED45995D0A17CE7 = {
- isa = PBXFrameworkReference;
- path = cdsa_utilities.framework;
- refType = 3;
- };
- 0C1E98FCFED45995D0A17CE7 = {
- fileRef = 0C1E98FBFED45995D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0C1E98FDFED464D0D0A17CE7 = {
- isa = PBXFileReference;
- name = waitingThread.h;
- path = YarrowServer/waitingThread.h;
- refType = 4;
- };
- 0C1E98FEFED464D0D0A17CE7 = {
- fileRef = 0C1E98FDFED464D0D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0C1E98FFFED46617D0A17CE7 = {
- isa = PBXFileReference;
- name = waitingThread.cpp;
- path = YarrowServer/waitingThread.cpp;
- refType = 4;
- };
- 0C1E9900FED46617D0A17CE7 = {
- fileRef = 0C1E98FFFED46617D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 162B3B29FED9E757D0A17CE7 = {
- isa = PBXFileReference;
- name = entropyFileUnix.c;
- path = YarrowServer/entropyFileUnix.c;
- refType = 4;
- };
- 162B3B2AFED9E757D0A17CE7 = {
- fileRef = 162B3B29FED9E757D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 43DC8711FEDDB331D0A17CE7 = {
- isa = PBXTargetDependency;
- target = 6106C789FEDC6E50D0A17CE7;
- };
- 43DC8712FEDDB331D0A17CE7 = {
- isa = PBXTargetDependency;
- target = 6106C78FFEDC6E50D0A17CE7;
- };
- 6106C76EFEDC677AD0A17CE7 = {
- children = (
- 6106C76FFEDC677AD0A17CE7,
- 6106C770FEDC677AD0A17CE7,
- 6106C771FEDC677AD0A17CE7,
- 6106C77BFEDC685ED0A17CE7,
- );
- isa = PBXGroup;
- name = "MIG RPC";
- refType = 4;
- };
- 6106C76FFEDC677AD0A17CE7 = {
- isa = PBXFileReference;
- path = Makefile;
- refType = 4;
- };
- 6106C770FEDC677AD0A17CE7 = {
- isa = PBXFileReference;
- path = yarrowMigTypes.h;
- refType = 4;
- };
- 6106C771FEDC677AD0A17CE7 = {
- isa = PBXFileReference;
- path = yarrowServer.defs;
- refType = 4;
- };
- 6106C772FEDC677AD0A17CE7 = {
- buildArgumentsString = "\"$ACTION\" \"SYMROOT=$(SYMROOT)\" \"SRCROOT=$(SRCROOT)\"";
- buildPhases = (
- );
- buildSettings = {
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- buildToolPath = /usr/bin/gnumake;
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXLegacyTarget;
- name = "MIG RPC";
- productName = "MIG RPC";
- settingsToExpand = 6;
- settingsToPassInEnvironment = 287;
- settingsToPassOnCommandLine = 280;
- shouldUseHeadermap = 0;
- };
- 6106C773FEDC6816D0A17CE7 = {
- isa = PBXFileReference;
- name = YarrowClient_OSX.cpp;
- path = YarrowClient/YarrowClient_OSX.cpp;
- refType = 4;
- };
- 6106C774FEDC6816D0A17CE7 = {
- isa = PBXFileReference;
- name = YarrowServer_OSX.cpp;
- path = YarrowServer/YarrowServer_OSX.cpp;
- refType = 4;
- };
- 6106C775FEDC6816D0A17CE7 = {
- isa = PBXFileReference;
- name = YarrowServer_OSX.h;
- path = YarrowServer/YarrowServer_OSX.h;
- refType = 4;
- };
- 6106C776FEDC6816D0A17CE7 = {
- isa = PBXTargetDependency;
- target = 6106C772FEDC677AD0A17CE7;
- };
- 6106C777FEDC6816D0A17CE7 = {
- fileRef = 6106C775FEDC6816D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 6106C778FEDC6816D0A17CE7 = {
- fileRef = 6106C774FEDC6816D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 6106C779FEDC6816D0A17CE7 = {
- isa = PBXTargetDependency;
- target = 6106C772FEDC677AD0A17CE7;
- };
- 6106C77AFEDC6816D0A17CE7 = {
- fileRef = 6106C773FEDC6816D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 6106C77BFEDC685ED0A17CE7 = {
- children = (
- 6106C77CFEDC68F3D0A17CE7,
- 6106C77DFEDC68F3D0A17CE7,
- 6106C77EFEDC68F3D0A17CE7,
- );
- isa = PBXGroup;
- name = Generated;
- refType = 4;
- };
- 6106C77CFEDC68F3D0A17CE7 = {
- isa = PBXFileReference;
- name = yarrowMigServer.cpp;
- path = derived_src/yarrowMigServer.cpp;
- refType = 3;
- };
- 6106C77DFEDC68F3D0A17CE7 = {
- isa = PBXFileReference;
- name = yarrowMigUser.cpp;
- path = derived_src/yarrowMigUser.cpp;
- refType = 3;
- };
- 6106C77EFEDC68F3D0A17CE7 = {
- isa = PBXFileReference;
- name = yarrowMig.h;
- path = include/yarrowMig.h;
- refType = 3;
- };
- 6106C77FFEDC68F3D0A17CE7 = {
- fileRef = 6106C77CFEDC68F3D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 6106C781FEDC68F3D0A17CE7 = {
- fileRef = 6106C77DFEDC68F3D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 6106C784FEDC6E50D0A17CE7 = {
- children = (
- 6106C785FEDC6E50D0A17CE7,
- 6106C786FEDC6E50D0A17CE7,
- 6106C799FEDC6F00D0A17CE7,
- 6106C79DFEDC6F4DD0A17CE7,
- 07DD2238FEED926BD0A17CE7,
- );
- isa = PBXGroup;
- name = "test harness";
- path = "";
- refType = 4;
- };
- 6106C785FEDC6E50D0A17CE7 = {
- isa = PBXFileReference;
- name = clientTest.cpp;
- path = testHarness/clientTest.cpp;
- refType = 4;
- };
- 6106C786FEDC6E50D0A17CE7 = {
- isa = PBXFileReference;
- name = serverDaemon.cpp;
- path = testHarness/serverDaemon.cpp;
- refType = 4;
- };
- 6106C787FEDC6E50D0A17CE7 = {
- isa = PBXFileReference;
- path = testServer;
- refType = 3;
- };
- 6106C788FEDC6E50D0A17CE7 = {
- isa = PBXFileReference;
- path = testClient;
- refType = 3;
- };
- 6106C789FEDC6E50D0A17CE7 = {
- buildPhases = (
- 6106C78AFEDC6E50D0A17CE7,
- 6106C78BFEDC6E50D0A17CE7,
- 6106C78DFEDC6E50D0A17CE7,
- 6106C78EFEDC6E50D0A17CE7,
- );
- buildSettings = {
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "-I$(SRCROOT)";
- OTHER_LDFLAGS = "-lYarrowServer -L$(SYMROOT)";
- OTHER_REZFLAGS = "";
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 6106C79EFEDC6F4DD0A17CE7,
- );
- isa = PBXToolTarget;
- name = testServer;
- productInstallPath = /usr/local/bin;
- productName = testServer;
- productReference = 6106C787FEDC6E50D0A17CE7;
- shouldUseHeadermap = 0;
- };
- 6106C78AFEDC6E50D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 6106C78BFEDC6E50D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 6106C78CFEDC6E50D0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 6106C78CFEDC6E50D0A17CE7 = {
- fileRef = 6106C786FEDC6E50D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 6106C78DFEDC6E50D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 6106C79BFEDC6F00D0A17CE7,
- 07DD2239FEED926BD0A17CE7,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 6106C78EFEDC6E50D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 6106C78FFEDC6E50D0A17CE7 = {
- buildPhases = (
- 6106C790FEDC6E50D0A17CE7,
- 6106C791FEDC6E50D0A17CE7,
- 6106C793FEDC6E50D0A17CE7,
- 6106C794FEDC6E50D0A17CE7,
- );
- buildSettings = {
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 6106C79FFEDC6F4DD0A17CE7,
- );
- isa = PBXToolTarget;
- name = testClient;
- productInstallPath = /usr/local/bin;
- productName = testClient;
- productReference = 6106C788FEDC6E50D0A17CE7;
- shouldUseHeadermap = 0;
- };
- 6106C790FEDC6E50D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 6106C791FEDC6E50D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 6106C792FEDC6E50D0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 6106C792FEDC6E50D0A17CE7 = {
- fileRef = 6106C785FEDC6E50D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 6106C793FEDC6E50D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 6106C7A0FEDC6F4DD0A17CE7,
- 6106C7A1FEDC6F4DD0A17CE7,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 6106C794FEDC6E50D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 6106C799FEDC6F00D0A17CE7 = {
- isa = PBXFrameworkReference;
- path = cdsa_utilities.framework;
- refType = 3;
- };
- 6106C79BFEDC6F00D0A17CE7 = {
- fileRef = 6106C799FEDC6F00D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 6106C79DFEDC6F4DD0A17CE7 = {
- isa = PBXFrameworkReference;
- path = YarrowClient.framework;
- refType = 3;
- };
- 6106C79EFEDC6F4DD0A17CE7 = {
- isa = PBXTargetDependency;
- target = 04E694F6FED30093D0A17CE7;
- };
- 6106C79FFEDC6F4DD0A17CE7 = {
- isa = PBXTargetDependency;
- target = 04E694EFFED30093D0A17CE7;
- };
- 6106C7A0FEDC6F4DD0A17CE7 = {
- fileRef = 6106C799FEDC6F00D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 6106C7A1FEDC6F4DD0A17CE7 = {
- fileRef = 6106C79DFEDC6F4DD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- };
- rootObject = 04E694E6FED2FFD1D0A17CE7;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: MacYarrow_OSX.cpp
-
- Contains: Yarrow RNG, OS X version.
-
- Written by: Doug Mitchell
-
- Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved.
-
- Change History (most recent first):
-
- 02/29/00 dpm Created.
-
-*/
-
-#include "MacYarrow_OSX.h"
-#include "entropyFile.h"
-#include "systemEntropy.h"
-#include <debug.h>
-#include <Security/debugging.h>
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
-#include <sys/time.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/uio.h>
-#include <unistd.h>
-
-/* moved to Carbon.framework, FIXME */
-// #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/Power.h> /* HardDiskPowered() */
-
-static int HardDiskPowered() { return 1; }
-/* end fixme */
-
-
-#define QUICK_TEST 0
-
-#if QUICK_TEST
-
-/*
- * We collect system entropy every SYSTEM_ENTROPY_COLLECT_INTERVAL milliseconds.
- */
-#define SYSTEM_ENTROPY_COLLECT_INTERVAL (10 * 1000)
-
-/*
- * Update system entropy file every UPDATE_SYSTEM_ENTROPY_FILE seconds.
- */
-#define UPDATE_SYSTEM_ENTROPY_FILE (30)
-
-#else /* QUICK_TEST */
-
-/* normal values */
-
-#define SYSTEM_ENTROPY_COLLECT_INTERVAL (10 * 60 * 1000)
-#define UPDATE_SYSTEM_ENTROPY_FILE (60 * 60)
-
-#endif /* QUICK_TEST */
-
-/*
- * State of pending timer.
- */
-typedef enum {
- kYTSUninitialized = 0,
- kYTSCollecting, // while gathering entropy
- kYTSCollectingInit, // while gathering entropy the first time
- kYTSSleeping // idle
-} yarrowTimerState;
-
-/*
- * When collecting system entropy, try for this many bytes.
- */
-#define SYSTEM_ENTROPY_SIZE 20
-
-/*
- * Maintain an entropy file of this size.
- */
-#define ENTROPY_FILE_SIZE 20
-
-/*
- * Microseconds to crunch in prngAllowReseed()
- */
-#define RESEED_TICKS 1000
-
-/*
- * The single process-wide yarrow PRNG object and associated timer state.
- * All of the code in this module runs in a single thread, owned by
- * the YarrowServer object, so no locking is needed.
- *
- */
-static yarrowTimerState timerState = kYTSUninitialized;
-static struct timeval lastFileUpdate;
-
-static int gDevRandomRef = -1;
-
-/*
- * Reusable init. Currently called from the YarrowServer constructor.
- */
-OSStatus yarrowServerInit(
- const char *entropyFilePath,
- unsigned *firstTimeout) // RETURNED, first timeout in milliseconds
-{
- UInt8 entropyFileData[ENTROPY_FILE_SIZE];
- UInt32 actLen;
- OSErr ortn;
-
- /* set up prng */
- gDevRandomRef = open ("/dev/random", O_RDWR);
- if (gDevRandomRef == -1) {
- return ioErr;
- }
-
- /*
- * read entropy file, add contents to system entropy pool.
- * It's not an error if there is no entropy file; this
- * should only happen the first time this server runs on a given
- * system.
- */
- gettimeofday(&lastFileUpdate, NULL);
- setEntropyFilePath(entropyFilePath);
- ortn = readEntropyFile(entropyFileData,
- ENTROPY_FILE_SIZE,
- &actLen);
- if((ortn == noErr) && (actLen > 0))
- write(gDevRandomRef, entropyFileData, actLen);
- memset(entropyFileData, 0, actLen);
-
- /*
- * Start collecting system entropy; schedule a timer event to gather
- * it and add it to the pool.
- */
- systemEntropyBegin(SYSTEM_ENTROPY_SIZE);
- *firstTimeout = SYSTEM_ENTROPY_COLLECT_TIME;
- timerState = kYTSCollectingInit;
-
- return noErr;
-}
-
-
-void yarrowServerFini()
-{
-}
-
-/*
- * Add some entropy to the pool. The only "known" failure here is a
- * result of a failure of this library'e early init.
- */
-OSStatus yarrowAddEntropy(
- UInt8 *bytes,
- UInt32 numBytes,
- UInt32 bitsOfEntropy,
- unsigned *nextTimeout) // RETURNED, next timeout in ms, 0 means none (leave
- // timer alone)
-{
- OSStatus rCode = noErr;
-
- if (gDevRandomRef == -1) { // did the system not open properly?
- return ioErr;
- }
-
- int result = write (gDevRandomRef, bytes, numBytes);
- if (result == -1) {
- rCode = ioErr;
- }
-
- debug("yarrow", "adding %ld bytes of entropy", numBytes);
-
- /*
- * Asynchronously - because this can be time-consuming -
- * add some system entropy too. This prevents clients from
- * overwhelming the entropy pool with its own (untrusted) data.
- * Skip this step if we happen to be collecting entropy at the
- * moment.
- */
- if(timerState == kYTSSleeping) {
- systemEntropyBegin(SYSTEM_ENTROPY_SIZE);
- timerState = kYTSCollecting;
- *nextTimeout = SYSTEM_ENTROPY_COLLECT_TIME;
- }
-
- return noErr;
-}
-
-
-/*
- * Get some random data. Caller mallocs the memory.
- */
-OSStatus yarrowGetRandomBytes(
- UInt8 *bytes,
- UInt32 numBytes)
-{
- if (gDevRandomRef == -1) {
- return ioErr;
- }
-
- int result = read (gDevRandomRef, bytes, numBytes);
- if (result == -1) {
- return ioErr;
- } else {
- return noErr;
- }
-}
-
-
-/*
- * Handle timer event. Returns next timeout in milliseconds.
- */
-unsigned yarrowTimerEvent()
-{
- UInt8 sysEntropyData[SYSTEM_ENTROPY_SIZE];
- UInt32 numSysBytes;
- UInt32 numSysEntropyBits;
- int rtn;
- unsigned nextTimeout;
-
- switch(timerState) {
- case kYTSCollecting:
- case kYTSCollectingInit:
- /*
- * Entropy collection in progress; finish the operation,
- * gather result, add to entropy pool.
- */
- debug("yarrowtimer", "collecting system entropy");
- nextTimeout = SYSTEM_ENTROPY_COLLECT_INTERVAL;
- if(rtn = systemEntropyCollect(sysEntropyData, SYSTEM_ENTROPY_SIZE,
- &numSysBytes, &numSysEntropyBits)) {
- errorLog1("systemEntropyCollect() returned %d; aborting\n",
- rtn);
- timerState = kYTSSleeping;
- break;
- }
-
- unsigned dummy;
- yarrowAddEntropy (sysEntropyData, numSysBytes, 0, &dummy);
-
- timerState = kYTSSleeping;
-
- /*
- * Is it time to update the system entropy file?
- */
- struct timeval now;
-
- gettimeofday(&now, NULL);
- if( ( (now.tv_sec - lastFileUpdate.tv_sec) > UPDATE_SYSTEM_ENTROPY_FILE) &&
- HardDiskPowered() ) {
-
- UInt8 entropyFileData[ENTROPY_FILE_SIZE];
- OSErr ortn;
-
- debug("yarrow", "writing new entropy file");
-
- yarrowGetRandomBytes (entropyFileData, ENTROPY_FILE_SIZE);
-
- ortn = writeEntropyFile(entropyFileData, ENTROPY_FILE_SIZE);
- if(ortn) {
- errorLog1("....writeEntropyFile returned %d\n", ortn);
- }
- lastFileUpdate = now;
- }
- break;
-
- case kYTSSleeping:
- /* start to gather entropy */
- debug("yarrowtimer", "start gathering entropy");
- systemEntropyBegin(SYSTEM_ENTROPY_SIZE);
- timerState = kYTSCollecting;
- nextTimeout = SYSTEM_ENTROPY_COLLECT_TIME;
- break;
-
- default:
- errorLog1("yarrowTimerEvent with timerState %d\n", timerState);
- nextTimeout = SYSTEM_ENTROPY_COLLECT_INTERVAL;
- break;
- }
- debug("yarrowtimer", "timer rescheduling for %d msecs", nextTimeout);
- return nextTimeout;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: MacYarrow_OSX.h
-
- Contains: Yarrow RNG, OS X version
-
- Written by: Doug Mitchell
-
- Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved.
-
- Change History (most recent first):
-
- 02/29/00 dpm Created.
-
-*/
-
-#ifndef _MAC_YARROW_OSX_H_
-#define _MAC_YARROW_OSX_H_
-
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Resusable init. entropyFilePath is optional; if NULL, we'll use our
- * own hard-coded default.
- */
-OSStatus yarrowServerInit(
- const char *entropyFilePath,
- unsigned *firstTimeout); // RETURNED, first timeout in milliseconds
-
-void yarrowServerFini();
-
-/*
- * Add some entropy to the pool. The only "known" failure here is a
- * result of a failure of this library's early init.
- */
-OSStatus yarrowAddEntropy(
- UInt8 *bytes,
- UInt32 numBytes,
- UInt32 bitsOfEntropy,
- unsigned *nextTimeout); // RETURNED, next timeout in ms, 0 means none (leave
- // timer alone)
-
-/*
- * Get some random data. Caller mallocs the memory.
- */
-OSStatus yarrowGetRandomBytes(
- UInt8 *bytes,
- UInt32 numBytes);
-
-/*
- * Handle timer event. Returns next timeout in milliseconds.
- */
-unsigned yarrowTimerEvent();
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _MAC_YARROW_OSX_H_*/
-
+++ /dev/null
-# only export YarrowClient\rgetRandomBytes__12YarrowClientFPUcUl # YarrowClient::getRandomBytes(unsigned char*,unsigned long)\raddEntropy__12YarrowClientFPUcUlUl # YarrowClient::addEntropy(unsigned char*,unsigned long,unsigned long)\r__dt__12YarrowClientFv # YarrowClient::~YarrowClient()\r__ct__12YarrowClientFv # YarrowClient::YarrowClient()\r\r
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: YarrowServer_OS9.c
-
- Contains: Yarrow Server, OS 9 version.
-
- Written by: Doug Mitchell
-
- Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved.
-
- Change History (most recent first):
-
- 02/29/00 dpm Created.
-
-*/
-
-#include <yarrowUtils.h>
-#include "YarrowServer_OS9.h"
-#include "entropyFile.h"
-#include <debug.h>
-#include <yarrow.h>
-#include <Errors.h>
-#include <Timer.h> /* Microseconds() */
-#include <LowMem.h> /* LMGetTicks() */
-
-/* the single system-wide yarrow PRNG object */
-static PrngRef prng = NULL;
-
-/*
- * We collect system entropy every ENTROPY_COLLECT_INTERVAL seconds.
- */
-#define ENTROPY_COLLECT_INTERVAL (10 * 60)
-
-/*
- * When collecting system entropy, try for this many bytes.
- */
-#define SYSTEM_ENTROPY_SIZE 20
-
-/*
- * Maintain an entropy file of this size.
- */
-#define ENTROPY_FILE_SIZE 20
-
-/*
- * Microseconds to crunch in prngAllowReseed()
- */
-#define RESEED_TICKS 100
-
-
-#pragma mark -
-#pragma mark * * * Private Functions * * *
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-OSErr _init(void *initBlk);
-void _fini(void);
-int main();
-#ifdef __cplusplus
-}
-#endif
-
-static void
-systemEntropy(
- UInt8 *buf,
- UInt32 bufSize,
- UInt32 *numBytes, // RETURNED - number of bytes obtained
- UInt32 *bitsOfEntropy); // RETURNED - est. amount of entropy
-
-
-/*
- * Called once on initial library load.
- */
-OSErr
-_init(void *initBlk)
-{
- prng_error_status prtn;
- UInt8 entropyFileData[ENTROPY_FILE_SIZE];
- UInt8 sysEntropyData[SYSTEM_ENTROPY_SIZE];
- UInt32 actLen;
- OSErr ortn;
- UInt32 entropyBits;
-
- /* set up prng and its lock */
- prtn = prngInitialize(&prng);
- if(prtn) {
- errorLog1("_init: prngInitialize returned %s\n", perrorString(prtn));
- return perrorToOSErr(prtn);
- }
-
- /* TBD - the mutex */
-
- /*
- * read entropy file, add contents to system entropy pool.
- * It's not an error if there is no entropy file; this
- * should only happen the first time this server runs on a given
- * system.
- */
- ortn = readEntropyFile(entropyFileData,
- ENTROPY_FILE_SIZE,
- &actLen);
- if((ortn == noErr) && (actLen > 0)) {
- prtn = prngInput(prng,
- entropyFileData,
- actLen,
- ENTROPY_FILE_SOURCE,
- actLen * 8); // assume total entropy here
- if(prtn) {
- errorLog1("_init: prngInput returned %s\n",
- perrorString(prtn));
- return perrorToOSErr(prtn);
- }
- }
- trashMemory(entropyFileData, actLen);
-
- /*
- * collect system entropy, add to system entropy pool
- */
- systemEntropy(sysEntropyData,
- SYSTEM_ENTROPY_SIZE,
- &actLen,
- &entropyBits);
- if(actLen > 0) {
- prtn = prngInput(prng,
- entropyFileData,
- actLen,
- SYSTEM_SOURCE,
- entropyBits);
- if(prtn) {
- errorLog1("_init: prngInput returned %s\n",
- perrorString(prtn));
- return perrorToOSErr(prtn);
- }
- }
- trashMemory(sysEntropyData, actLen);
-
- /*
- * force reseed
- */
- prtn = prngForceReseed(prng, RESEED_TICKS);
- if(prtn) {
- errorLog1("_init: prngForceReseed returned %s\n",
- perrorString(prtn));
- return perrorToOSErr(prtn);
- }
-
- /*
- * get 20 bytes of random data, write to entropy file
- */
- prtn = prngOutput(prng, entropyFileData, ENTROPY_FILE_SIZE);
- if(prtn) {
- errorLog1("_init: prngOutput returned %s\n",
- perrorString(prtn));
- return perrorToOSErr(prtn);
- }
- ortn = writeEntropyFile(entropyFileData, ENTROPY_FILE_SIZE, false);
- if(ortn) {
- return ortn;
- }
- /* FIXME - schedule an entropyCollector() call; */
-
- return noErr;
-}
-
-void
-_fini(void)
-{
- /* free prng and lock */
- if(prng != NULL) {
- prngDestroy(prng);
- prng = NULL;
- }
-}
-
-/*
- * FIXME - RuntimePPC.dll is referring to this somehow...
- *
-int main()
-{
- errorLog0("YarrowServer main() called\n");
-}
-*/
-
-/*
- * Lock/unlock prngMutex - I guess these are not technically necessary
- * on OS 9
- */
-static void
-prngLock()
-{
-
-}
-
-static void
-prngUnlock()
-{
-
-}
-
-/*
- * Get some system entropy. On OS 9 this is pretty lame.
- */
-static void
-systemEntropy(
- UInt8 *buf,
- UInt32 bufSize,
- UInt32 *numBytes, // RETURNED - number of bytes obtained
- UInt32 *bitsOfEntropy) // RETURNED - est. amount of entropy
-{
- UnsignedWide curTime; /* low 16 bits are pretty good, use 32 */
- unsigned ticks = 0; /* low 8 bits are OK, use 16 bits */
- UInt8 pool[6];
- UInt8 *pp = pool;
-
- Microseconds(&curTime); /* low 16 bits are pretty good */
- //ticks = LMGetTicks();
- *pp++ = curTime.lo & 0xff;
- *pp++ = curTime.lo >> 8;
- *pp++ = curTime.lo >> 16;
- *pp++ = curTime.lo >> 24;
- *pp++ = ticks & 0xff;
- *pp = ticks >> 8;
- if(bufSize > 6) {
- bufSize = 6;
- }
- BlockMove(pool, buf, bufSize);
- *numBytes = bufSize;
- *bitsOfEntropy = 3 * 8; /* three bytes worth */
-}
-
-/*
- * Entropy collector - called every ENTROPY_COLLECT_INTERVAL seconds.
- */
-static void
-entropyCollector()
-{
- /* grab some system entropy
- * add to pool
- * allow reseed
- * if enough time has elapsed {
- * update seed file
- * }
- * schedule another call
- */
-}
-
-#pragma mark -
-#pragma mark * * * Public Functions * * *
-
-/*
- * Add some entropy to the pool. The only "known" failure here is a
- * result of a failure of this library'e early init.
- */
-OSErr yarrowAddEntropy(
- UInt8 *bytes,
- UInt32 numBytes,
- UInt32 bitsOfEntropy)
-{
- UInt8 sysEntropy[SYSTEM_ENTROPY_SIZE];
- UInt32 numSysBytes;
- UInt32 numSysEntropyBits;
- prng_error_status prtn;
- OSErr ortn = noErr;
-
- if(prng == NULL) {
- return notOpenErr;
- }
- prngLock();
-
- /* add client entropy */
- prtn = prngInput(prng, bytes, numBytes, CLIENT_SOURCE, bitsOfEntropy);
- if(prtn) {
- errorLog1("prngInput returned %s\n", perrorString(prtn));
- ortn = ioErr;
- goto done;
- }
-
- /* and some system entropy too - this prevents client from overwhelming
- * the entropy pool with its own (untrusted) data */
- systemEntropy(sysEntropy, SYSTEM_ENTROPY_SIZE, &numSysBytes,
- &numSysEntropyBits);
- prtn = prngInput(prng, sysEntropy, numSysBytes, SYSTEM_SOURCE,
- numSysEntropyBits);
- if(prtn) {
- errorLog1("prngInput returned %s\n", perrorString(prtn));
- ortn = ioErr;
- goto done;
- }
- prngAllowReseed(prng, RESEED_TICKS);
-
-done:
- prngUnlock();
- return ortn;
-}
-
-/*
- * Get some random data. Caller mallocs the memory.
- */
-OSErr yarrowGetRandomBytes(
- UInt8 *bytes,
- UInt32 numBytes)
-{
- if(prng == NULL) {
- return notOpenErr;
- }
- prngLock();
- prngOutput(prng, bytes, numBytes);
- prngUnlock();
- return noErr;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: YarrowServer_OS9.h
-
- Contains: Yarrow Server interface, OS 9 version.
-
- Written by: Doug Mitchell
-
- Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved.
-
- Change History (most recent first):
-
- 02/29/00 dpm Created.
-
-*/
-
-/*
- * This interface is only used by the YarrowClient class. It's basically
- * just a 1-to-1 map of YarrowClient's own public member functions. The
- * functions declared here are the only exported symbols from this shared
- * library.
- */
-#ifndef _YARROW_SERVER_OS9_H_
-#define _YARROW_SERVER_OS9_H_
-
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Add some entropy to the pool. The only "known" failure here is a
- * result of a failure of this library'e early init.
- */
-OSErr yarrowAddEntropy(
- UInt8 *bytes,
- UInt32 numBytes,
- UInt32 bitsOfEntropy);
-
-/*
- * Get some random data. Caller mallocs the memory.
- */
-OSErr yarrowGetRandomBytes(
- UInt8 *bytes,
- UInt32 numBytes);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _YARROW_SERVER_OS9_H_*/
-
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- * YarrowServer - Yarrow RNG server object, OSX version
- */
-#include "YarrowServer_OSX.h"
-#include <mach/mach_error.h>
-#include <sys/errno.h>
-#include <stdio.h> // debug
-#include <yarrowMigTypes.h>
-#include "MacYarrow_OSX.h"
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
-#include <Security/cssmalloc.h>
-
-#define YS_DEBUG 0
-#if YS_DEBUG
-#define ysprintf(x) printf x
-#else
-#define ysprintf(x)
-#endif
-
-using MachPlusPlus::MachServer;
-
-/*
- * A timer for this module. Just one, and it's always active subsequent to startup.
- */
-class YarrowTimer : public MachServer::Timer {
-public:
- YarrowTimer(MachPlusPlus::MachServer &server) :
- MachServer::Timer(),
- mServer(server) {}
-
- void action();
- void scheduleTimer(unsigned msFromNow);
-private:
- MachPlusPlus::MachServer &mServer; // to which we do setTimer()
-};
-
-/*
- * Timeout event, the sole purpose of this class. Pass on to MacYarrow module.
- */
-void YarrowTimer::action()
-{
- unsigned nextTimeout = yarrowTimerEvent();
- scheduleTimer(nextTimeout);
-}
-
-void YarrowTimer::scheduleTimer(unsigned msFromNow)
-{
- mServer.setTimer(this, Time::Interval(msFromNow / 1000.0));
-}
-
-/* global, one per process, therefore one per system */
-static YarrowTimer *yarrowTimer;
-static CssmAllocator *cssmAlloc; // for temp alloc in
- // yarrow_server_getRandomBytes()
-
-YarrowServer::YarrowServer(MachPlusPlus::MachServer &globalServer, const char *entropyFilePath) :
- MachServer(YARROW_SERVER_NAME)
-{
-#ifdef TEMPORARY_SEMANTICS
- MutexLocker ml (gYarrowMutex);
-#endif
- unsigned firstTimeout;
- yarrowTimer = new YarrowTimer(globalServer);
- cssmAlloc = &CssmAllocator::standard();
- yarrowServerInit(entropyFilePath, &firstTimeout);
- yarrowTimer->scheduleTimer(firstTimeout);
-}
-
-
-/*
- * Clean up the server object
- */
-YarrowServer::~YarrowServer()
-{
- delete yarrowTimer; // FIXME - is this safe? Does MachServer do this?
-}
-
-/*
- * Thread::run() specific to this class, needed because both MachServer
- * and Thread have a run() method. Called from main().
- */
-void YarrowServer::runYarrow()
-{
- Thread::run();
-}
-
-/*
- * Run the server. This will not return until the server is forced to exit.
- */
-void YarrowServer::action()
-{
- ysprintf(("YarrowServer: running MachServer\n"));
- MachServer::run();
-}
-
-
-//
-// The server run-loop function, called out from MachServer
-//
-boolean_t yarrow_server(mach_msg_header_t *, mach_msg_header_t *);
-
-boolean_t YarrowServer::handle(mach_msg_header_t *in, mach_msg_header_t *out)
-{
- return yarrow_server(in, out);
-}
-
-
-//
-// Handling dead-port notifications
-// FIXME - how is this used?
-//
-void YarrowServer::notifyDeadName(MachPlusPlus::Port port)
-{
- // forcibly end the Connection
- // FIXME....endConnection(port, true);
-}
-
-/*
- * Functions called from server side of MIG interface.
- * As far as I can tell, MIG doesn't generate
- * prototypes for the server side...FIXME....
- */
-
-/* Bracket Macros */
-#define UCSP_ARGS mach_port_t sport, mach_port_t rport, OSStatus *rcode
-
-kern_return_t
-yarrow_server_addEntropy(
- UCSP_ARGS,
- Data bytes,
- mach_msg_type_number_t bytesCnt,
- UInt32 entBits)
-{
- unsigned nextTimeout;
- ysprintf(("yarrow server addEntropy(%02X %02X %02X %02X...) called\n",
- ((UInt8 *)bytes)[0], ((UInt8 *)bytes)[1], ((UInt8 *)bytes)[2],
- ((UInt8 *)bytes)[3]));
- *rcode = yarrowAddEntropy(static_cast<UInt8 *>(bytes), bytesCnt, entBits,
- &nextTimeout);
- if(nextTimeout != 0) {
- yarrowTimer->scheduleTimer(nextTimeout);
- }
- return KERN_SUCCESS;
-}
-
-
-kern_return_t
-yarrow_server_getRandomBytes(
- UCSP_ARGS,
- UInt32 numBytes, // in
- Data *bytes, // out
- mach_msg_type_number_t *bytesCnt) // out
-{
- /*
- * We have to allocate here; MIG does a virtual copy back to
- * client. MachServer releases later.
- */
- void *tempPtr;
- try {
- tempPtr = cssmAlloc->malloc(numBytes);
- }
- catch(...) {
- return unix_err(ENOMEM);
- }
- MachPlusPlus::MachServer::active().releaseWhenDone(*cssmAlloc, tempPtr);
- *rcode = yarrowGetRandomBytes(reinterpret_cast<UInt8 *>(tempPtr), numBytes);
- if(*rcode == noErr) {
- *bytes = reinterpret_cast<Data>(tempPtr);
- *bytesCnt = numBytes;
- }
- else {
- *bytesCnt = 0;
- }
- ysprintf(("yarrow server getRandomBytes called; data %02X %02X %02X %02X...\n",
- ((UInt8 *)*bytes)[0], ((UInt8 *)*bytes)[1], ((UInt8 *)*bytes)[2],
- ((UInt8 *)*bytes)[3]));
- return KERN_SUCCESS;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- * YarrowServer - Yarrow RNG server object
- */
-#ifndef _YARROW_SERVER_H_
-#define _YARROW_SERVER_H_
-
-#include <Security/machserver.h>
-
-class YarrowServer : public MachPlusPlus::MachServer, public Thread {
-public:
- YarrowServer(MachPlusPlus::MachServer &globalServer, const char *entropyFilePath = NULL);
- ~YarrowServer();
-
- void runYarrow();
-
-private:
- void action(); // Thread action - start up server, etc.
-
-protected:
- boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out);
- void notifyDeadName(MachPlusPlus::Port port);
-
-};
-
-
-#endif /* _YARROW_SERVER_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: debug.c
-
- Contains: Debugging support.
-
- Written by: Doug Mitchell
-
- Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
-
- Change History (most recent first):
-
- 12/07/99 dpm Created.
-
-*/
-
-
-#include "debug.h"
-
-#if DEBUG && !LOG_VIA_PRINTF
-
-#include <string.h>
-#include <Types.h>
-#include <TextUtils.h>
-
-/* common log macros */
-
-/* this one needs a writable string */
-static void logCom(unsigned char *str) {
- c2pstr((char *)str);
- DebugStr(str);
-}
-
-/* remaining ones can take constant strings */
-void dblog0(char *str) {
- Str255 outStr;
- strcpy((char *)outStr, str);
- logCom(outStr);
-}
-
-void dblog1(char *str, void *arg1) {
- Str255 outStr;
- sprintf((char *)outStr, str, arg1);
- logCom(outStr);
-}
-
-void dblog2(char *str, void * arg1, void * arg2) {
- Str255 outStr;
- sprintf((char *)outStr, str, arg1, arg2);
- logCom(outStr);
-}
-
-void dblog3(char *str, void * arg1, void * arg2, void * arg3) {
- Str255 outStr;
- sprintf((char *)outStr, str, arg1, arg2, arg3);
- logCom(outStr);
-}
-
-void dblog4(char *str, void * arg1, void * arg2, void * arg3, void * arg4) {
- Str255 outStr;
- sprintf((char *)outStr, str, arg1, arg2, arg3, arg4);
- logCom(outStr);
-}
-
-#endif /* DEBUG */
-
-#include <stdlib.h>
-
-void yarrowPanic(const char *errStr)
-{
- errorLog0((char *)errStr);
- exit(1);
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: debug.h
-
- Contains: Debugging macros.
-
- Written by: Doug Mitchell
-
- Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
-
- Change History (most recent first):
-
- 12/07/99 dpm Created.
-
-*/
-
-#ifndef _DEBUG_H_
-#define _DEBUG_H_
-
-extern void yarrowPanic(const char *errStr);
-
-#define ERROR_LOG_ENABLE 0
-
-#define LOG_VIA_PRINTF 1
-
-#if DEBUG || ERROR_LOG_ENABLE
-
-#include <stdio.h>
-
-#if !LOG_VIA_PRINTF
-
-#include <string.h>
-#include <Types.h>
-#include <TextUtils.h>
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-/* common log macros */
-
-extern void dblog0(char *str);
-extern void dblog1(char *str, void * arg1);
-extern void dblog2(char *str, void * arg1, void * arg2);
-extern void dblog3(char *str, void * arg1, void * arg2, void * arg3);
-extern void dblog4(char *str, void * arg1, void * arg2, void * arg3, void * arg4);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#else /* LOG_VIA_PRINTF */
-
-#define dblog0(str) printf(str)
-#define dblog1(str, arg1) printf(str, arg1)
-#define dblog2(str, arg1, arg2) printf(str, arg1, arg2)
-#define dblog3(str, arg1, arg2, arg3) printf(str, arg1, arg2, arg3)
-#define dblog4(str, arg1, arg2, arg3, arg4) printf(str, arg1, arg2, arg3, arg4)
-
-#endif /* LOG_VIA_PRINTF */
-
-#else /* log macros disabled */
-
-#define dblog0(str)
-#define dblog1(str, arg1)
-#define dblog2(str, arg1, arg2)
-#define dblog3(str, arg1, arg2, arg3)
-#define dblog4(str, arg1, arg2, arg3, arg4)
-
-#endif /* log macros */
-
-#if DEBUG
-
-#define dprintf0(str) dblog0(str)
-#define dprintf1(str, arg1) dblog1(str, (void *)arg1)
-#define dprintf2(str, arg1, arg2) dblog2(str, (void *)arg1, (void *)arg2)
-#define dprintf3(str, arg1, arg2, arg3) dblog3(str, (void *)arg1, (void *)arg2, (void *)arg3)
-#define dprintf4(str, arg1, arg2, arg3, arg4) dblog4(str, (void *)arg1, (void *)arg2, (void *)arg3, (void *) arg4)
-
-#define CASSERT(expression) \
- ((expression) ? (void)0 : \
- (dprintf1 ("Assertion failed: " #expression \
- ", file " __FILE__ ", line %d.\n", __LINE__), \
- yarrowPanic("Assertion Failure")))
-
-#else /* DEBUG */
-
-#define dprintf0(str)
-#define dprintf1(str, arg1)
-#define dprintf2(str, arg1, arg2)
-#define dprintf3(str, arg1, arg2, arg3)
-#define dprintf4(str, arg1, arg2, arg3, arg4)
-
-#define CASSERT(expression)
-
-#endif /* DEBUG */
-
-/*
- * Error logging. This may well be platform dependent.
- */
-#if ERROR_LOG_ENABLE
-#define errorLog0(str) dblog0(str);
-#define errorLog1(str, arg1) dblog1(str, (void *)arg1)
-#define errorLog2(str, arg1, arg2) dblog2(str, (void *)arg1, (void *)arg2)
-#define errorLog3(str, arg1, arg2, arg3) dblog3(str, (void *)arg1, (void *)arg2, (void *)arg3)
-#define errorLog4(str, arg1, arg2, arg3, arg4) dblog4(str, (void *)arg1, (void *)arg2, (void *)arg3, (void *)arg4)
-
-#else /* ERROR_LOG_ENABLE */
-
-#define errorLog0(str)
-#define errorLog1(str, arg1)
-#define errorLog2(str, arg1, arg2)
-#define errorLog3(str, arg1, arg2, arg3)
-#define errorLog4(str, arg1, arg2, arg3, arg4)
-
-#endif /* ERROR_LOG_ENABLE */
-
-#endif /* _DEBUG_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: entropyFile.h
-
- Contains: Module to maintain MacYarrow's entropy file.
-
- Written by: Doug Mitchell
-
- Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved.
-
- Change History (most recent first):
-
- 02/29/00 dpm Created.
-
-*/
-
-#ifndef _ENTROPY_FILE_H_
-#define _ENTROPY_FILE_H_
-
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-/*
- * Specify optional entropy file path. If this is never called,
- * this module will use its own default path.
- */
-OSErr setEntropyFilePath(
- const char *path);
-
-/*
- * Write specified data to entropy file. A new file will be created
- * if none exists. Existing file's data is replaced with caller's data.
- */
-OSErr writeEntropyFile(
- UInt8 *bytes,
- UInt32 numBytes);
-
-/*
- * Read data from entropy file.
- */
-OSErr readEntropyFile(
- UInt8 *bytes,
- UInt32 numBytes, // max # of bytes to read
- UInt32 *actualBytes); // RETURNED - number of bytes actually read
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /* _ENTROPY_FILE_H_*/
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: entropyFile.c
-
- Contains: Module to maintain MacYarrow's entropy file.
-
- Written by: Doug Mitchell
-
- Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved.
-
- Change History (most recent first):
-
- 02/29/00 dpm Created.
-
-*/
-
-#include "entropyFile.h"
-#include "debug.h"
-#include <Files.h>
-#include <Folders.h>
-#include <Errors.h>
-#include <Script.h> // for smSystemScript
-
-/*
- * FIXME - for debugging, we put the entropy file the current user's
- * preferences folder. For the real thing, we should either put it in
- * System preferences or use UNIX I/O to specify some other path.
- */
-#ifdef DEBUG
-#define ENTROPY_FOLDER kPreferencesFolderType
-#else
-#define ENTROPY_FOLDER kSystemPreferencesFolderType
-#endif
-#define ENTROPY_FILE_NAME "\pSystem Entropy"
-#define ENTROPY_FILE_CREATOR 'yarw'
-#define ENTROPY_FILE_TYPE 'ENTR'
-
-/*
- * Open/create entropy file. fnfErr returned if doCreate is false and
- * the file doesn't exist.
- */
-static OSErr openEntropyFile(
- Boolean doCreate,
- Boolean writeAccess, // required if doCreate true
- short *refNum) // RETURNED
-{
- FSSpec fsp;
- OSErr ortn;
- short vRefNum;
- long dirID;
- SInt8 perm;
-
- if(doCreate && !writeAccess) {
- return paramErr;
- }
- *refNum = 0;
- ortn = FindFolder(kOnSystemDisk,
- ENTROPY_FOLDER,
- kDontCreateFolder,
- &vRefNum,
- &dirID);
- if(ortn) {
- errorLog1("openEntropyFile: FindFolder returned %d\n", (int)ortn);
- return ioErr;
- }
- ortn = FSMakeFSSpec(vRefNum, dirID, ENTROPY_FILE_NAME, &fsp);
- switch(ortn) {
- case noErr:
- break;
- case fnfErr:
- if(!doCreate) {
- return fnfErr;
- }
- else {
- break;
- }
- default:
- errorLog1("openEntropyFile: FSMakeFSSpec returned %d\n", (int)ortn);
- return ioErr;
- }
-
- if(doCreate && (ortn == fnfErr)) {
- /* create it */
- ortn = FSpCreate(&fsp,
- ENTROPY_FILE_CREATOR,
- ENTROPY_FILE_TYPE,
- smSystemScript);
- if(ortn) {
- errorLog1("openEntropyFile: FSpCreate returned %d\n", (int)ortn);
- return ortn;
- }
-
- /* fixme - set FInfo.fdFlags.kIsInvisible? */
- }
-
- /* open it in any case */
- perm = (writeAccess ? fsRdWrPerm : fsRdPerm);
- ortn = FSpOpenDF(&fsp, perm, refNum);
- if(ortn) {
- errorLog1("openEntropyFile: FSpOpenDF returned %d\n", (int)ortn);
- }
- return ortn;
-}
-
-/*
- * Write specified data to entropy file. A new file will be created
- * if none exists. Data will be appended to possible existing data
- * if append is true, otherwise the file's data is replaced with
- * caller's data.
- */
-OSErr writeEntropyFile(
- UInt8 *bytes,
- UInt32 numBytes,
- Boolean append)
-{
- OSErr ortn;
- short refNum;
- long eof;
- long actLength = numBytes;
-
- ortn = openEntropyFile(true, true, &refNum);
- if(ortn) {
- return ortn;
- }
- if(append) {
- ortn = GetEOF(refNum, &eof);
- if(ortn) {
- goto done;
- }
- }
- else {
- /* truncate to 0 */
- ortn = SetEOF(refNum, 0);
- if(ortn) {
- goto done;
- }
- eof = 0;
- }
- ortn = SetFPos(refNum, fsFromStart, eof);
- if(ortn) {
- goto done;
- }
- ortn = FSWrite(refNum, &actLength, bytes);
- if((ortn == noErr) && (actLength != numBytes)) {
- errorLog0("writeEntropyFile: short write\n");
- }
-done:
- FSClose(refNum);
- return ortn;
-}
-
-/*
- * Read data from entropy file.
- */
-OSErr readEntropyFile(
- UInt8 *bytes,
- UInt32 numBytes, // max # of bytes to read
- UInt32 *actualBytes) // RETURNED - number of bytes actually read
-{
- OSErr ortn;
- short refNum;
- long actLength = numBytes;
-
- ortn = openEntropyFile(false, false, &refNum);
- if(ortn) {
- return ortn;
- }
- ortn = FSRead(refNum, &actLength, bytes);
- *actualBytes = actLength;
- FSClose(refNum);
- return ortn;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: entropyFileUnix.c
-
- Contains: Module to maintain MacYarrow's entropy file, UNIX version.
-
- Written by: Doug Mitchell
-
- Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved.
-
- Change History (most recent first):
-
- 05/22/00 dpm Created.
-
-*/
-
-#include "entropyFile.h"
-#include "debug.h"
-#include <unistd.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <string.h>
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
-
-/*
- * For now we use the same file location for all builds. Generally for
- * debugging - when this code is not running as root - you need to do
- * the following once per system before using this code:
- *
- * > su to root
- * # touch /var/db/SystemEntropyCache
- * # chmod 666 /var/db/SystemEntropyCache
- */
-#define DEFAULT_ENTROPY_FILE_PATH "/var/db/SystemEntropyCache"
-
-/* NULL ==> use default, else use caller-specified path */
-static char *entropyFilePath = NULL;
-
-static OSErr errNoToOSErr(int err)
-{
- switch(err) {
- case ENOENT:
- return fnfErr;
- case EPERM:
- return permErr;
- /* anything else interesting? */
- default:
- return ioErr;
- }
-}
-
-static char *getEntropyFilePath()
-{
- if(entropyFilePath) {
- return entropyFilePath;
- }
- else {
- return DEFAULT_ENTROPY_FILE_PATH;
- }
-}
-
-/*
- * Specify optional entropy file path. If this is never called,
- * this module will use its own default path.
- */
-OSErr setEntropyFilePath(
- const char *path)
-{
- unsigned len;
-
- if(entropyFilePath) {
- free(entropyFilePath);
- entropyFilePath = NULL;
- }
- if(path == NULL) {
- return noErr;
- }
- len = strlen(path);
- if(len > 255) {
- /* no can do */
- return bdNamErr;
- }
- entropyFilePath = malloc(len + 1);
- if(entropyFilePath == NULL) {
- return memFullErr;
- }
- memmove(entropyFilePath, path, len + 1);
- return noErr;
-}
-
-/*
- * Write specified data to entropy file. A new file will be created
- * if none exists. Existing file's data is replaced with caller's data.
- */
-OSErr writeEntropyFile(
- UInt8 *bytes,
- UInt32 numBytes)
-{
- int rtn;
- int fd;
- OSErr ortn;
-
- fd = open(getEntropyFilePath(), O_RDWR | O_CREAT | O_TRUNC, 0600);
- if(fd <= 0) {
- rtn = errno;
- errorLog1("writeEntropyFile: open returned %d\n", rtn);
- return errNoToOSErr(rtn);
- }
- rtn = lseek(fd, 0, SEEK_SET);
- if(rtn < 0) {
- rtn = errno;
- errorLog1("writeEntropyFile: lseek returned %d\n", rtn);
- return errNoToOSErr(rtn);
- }
- rtn = write(fd, bytes, (size_t)numBytes);
- if(rtn != (int)numBytes) {
- if(rtn < 0) {
- errorLog1("writeEntropyFile: write() returned %d\n", rtn);
- ortn = errNoToOSErr(errno);
- }
- else {
- errorLog0("writeEntropyFile(): short write\n");
- ortn = ioErr;
- }
- }
- else {
- ortn = noErr;
- }
- close(fd);
- return ortn;
-}
-
-/*
- * Read data from entropy file.
- */
-OSErr readEntropyFile(
- UInt8 *bytes,
- UInt32 numBytes, // max # of bytes to read
- UInt32 *actualBytes) // RETURNED - number of bytes actually read
-{
- int rtn;
- int fd;
- OSErr ortn;
-
- *actualBytes = 0;
- fd = open(getEntropyFilePath(), O_RDONLY, 0);
- if(fd <= 0) {
- rtn = errno;
- errorLog1("readEntropyFile: open returned %d\n", rtn);
- return errNoToOSErr(rtn);
- }
- rtn = lseek(fd, 0, SEEK_SET);
- if(rtn < 0) {
- rtn = errno;
- errorLog1("readEntropyFile: lseek returned %d\n", rtn);
- return errNoToOSErr(rtn);
- }
- rtn = read(fd, bytes, (size_t)numBytes);
- if(rtn < 0) {
- errorLog1("readEntropyFile: read() returned %d\n", rtn);
- ortn = errNoToOSErr(errno);
- }
- else {
- *actualBytes = (UInt32)rtn;
- ortn = noErr;
- }
- close(fd);
- return ortn;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* Copyright (c) 1997 Apple Computer, Inc. All rights reserved.
- *
- * kdebugprivate.h - private kernel_debug definitions
- *
- */
-
-
-/**********************************************************************/
-#ifndef _BSD_KERN_KDEBUG_PRIVATE_H_
-#define _BSD_KERN_KDEBUG_PRIVATE_H_
-
-typedef struct {
-mach_timespec_t timestamp;
-unsigned int arg1;
-unsigned int arg2;
-unsigned int arg3;
-unsigned int arg4;
-unsigned int arg5; /* will hold current thread */
-unsigned int debugid;
-} kd_buf;
-
-/* Debug Flags */
-#define KDBG_INIT 0x1
-#define KDBG_NOWRAP 0x2
-#define KDBG_FREERUN 0x4
-#define KDBG_WRAPPED 0x8
-#define KDBG_USERFLAGS (KDBG_FREERUN|KDBG_NOWRAP|KDBG_INIT)
-#define KDBG_PIDCHECK 0x10
-#define KDBG_MAPINIT 0x20
-
-
-typedef struct {
- unsigned int type;
- unsigned int value1;
- unsigned int value2;
- unsigned int value3;
- unsigned int value4;
-
-} kd_regtype;
-
-typedef struct
-{
- int nkdbufs;
- int nolog;
- int flags;
- int nkdthreads;
-} kbufinfo_t;
-
-typedef struct
-{
- unsigned int thread;
- int valid;
- char command[20];
-} kd_threadmap;
-
-
-#define KDBG_CLASSTYPE 0x10000
-#define KDBG_SUBCLSTYPE 0x20000
-#define KDBG_RANGETYPE 0x40000
-#define KDBG_TYPENONE 0x80000
-#define KDBG_CKTYPES 0xF0000
-
-#define KDBG_RANGECHECK 0x100000
-#define KDBG_VALCHECK 0x200000 /* Check up to 4 individual values
-*/
-
-#define KDBG_BUFINIT 0x80000000
-/* Maximum number of buffer entries is 64k */
-
-#define KDBG_MAXBUFSIZE (64*1024)
-
-/* Control operations */
-#define KDBG_EFLAGS 1
-#define KDBG_DFLAGS 2
-#define KDBG_ENABLE 3
-#define KDBG_SETNUMBUF 4
-#define KDBG_GETNUMBUF 5
-#define KDBG_SETUP 6
-#define KDBG_REMOVE 7
-#define KDBG_SETREGCODE 8
-#define KDBG_GETREGCODE 9
-#define KDBG_READTRACE 10
-
-#define KDBGREGCALSS 1
-#define KDBGREGSUBCALSS 2
-#define KDBGREGRANGE 3
-#define KDBGREGNONE 4
-/**********************************************************************/
-
-#endif /* _BSD_KERN_KDEBUG_PRIVATE_H_ */
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-#define DEBUG 1
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-#define DEBUG 0
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: systemEntropy.c
-
- Contains: System entropy collector, using
- sysctl(CTL_KERN:KERN_KDEBUG) trace info
-
- Copyright: (C) 2000 by Apple Computer, Inc., all rights reserved
-
- Written by: Doug Mitchell <dmitch@apple.com>
-*/
-
-#include "systemEntropy.h"
-#include "debug.h"
-
-/* support for sysctl */
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/time.h>
-//#include <libc.h>
-#include <sys/kdebug.h>
-#include <sys/sysctl.h>
-#include <sys/errno.h>
-#include <unistd.h>
-
-/* this should eventually come from private system headers */
-#include "kdebug_private.h"
-
-/* time to gather trace info */
-#define MS_TO_SLEEP 100
-
-static int set_remove();
-static int set_init();
-static int set_enable(int val);
-static int set_numbufs(int nbufs);
-
-/* start collecting system entropy */
-int systemEntropyBegin(UInt32 bufSize)
-{
- int rtn;
-
- /* start from clean slate */
- set_remove();
-
- /*
- * This will result in a ENOENT error if we're not root.
- * That's OK, the kernel will use its default of an 8K
- * buffer in that case.
- */
- set_numbufs(bufSize);
- if(rtn = set_init()) {
- return rtn;
- }
- if(rtn = set_enable(1)) {
- return rtn;
- }
- return 0;
-}
-
-
-int systemEntropyCollect(
- UInt8 *buf,
- UInt32 bufSize,
- UInt32 *numBytes, // RETURNED - number of bytes obtained
- UInt32 *bitsOfEntropy) // RETURNED - est. amount of entropy
-{
- int rtn = 0;
- size_t mallocdSize;
- UInt8 *cp = buf;
- kd_buf *kd = NULL;
- int i;
- int mib[6];
- size_t numEntries;
-
- *numBytes = 0;
- *bitsOfEntropy = 0;
-
-
- /*
- * We use one byte from each entry, which is a kd_buf.
- * Thus, malloc bufSize kd_bufs.
- * FIXME : this should use a secure nonswapping malloc.
- */
- mallocdSize = bufSize * sizeof(kd_buf);
- kd = (kd_buf *)malloc(mallocdSize);
- if(kd == NULL) {
- rtn = ENOMEM;
- goto errOut;
- }
-
- mib[0] = CTL_KERN;
- mib[1] = KERN_KDEBUG;
- mib[2] = KERN_KDREADTR;
- mib[3] = 0;
- mib[4] = 0;
- mib[5] = 0; /* no flags */
-
- /*
- * Snag the trace buffer, up to caller's limit.
- * On call to sysctl, numEntries is byte count, on return,
- * it's buffer count.
- */
- numEntries = mallocdSize;
- if (sysctl(mib, 3, kd, &numEntries, NULL, 0) < 0) {
- /* ENOMEM means we didn't have room for everything in
- * the kernel trace buffer, which is fine */
- int err = errno;
- if(err != ENOMEM) {
- errorLog1("sysctl-KERN_KDREADTR: %d\n", err);
- rtn = err;
- goto errOut;
- }
- }
- if(numEntries == 0) {
- rtn = ENOENT;
- goto errOut;
- }
-
- /*
- * First entropy byte is the low byte of the first entry's
- * timestamp. Subsequent bytes are the deltas between successive
- * entries' timestamps.
- */
- *cp++ = (UInt8)kd[0].timestamp.tv_nsec;
- for (i=1; i<numEntries; i++) {
- *cp++ = kd[i].timestamp.tv_nsec - kd[i-1].timestamp.tv_nsec;
- }
-
- *numBytes = numEntries;
- *bitsOfEntropy = numEntries * 4; // half random?
-
- /* and finally, turn off tracing */
-errOut:
- set_enable(0);
- set_remove(); // ignore errors
- return rtn;
-}
-
-/*
- * The remainder of this file is based on code provided by Joe Sokol.
- * All functions return a UNIX errno, zero on success.
- */
-
-static int set_remove()
-{
- int mib[6];
- size_t needed;
-
- mib[0] = CTL_KERN;
- mib[1] = KERN_KDEBUG;
- mib[2] = KERN_KDREMOVE; /* protocol */
- mib[3] = 0;
- mib[4] = 0;
- mib[5] = 0; /* no flags */
-
- if (sysctl(mib, 3, NULL, &needed, NULL, 0) < 0) {
- int err = errno;
- errorLog1("sysctl-KERN_KDREMOVE: %d\n", err);
- return err;
- }
- return 0;
-}
-
-static int set_init()
-{
- kd_regtype kr;
- int mib[6];
- size_t needed;
-
- kr.type = KDBG_RANGETYPE;
- kr.value1 = 0;
- kr.value2 = -1;
- needed = sizeof(kd_regtype);
- mib[0] = CTL_KERN;
- mib[1] = KERN_KDEBUG;
- mib[2] = KERN_KDSETREG;
- mib[3] = 0;
- mib[4] = 0;
- mib[5] = 0; /* no flags */
-
- if (sysctl(mib, 3, &kr, &needed, NULL, 0) < 0) {
- int err = errno;
- errorLog1("sysctl-KERN_KDSETREG: %d\n", err);
- return err;
- }
-
- mib[0] = CTL_KERN;
- mib[1] = KERN_KDEBUG;
- mib[2] = KERN_KDSETUP;
- mib[3] = 0;
- mib[4] = 0;
- mib[5] = 0; /* no flags */
-
- if (sysctl(mib, 3, NULL, &needed, NULL, 0) < 0) {
- int err = errno;
- errorLog1("sysctl-KERN_KDSETUP: %d\n", err);
- return err;
- }
- return 0;
-}
-
-static int set_enable(int val)
-{
- int mib[6];
- size_t needed;
-
- mib[0] = CTL_KERN;
- mib[1] = KERN_KDEBUG;
- mib[2] = KERN_KDENABLE; /* protocol */
- mib[3] = val;
- mib[4] = 0;
- mib[5] = 0; /* no flags */
- if (sysctl(mib, 4, NULL, &needed, NULL, 0) < 0) {
- int err = errno;
- errorLog1("sysctl-KERN_KDENABLE: %d\n", err);
- return err;
- }
- return 0;
-}
-
-static int set_numbufs(int nbufs)
-{
- int mib[6];
- size_t needed;
-
- mib[0] = CTL_KERN;
- mib[1] = KERN_KDEBUG;
- mib[2] = KERN_KDSETBUF;
- mib[3] = nbufs;
- mib[4] = 0;
- mib[5] = 0; /* no flags */
- if (sysctl(mib, 4, NULL, &needed, NULL, 0) < 0) {
- int err = errno;
- errorLog2("ERROR: sysctl-KERN_KDSETBUF(%d): %s\n",
- nbufs, strerror(err));
- return err;
- }
-
- mib[0] = CTL_KERN;
- mib[1] = KERN_KDEBUG;
- mib[2] = KERN_KDSETUP;
- mib[3] = 0;
- mib[4] = 0;
- mib[5] = 0; /* no flags */
- if (sysctl(mib, 3, NULL, &needed, NULL, 0) < 0) {
- int err = errno;
- errorLog1("ERROR: sysctl-KERN_KDSETUP: %s\n",
- strerror(err));
- return err;
- }
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- File: systemEntropy.h
-
- Contains: System entropy collector, using
- sysctl(CTL_KERN:KERN_KDEBUG) trace info
-
- Copyright: (C) 2000 by Apple Computer, Inc., all rights reserved
-
- Written by: Doug Mitchell <dmitch@apple.com>
-*/
-
-#ifndef _YARROW_SYSTEM_ENTROPY_H_
-#define _YARROW_SYSTEM_ENTROPY_H_
-
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* start collecting system entropy */
-int systemEntropyBegin(
- UInt32 bufSize); // desired number of bytes to collect
-
-
-/* gather system entropy in caller-supplied buffer */
-int systemEntropyCollect(
- UInt8 *buf,
- UInt32 bufSize,
- UInt32 *numBytes, // RETURNED - number of bytes obtained
- UInt32 *bitsOfEntropy); // RETURNED - est. amount of entropy
-
-/* minimum number of milliseconds between calling systemEntropyBegin() and
- * systemEntropyCollect() */
-#define SYSTEM_ENTROPY_COLLECT_TIME 100
-//#define SYSTEM_ENTROPY_COLLECT_TIME 5000
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _YARROW_SYSTEM_ENTROPY_H_*/
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- * Simple YarrowClient test.
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <Security/SecurityYarrowClient.h>
-
-#define BUFSIZE 32
-
-static void dumpBuf(UInt8 *buf,
- unsigned len)
-{
- unsigned i;
-
- printf(" ");
- for(i=0; i<len; i++) {
- printf("%02X ", buf[i]);
- if((i % 8) == 7) {
- printf("\n ");
- }
- }
- printf("\n");
-}
-
-int main()
-{
- try {
- YarrowClient client; // take default constructor
- UInt8 buf[BUFSIZE];
- char resp = 'm'; // initial op = get random data
-
- while(1) {
- switch(resp) {
- case 'm':
- client.getRandomBytes(buf, BUFSIZE);
- dumpBuf(buf, BUFSIZE);
- break;
- case 'a':
- /* claim it's half random */
- client.addEntropy(buf, BUFSIZE, BUFSIZE * 4);
- break;
- case '\n':
- goto nextChar;
- default:
- printf("Huh?\n");
- }
- printf(" a Add this as entropy\n");
- printf(" m Get more random data\n");
- printf(" q quit\n");
- printf("\ncommand me: ");
- nextChar:
- resp = getchar();
- if(resp == 'q') {
- break;
- }
- }
- }
- catch (OSErr ortn) {
- printf("YarrowClient threw OSErr %d\n", ortn);
- }
- catch (...) {
- printf("Whoops! YarrowClient threw an exception!\n");
- }
- /* and YarrowClient cleans up on the way out */
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-//
-// simple daemon to run yarrow server
-//
-
-#include <YarrowServer/YarrowServer_OSX.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-int main(int argc, char **argv)
-{
- char *entropyFilePath = NULL;
- int arg;
-
- for(arg=1; arg<argc; arg++) {
- switch(argv[arg][0]) {
- case 'e':
- entropyFilePath = &argv[arg][2];
- break;
- default:
- printf("Usage: %s [e=entropyFilePath]\n", argv[0]);
- exit(1);
- }
- }
- printf("starting up server...\n");
-
- YarrowServer *server = new YarrowServer(entropyFilePath);
- server->runYarrow(); // forks off thread
- printf("server running; hit q exit: ");
- while(1) {
- char c = getchar();
- if(c == 'q') {
- break;
- }
- printf("...still running\n");
- }
- return 0;
-}
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-//
-// yarrowseed - periodical to collect and seed entropy into /dev/random
-//
-#include "yarrowseed.h"
-#include "MacYarrow_OSX.h"
-
-
-//
-// Constructor initializes the entropy generator and schedules itself
-//
-YarrowTimer::YarrowTimer(MachPlusPlus::MachServer &srv, const char *entropyFile)
- : MachServer::Timer(), server(srv)
-{
- unsigned firstTimeout;
-#if correct
- if (OSStatus err = yarrowServerInit(entropyFile, &firstTimeout))
- MacOSError::throwMe(err);
-#else
- yarrowServerInit(entropyFile, &firstTimeout);
-#endif
- server.setTimer(this, Time::Interval(firstTimeout / 1000.0));
-}
-
-
-/*
- * Timeout event, the sole purpose of this class. Pass on to MacYarrow module.
- */
-void YarrowTimer::action()
-{
- unsigned nextTimeout = yarrowTimerEvent();
- scheduleTimer(nextTimeout);
-}
-
-void YarrowTimer::scheduleTimer(unsigned msFromNow)
-{
- server.setTimer(this, Time::Interval(msFromNow / 1000.0));
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-//
-// yarrowseed - periodical to collect and seed entropy into /dev/random
-//
-#ifndef _H_YARROWSEED
-#define _H_YARROWSEED
-
-#include <Security/machserver.h>
-#include <mach/mach_error.h>
-
-
-using MachPlusPlus::MachServer;
-
-
-/*
- * A timer for this module. Just one, and it's always active subsequent to startup.
- */
-class YarrowTimer : public MachServer::Timer {
-public:
- YarrowTimer(MachPlusPlus::MachServer &srv, const char *entropyFile = NULL);
-
- void action();
- void scheduleTimer(unsigned msFromNow);
-
- MachPlusPlus::MachServer &server; // to which we do setTimer()
-};
-
-#endif //_H_YARROWSEED
+++ /dev/null
-
\r ChangeLog file for zlib
\r\rChanges in 1.1.3 (9 July 1998)
\r- fix "an inflate input buffer bug that shows up on rare but persistent
\r occasions" (Mark)
\r- fix gzread and gztell for concatenated .gz files (Didier Le Botlan)
\r- fix gzseek(..., SEEK_SET) in write mode
\r- fix crc check after a gzeek (Frank Faubert)
\r- fix miniunzip when the last entry in a zip file is itself a zip file
\r (J Lillge)
\r- add contrib/asm586 and contrib/asm686 (Brian Raiter)
\r See http://www.muppetlabs.com/~breadbox/software/assembly.html
\r- add support for Delphi 3 in contrib/delphi (Bob Dellaca)
\r- add support for C++Builder 3 and Delphi 3 in contrib/delphi2 (Davide Moretti)
\r- do not exit prematurely in untgz if 0 at start of block (Magnus Holmgren)
\r- use macro EXTERN instead of extern to support DLL for BeOS (Sander Stoks)
\r- added a FAQ file
\r\r- Support gzdopen on Mac with Metrowerks (Jason Linhart)
\r- Do not redefine Byte on Mac (Brad Pettit & Jason Linhart)
\r- define SEEK_END too if SEEK_SET is not defined (Albert Chin-A-Young)
\r- avoid some warnings with Borland C (Tom Tanner)
\r- fix a problem in contrib/minizip/zip.c for 16-bit MSDOS (Gilles Vollant)
\r- emulate utime() for WIN32 in contrib/untgz (Gilles Vollant)
\r- allow several arguments to configure (Tim Mooney, Frodo Looijaard)
\r- use libdir and includedir in Makefile.in (Tim Mooney)
\r- support shared libraries on OSF1 V4 (Tim Mooney)
\r- remove so_locations in "make clean" (Tim Mooney)
\r- fix maketree.c compilation error (Glenn, Mark)
\r- Python interface to zlib now in Python 1.5 (Jeremy Hylton)
\r- new Makefile.riscos (Rich Walker)
\r- initialize static descriptors in trees.c for embedded targets (Nick Smith)
\r- use "foo-gz" in example.c for RISCOS and VMS (Nick Smith)
\r- add the OS/2 files in Makefile.in too (Andrew Zabolotny)
\r- fix fdopen and halloc macros for Microsoft C 6.0 (Tom Lane)
\r- fix maketree.c to allow clean compilation of inffixed.h (Mark)
\r- fix parameter check in deflateCopy (Gunther Nikl)
\r- cleanup trees.c, use compressed_len only in debug mode (Christian Spieler)
\r- Many portability patches by Christian Spieler:
\r . zutil.c, zutil.h: added "const" for zmem*
\r . Make_vms.com: fixed some typos
\r . Make_vms.com: msdos/Makefile.*: removed zutil.h from some dependency lists
\r . msdos/Makefile.msc: remove "default rtl link library" info from obj files
\r . msdos/Makefile.*: use model-dependent name for the built zlib library
\r . msdos/Makefile.emx, nt/Makefile.emx, nt/Makefile.gcc:
\r new makefiles, for emx (DOS/OS2), emx&rsxnt and mingw32 (Windows 9x / NT)
\r- use define instead of typedef for Bytef also for MSC small/medium (Tom Lane)
\r- replace __far with _far for better portability (Christian Spieler, Tom Lane)
\r- fix test for errno.h in configure (Tim Newsham)
\r\rChanges in 1.1.2 (19 March 98)
\r- added contrib/minzip, mini zip and unzip based on zlib (Gilles Vollant)
\r See http://www.winimage.com/zLibDll/unzip.html
\r- preinitialize the inflate tables for fixed codes, to make the code
\r completely thread safe (Mark)
\r- some simplifications and slight speed-up to the inflate code (Mark)
\r- fix gzeof on non-compressed files (Allan Schrum)
\r- add -std1 option in configure for OSF1 to fix gzprintf (Martin Mokrejs)
\r- use default value of 4K for Z_BUFSIZE for 16-bit MSDOS (Tim Wegner + Glenn)
\r- added os2/Makefile.def and os2/zlib.def (Andrew Zabolotny)
\r- add shared lib support for UNIX_SV4.2MP (MATSUURA Takanori)
\r- do not wrap extern "C" around system includes (Tom Lane)
\r- mention zlib binding for TCL in README (Andreas Kupries)
\r- added amiga/Makefile.pup for Amiga powerUP SAS/C PPC (Andreas Kleinert)
\r- allow "make install prefix=..." even after configure (Glenn Randers-Pehrson)
\r- allow "configure --prefix $HOME" (Tim Mooney)
\r- remove warnings in example.c and gzio.c (Glenn Randers-Pehrson)
\r- move Makefile.sas to amiga/Makefile.sas
\r\rChanges in 1.1.1 (27 Feb 98)
\r- fix macros _tr_tally_* in deflate.h for debug mode (Glenn Randers-Pehrson)
\r- remove block truncation heuristic which had very marginal effect for zlib
\r (smaller lit_bufsize than in gzip 1.2.4) and degraded a little the
\r compression ratio on some files. This also allows inlining _tr_tally for
\r matches in deflate_slow.
\r- added msdos/Makefile.w32 for WIN32 Microsoft Visual C++ (Bob Frazier)
\r\rChanges in 1.1.0 (24 Feb 98)
\r- do not return STREAM_END prematurely in inflate (John Bowler)
\r- revert to the zlib 1.0.8 inflate to avoid the gcc 2.8.0 bug (Jeremy Buhler)
\r- compile with -DFASTEST to get compression code optimized for speed only
\r- in minigzip, try mmap'ing the input file first (Miguel Albrecht)
\r- increase size of I/O buffers in minigzip.c and gzio.c (not a big gain
\r on Sun but significant on HP)
\r\r- add a pointer to experimental unzip library in README (Gilles Vollant)
\r- initialize variable gcc in configure (Chris Herborth)
\r\rChanges in 1.0.9 (17 Feb 1998)
\r- added gzputs and gzgets functions
\r- do not clear eof flag in gzseek (Mark Diekhans)
\r- fix gzseek for files in transparent mode (Mark Diekhans)
\r- do not assume that vsprintf returns the number of bytes written (Jens Krinke)
\r- replace EXPORT with ZEXPORT to avoid conflict with other programs
\r- added compress2 in zconf.h, zlib.def, zlib.dnt
\r- new asm code from Gilles Vollant in contrib/asm386
\r- simplify the inflate code (Mark):
\r . Replace ZALLOC's in huft_build() with single ZALLOC in inflate_blocks_new()
\r . ZALLOC the length list in inflate_trees_fixed() instead of using stack
\r . ZALLOC the value area for huft_build() instead of using stack
\r . Simplify Z_FINISH check in inflate()
\r\r- Avoid gcc 2.8.0 comparison bug a little differently than zlib 1.0.8
\r- in inftrees.c, avoid cc -O bug on HP (Farshid Elahi)
\r- in zconf.h move the ZLIB_DLL stuff earlier to avoid problems with
\r the declaration of FAR (Gilles VOllant)
\r- install libz.so* with mode 755 (executable) instead of 644 (Marc Lehmann)
\r- read_buf buf parameter of type Bytef* instead of charf*
\r- zmemcpy parameters are of type Bytef*, not charf* (Joseph Strout)
\r- do not redeclare unlink in minigzip.c for WIN32 (John Bowler)
\r- fix check for presence of directories in "make install" (Ian Willis)
\r\rChanges in 1.0.8 (27 Jan 1998)
\r- fixed offsets in contrib/asm386/gvmat32.asm (Gilles Vollant)
\r- fix gzgetc and gzputc for big endian systems (Markus Oberhumer)
\r- added compress2() to allow setting the compression level
\r- include sys/types.h to get off_t on some systems (Marc Lehmann & QingLong)
\r- use constant arrays for the static trees in trees.c instead of computing
\r them at run time (thanks to Ken Raeburn for this suggestion). To create
\r trees.h, compile with GEN_TREES_H and run "make test".
\r- check return code of example in "make test" and display result
\r- pass minigzip command line options to file_compress
\r- simplifying code of inflateSync to avoid gcc 2.8 bug
\r\r- support CC="gcc -Wall" in configure -s (QingLong)
\r- avoid a flush caused by ftell in gzopen for write mode (Ken Raeburn)
\r- fix test for shared library support to avoid compiler warnings
\r- zlib.lib -> zlib.dll in msdos/zlib.rc (Gilles Vollant)
\r- check for TARGET_OS_MAC in addition to MACOS (Brad Pettit)
\r- do not use fdopen for Metrowerks on Mac (Brad Pettit))
\r- add checks for gzputc and gzputc in example.c
\r- avoid warnings in gzio.c and deflate.c (Andreas Kleinert)
\r- use const for the CRC table (Ken Raeburn)
\r- fixed "make uninstall" for shared libraries
\r- use Tracev instead of Trace in infblock.c
\r- in example.c use correct compressed length for test_sync
\r- suppress +vnocompatwarnings in configure for HPUX (not always supported)
\r\rChanges in 1.0.7 (20 Jan 1998)
\r- fix gzseek which was broken in write mode
\r- return error for gzseek to negative absolute position
\r- fix configure for Linux (Chun-Chung Chen)
\r- increase stack space for MSC (Tim Wegner)
\r- get_crc_table and inflateSyncPoint are EXPORTed (Gilles Vollant)
\r- define EXPORTVA for gzprintf (Gilles Vollant)
\r- added man page zlib.3 (Rick Rodgers)
\r- for contrib/untgz, fix makedir() and improve Makefile
\r\r- check gzseek in write mode in example.c
\r- allocate extra buffer for seeks only if gzseek is actually called
\r- avoid signed/unsigned comparisons (Tim Wegner, Gilles Vollant)
\r- add inflateSyncPoint in zconf.h
\r- fix list of exported functions in nt/zlib.dnt and mdsos/zlib.def
\r\rChanges in 1.0.6 (19 Jan 1998)
\r- add functions gzprintf, gzputc, gzgetc, gztell, gzeof, gzseek, gzrewind and
\r gzsetparams (thanks to Roland Giersig and Kevin Ruland for some of this code)
\r- Fix a deflate bug occuring only with compression level 0 (thanks to
\r Andy Buckler for finding this one).
\r- In minigzip, pass transparently also the first byte for .Z files.
\r- return Z_BUF_ERROR instead of Z_OK if output buffer full in uncompress()
\r- check Z_FINISH in inflate (thanks to Marc Schluper)
\r- Implement deflateCopy (thanks to Adam Costello)
\r- make static libraries by default in configure, add --shared option.
\r- move MSDOS or Windows specific files to directory msdos
\r- suppress the notion of partial flush to simplify the interface
\r (but the symbol Z_PARTIAL_FLUSH is kept for compatibility with 1.0.4)
\r- suppress history buffer provided by application to simplify the interface
\r (this feature was not implemented anyway in 1.0.4)
\r- next_in and avail_in must be initialized before calling inflateInit or
\r inflateInit2
\r- add EXPORT in all exported functions (for Windows DLL)
\r- added Makefile.nt (thanks to Stephen Williams)
\r- added the unsupported "contrib" directory:
\r contrib/asm386/ by Gilles Vollant <info@winimage.com>
\r 386 asm code replacing longest_match().
\r contrib/iostream/ by Kevin Ruland <kevin@rodin.wustl.edu>
\r A C++ I/O streams interface to the zlib gz* functions
\r contrib/iostream2/ by Tyge Løvset <Tyge.Lovset@cmr.no>
\r Another C++ I/O streams interface
\r contrib/untgz/ by "Pedro A. Aranda Guti\irrez" <paag@tid.es>
\r A very simple tar.gz file extractor using zlib
\r contrib/visual-basic.txt by Carlos Rios <c_rios@sonda.cl>
\r How to use compress(), uncompress() and the gz* functions from VB.
\r- pass params -f (filtered data), -h (huffman only), -1 to -9 (compression
\r level) in minigzip (thanks to Tom Lane)
\r\r- use const for rommable constants in deflate
\r- added test for gzseek and gztell in example.c
\r- add undocumented function inflateSyncPoint() (hack for Paul Mackerras)
\r- add undocumented function zError to convert error code to string
\r (for Tim Smithers)
\r- Allow compilation of gzio with -DNO_DEFLATE to avoid the compression code.
\r- Use default memcpy for Symantec MSDOS compiler.
\r- Add EXPORT keyword for check_func (needed for Windows DLL)
\r- add current directory to LD_LIBRARY_PATH for "make test"
\r- create also a link for libz.so.1
\r- added support for FUJITSU UXP/DS (thanks to Toshiaki Nomura)
\r- use $(SHAREDLIB) instead of libz.so in Makefile.in (for HPUX)
\r- added -soname for Linux in configure (Chun-Chung Chen,
\r- assign numbers to the exported functions in zlib.def (for Windows DLL)
\r- add advice in zlib.h for best usage of deflateSetDictionary
\r- work around compiler bug on Atari (cast Z_NULL in call of s->checkfn)
\r- allow compilation with ANSI keywords only enabled for TurboC in large model
\r- avoid "versionString"[0] (Borland bug)
\r- add NEED_DUMMY_RETURN for Borland
\r- use variable z_verbose for tracing in debug mode (L. Peter Deutsch).
\r- allow compilation with CC
\r- defined STDC for OS/2 (David Charlap)
\r- limit external names to 8 chars for MVS (Thomas Lund)
\r- in minigzip.c, use static buffers only for 16-bit systems
\r- fix suffix check for "minigzip -d foo.gz"
\r- do not return an error for the 2nd of two consecutive gzflush() (Felix Lee)
\r- use _fdopen instead of fdopen for MSC >= 6.0 (Thomas Fanslau)
\r- added makelcc.bat for lcc-win32 (Tom St Denis)
\r- in Makefile.dj2, use copy and del instead of install and rm (Frank Donahoe)
\r- Avoid expanded $Id: ChangeLog,v 1.1.1.1 2001/05/18 23:14:03 mb Exp $. Use "rcs -kb" or "cvs admin -kb" to avoid Id expansion.
\r- check for unistd.h in configure (for off_t)
\r- remove useless check parameter in inflate_blocks_free
\r- avoid useless assignment of s->check to itself in inflate_blocks_new
\r- do not flush twice in gzclose (thanks to Ken Raeburn)
\r- rename FOPEN as F_OPEN to avoid clash with /usr/include/sys/file.h
\r- use NO_ERRNO_H instead of enumeration of operating systems with errno.h
\r- work around buggy fclose on pipes for HP/UX
\r- support zlib DLL with BORLAND C++ 5.0 (thanks to Glenn Randers-Pehrson)
\r- fix configure if CC is already equal to gcc
\r\rChanges in 1.0.5 (3 Jan 98)
\r- Fix inflate to terminate gracefully when fed corrupted or invalid data
\r- Use const for rommable constants in inflate
\r- Eliminate memory leaks on error conditions in inflate
\r- Removed some vestigial code in inflate
\r- Update web address in README
\r \rChanges in 1.0.4 (24 Jul 96)
\r- In very rare conditions, deflate(s, Z_FINISH) could fail to produce an EOF
\r bit, so the decompressor could decompress all the correct data but went
\r on to attempt decompressing extra garbage data. This affected minigzip too.
\r- zlibVersion and gzerror return const char* (needed for DLL)
\r- port to RISCOS (no fdopen, no multiple dots, no unlink, no fileno)
\r- use z_error only for DEBUG (avoid problem with DLLs)
\r\rChanges in 1.0.3 (2 Jul 96)
\r- use z_streamp instead of z_stream *, which is now a far pointer in MSDOS
\r small and medium models; this makes the library incompatible with previous
\r versions for these models. (No effect in large model or on other systems.)
\r- return OK instead of BUF_ERROR if previous deflate call returned with
\r avail_out as zero but there is nothing to do
\r- added memcmp for non STDC compilers
\r- define NO_DUMMY_DECL for more Mac compilers (.h files merged incorrectly)
\r- define __32BIT__ if __386__ or i386 is defined (pb. with Watcom and SCO)
\r- better check for 16-bit mode MSC (avoids problem with Symantec)
\r\rChanges in 1.0.2 (23 May 96)
\r- added Windows DLL support
\r- added a function zlibVersion (for the DLL support)
\r- fixed declarations using Bytef in infutil.c (pb with MSDOS medium model)
\r- Bytef is define's instead of typedef'd only for Borland C
\r- avoid reading uninitialized memory in example.c
\r- mention in README that the zlib format is now RFC1950
\r- updated Makefile.dj2
\r- added algorithm.doc
\r\rChanges in 1.0.1 (20 May 96) [1.0 skipped to avoid confusion]
\r- fix array overlay in deflate.c which sometimes caused bad compressed data
\r- fix inflate bug with empty stored block
\r- fix MSDOS medium model which was broken in 0.99
\r- fix deflateParams() which could generated bad compressed data.
\r- Bytef is define'd instead of typedef'ed (work around Borland bug)
\r- added an INDEX file
\r- new makefiles for DJGPP (Makefile.dj2), 32-bit Borland (Makefile.b32),
\r Watcom (Makefile.wat), Amiga SAS/C (Makefile.sas)
\r- speed up adler32 for modern machines without auto-increment
\r- added -ansi for IRIX in configure
\r- static_init_done in trees.c is an int
\r- define unlink as delete for VMS
\r- fix configure for QNX
\r- add configure branch for SCO and HPUX
\r- avoid many warnings (unused variables, dead assignments, etc...)
\r- no fdopen for BeOS
\r- fix the Watcom fix for 32 bit mode (define FAR as empty)
\r- removed redefinition of Byte for MKWERKS
\r- work around an MWKERKS bug (incorrect merge of all .h files)
\r\rChanges in 0.99 (27 Jan 96)
\r- allow preset dictionary shared between compressor and decompressor
\r- allow compression level 0 (no compression)
\r- add deflateParams in zlib.h: allow dynamic change of compression level
\r and compression strategy.
\r- test large buffers and deflateParams in example.c
\r- add optional "configure" to build zlib as a shared library
\r- suppress Makefile.qnx, use configure instead
\r- fixed deflate for 64-bit systems (detected on Cray)
\r- fixed inflate_blocks for 64-bit systems (detected on Alpha)
\r- declare Z_DEFLATED in zlib.h (possible parameter for deflateInit2)
\r- always return Z_BUF_ERROR when deflate() has nothing to do
\r- deflateInit and inflateInit are now macros to allow version checking
\r- prefix all global functions and types with z_ with -DZ_PREFIX
\r- make falloc completely reentrant (inftrees.c)
\r- fixed very unlikely race condition in ct_static_init
\r- free in reverse order of allocation to help memory manager
\r- use zlib-1.0/* instead of zlib/* inside the tar.gz
\r- make zlib warning-free with "gcc -O3 -Wall -Wwrite-strings -Wpointer-arith
\r -Wconversion -Wstrict-prototypes -Wmissing-prototypes"
\r- allow gzread on concatenated .gz files
\r- deflateEnd now returns Z_DATA_ERROR if it was premature
\r- deflate is finally (?) fully deterministic (no matches beyond end of input)
\r- Document Z_SYNC_FLUSH
\r- add uninstall in Makefile
\r- Check for __cpluplus in zlib.h
\r- Better test in ct_align for partial flush
\r- avoid harmless warnings for Borland C++
\r- initialize hash_head in deflate.c
\r- avoid warning on fdopen (gzio.c) for HP cc -Aa
\r- include stdlib.h for STDC compilers
\r- include errno.h for Cray
\r- ignore error if ranlib doesn't exist
\r- call ranlib twice for NeXTSTEP
\r- use exec_prefix instead of prefix for libz.a
\r- renamed ct_* as _tr_* to avoid conflict with applications
\r- clear z->msg in inflateInit2 before any error return
\r- initialize opaque in example.c, gzio.c, deflate.c and inflate.c
\r- fixed typo in zconf.h (_GNUC__ => __GNUC__)
\r- check for WIN32 in zconf.h and zutil.c (avoid farmalloc in 32-bit mode)
\r- fix typo in Make_vms.com (f$trnlnm -> f$getsyi)
\r- in fcalloc, normalize pointer if size > 65520 bytes
\r- don't use special fcalloc for 32 bit Borland C++
\r- use STDC instead of __GO32__ to avoid redeclaring exit, calloc, etc...
\r- use Z_BINARY instead of BINARY
\r- document that gzclose after gzdopen will close the file
\r- allow "a" as mode in gzopen.
\r- fix error checking in gzread
\r- allow skipping .gz extra-field on pipes
\r- added reference to Perl interface in README
\r- put the crc table in FAR data (I dislike more and more the medium model :)
\r- added get_crc_table
\r- added a dimension to all arrays (Borland C can't count).
\r- workaround Borland C bug in declaration of inflate_codes_new & inflate_fast
\r- guard against multiple inclusion of *.h (for precompiled header on Mac)
\r- Watcom C pretends to be Microsoft C small model even in 32 bit mode.
\r- don't use unsized arrays to avoid silly warnings by Visual C++:
\r warning C4746: 'inflate_mask' : unsized array treated as '__far'
\r (what's wrong with far data in far model?).
\r- define enum out of inflate_blocks_state to allow compilation with C++
\r\rChanges in 0.95 (16 Aug 95)
\r- fix MSDOS small and medium model (now easier to adapt to any compiler)
\r- inlined send_bits
\r- fix the final (:-) bug for deflate with flush (output was correct but
\r not completely flushed in rare occasions).
\r- default window size is same for compression and decompression
\r (it's now sufficient to set MAX_WBITS in zconf.h).
\r- voidp -> voidpf and voidnp -> voidp (for consistency with other
\r typedefs and because voidnp was not near in large model).
\r\rChanges in 0.94 (13 Aug 95)
\r- support MSDOS medium model
\r- fix deflate with flush (could sometimes generate bad output)
\r- fix deflateReset (zlib header was incorrectly suppressed)
\r- added support for VMS
\r- allow a compression level in gzopen()
\r- gzflush now calls fflush
\r- For deflate with flush, flush even if no more input is provided.
\r- rename libgz.a as libz.a
\r- avoid complex expression in infcodes.c triggering Turbo C bug
\r- work around a problem with gcc on Alpha (in INSERT_STRING)
\r- don't use inline functions (problem with some gcc versions)
\r- allow renaming of Byte, uInt, etc... with #define.
\r- avoid warning about (unused) pointer before start of array in deflate.c
\r- avoid various warnings in gzio.c, example.c, infblock.c, adler32.c, zutil.c
\r- avoid reserved word 'new' in trees.c
\r\rChanges in 0.93 (25 June 95)
\r- temporarily disable inline functions
\r- make deflate deterministic
\r- give enough lookahead for PARTIAL_FLUSH
\r- Set binary mode for stdin/stdout in minigzip.c for OS/2
\r- don't even use signed char in inflate (not portable enough)
\r- fix inflate memory leak for segmented architectures
\r\rChanges in 0.92 (3 May 95)
\r- don't assume that char is signed (problem on SGI)
\r- Clear bit buffer when starting a stored block
\r- no memcpy on Pyramid
\r- suppressed inftest.c
\r- optimized fill_window, put longest_match inline for gcc
\r- optimized inflate on stored blocks.
\r- untabify all sources to simplify patches
\r\rChanges in 0.91 (2 May 95)
\r- Default MEM_LEVEL is 8 (not 9 for Unix) as documented in zlib.h
\r- Document the memory requirements in zconf.h
\r- added "make install"
\r- fix sync search logic in inflateSync
\r- deflate(Z_FULL_FLUSH) now works even if output buffer too short
\r- after inflateSync, don't scare people with just "lo world"
\r- added support for DJGPP
\r\rChanges in 0.9 (1 May 95)
\r- don't assume that zalloc clears the allocated memory (the TurboC bug
\r was Mark's bug after all :)
\r- let again gzread copy uncompressed data unchanged (was working in 0.71)
\r- deflate(Z_FULL_FLUSH), inflateReset and inflateSync are now fully implemented
\r- added a test of inflateSync in example.c
\r- moved MAX_WBITS to zconf.h because users might want to change that.
\r- document explicitly that zalloc(64K) on MSDOS must return a normalized
\r pointer (zero offset)
\r- added Makefiles for Microsoft C, Turbo C, Borland C++
\r- faster crc32()
\r\rChanges in 0.8 (29 April 95)
\r- added fast inflate (inffast.c)
\r- deflate(Z_FINISH) now returns Z_STREAM_END when done. Warning: this
\r is incompatible with previous versions of zlib which returned Z_OK.
\r- work around a TurboC compiler bug (bad code for b << 0, see infutil.h)
\r (actually that was not a compiler bug, see 0.81 above)
\r- gzread no longer reads one extra byte in certain cases
\r- In gzio destroy(), don't reference a freed structure
\r- avoid many warnings for MSDOS
\r- avoid the ERROR symbol which is used by MS Windows
\r\rChanges in 0.71 (14 April 95)
\r- Fixed more MSDOS compilation problems :( There is still a bug with
\r TurboC large model.
\r\rChanges in 0.7 (14 April 95)
\r- Added full inflate support.
\r- Simplified the crc32() interface. The pre- and post-conditioning
\r (one's complement) is now done inside crc32(). WARNING: this is
\r incompatible with previous versions; see zlib.h for the new usage.
\r\rChanges in 0.61 (12 April 95)
\r- workaround for a bug in TurboC. example and minigzip now work on MSDOS.
\r\rChanges in 0.6 (11 April 95)
\r- added minigzip.c
\r- added gzdopen to reopen a file descriptor as gzFile
\r- added transparent reading of non-gziped files in gzread.
\r- fixed bug in gzread (don't read crc as data)
\r- fixed bug in destroy (gzio.c) (don't return Z_STREAM_END for gzclose).
\r- don't allocate big arrays in the stack (for MSDOS)
\r- fix some MSDOS compilation problems
\r\rChanges in 0.5:
\r- do real compression in deflate.c. Z_PARTIAL_FLUSH is supported but
\r not yet Z_FULL_FLUSH.
\r- support decompression but only in a single step (forced Z_FINISH)
\r- added opaque object for zalloc and zfree.
\r- added deflateReset and inflateReset
\r- added a variable zlib_version for consistency checking.
\r- renamed the 'filter' parameter of deflateInit2 as 'strategy'.
\r Added Z_FILTERED and Z_HUFFMAN_ONLY constants.
\r\rChanges in 0.4:
\r- avoid "zip" everywhere, use zlib instead of ziplib.
\r- suppress Z_BLOCK_FLUSH, interpret Z_PARTIAL_FLUSH as block flush
\r if compression method == 8.
\r- added adler32 and crc32
\r- renamed deflateOptions as deflateInit2, call one or the other but not both
\r- added the method parameter for deflateInit2.
\r- added inflateInit2
\r- simplied considerably deflateInit and inflateInit by not supporting
\r user-provided history buffer. This is supported only in deflateInit2
\r and inflateInit2.
\r\rChanges in 0.3:
\r- prefix all macro names with Z_
\r- use Z_FINISH instead of deflateEnd to finish compression.
\r- added Z_HUFFMAN_ONLY
\r- added gzerror()
\r\ No newline at end of file
+++ /dev/null
-zlib 1.1.3 is a general purpose data compression library. All the code
\ris thread safe. The data format used by the zlib library
\ris described by RFCs (Request for Comments) 1950 to 1952 in the files
\rftp://ds.internic.net/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate
\rformat) and rfc1952.txt (gzip format). These documents are also available in
\rother formats from ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html
\r\rAll functions of the compression library are documented in the file zlib.h
\r(volunteer to write man pages welcome, contact jloup@gzip.org). A usage
\rexample of the library is given in the file example.c which also tests that
\rthe library is working correctly. Another example is given in the file
\rminigzip.c. The compression library itself is composed of all source files
\rexcept example.c and minigzip.c.
\r\rTo compile all files and run the test program, follow the instructions
\rgiven at the top of Makefile. In short "make test; make install"
\rshould work for most machines. For Unix: "configure; make test; make install"
\rFor MSDOS, use one of the special makefiles such as Makefile.msc.
\rFor VMS, use Make_vms.com or descrip.mms.
\r\rQuestions about zlib should be sent to <zlib@quest.jpl.nasa.gov>, or to
\rGilles Vollant <info@winimage.com> for the Windows DLL version.
\rThe zlib home page is http://www.cdrom.com/pub/infozip/zlib/
\rThe official zlib ftp site is ftp://ftp.cdrom.com/pub/infozip/zlib/
\rBefore reporting a problem, please check those sites to verify that
\ryou have the latest version of zlib; otherwise get the latest version and
\rcheck whether the problem still exists or not.
\r\rMark Nelson <markn@tiny.com> wrote an article about zlib for the Jan. 1997
\rissue of Dr. Dobb's Journal; a copy of the article is available in
\rhttp://web2.airmail.net/markn/articles/zlibtool/zlibtool.htm
\r\rThe changes made in version 1.1.3 are documented in the file ChangeLog.
\rThe main changes since 1.1.2 are:
\r\r- fix "an inflate input buffer bug that shows up on rare but persistent
\r occasions" (Mark)
\r- fix gzread and gztell for concatenated .gz files (Didier Le Botlan)
\r- fix gzseek(..., SEEK_SET) in write mode
\r- fix crc check after a gzeek (Frank Faubert)
\r- fix miniunzip when the last entry in a zip file is itself a zip file
\r (J Lillge)
\r- add contrib/asm586 and contrib/asm686 (Brian Raiter)
\r See http://www.muppetlabs.com/~breadbox/software/assembly.html
\r- add support for Delphi 3 in contrib/delphi (Bob Dellaca)
\r- add support for C++Builder 3 and Delphi 3 in contrib/delphi2 (Davide Moretti)
\r- do not exit prematurely in untgz if 0 at start of block (Magnus Holmgren)
\r- use macro EXTERN instead of extern to support DLL for BeOS (Sander Stoks)
\r- added a FAQ file
\r\rplus many changes for portability.
\r\rUnsupported third party contributions are provided in directory "contrib".
\r\rA Java implementation of zlib is available in the Java Development Kit 1.1
\rhttp://www.javasoft.com/products/JDK/1.1/docs/api/Package-java.util.zip.html
\rSee the zlib home page http://www.cdrom.com/pub/infozip/zlib/ for details.
\r\rA Perl interface to zlib written by Paul Marquess <pmarquess@bfsec.bt.co.uk>
\ris in the CPAN (Comprehensive Perl Archive Network) sites, such as:
\rftp://ftp.cis.ufl.edu/pub/perl/CPAN/modules/by-module/Compress/Compress-Zlib*
\r\rA Python interface to zlib written by A.M. Kuchling <amk@magnet.com>
\ris available in Python 1.5 and later versions, see
\rhttp://www.python.org/doc/lib/module-zlib.html
\r\rA zlib binding for TCL written by Andreas Kupries <a.kupries@westend.com>
\ris availlable at http://www.westend.com/~kupries/doc/trf/man/man.html
\r\rAn experimental package to read and write files in .zip format,
\rwritten on top of zlib by Gilles Vollant <info@winimage.com>, is
\ravailable at http://www.winimage.com/zLibDll/unzip.html
\rand also in the contrib/minizip directory of zlib.
\r\r\rNotes for some targets:
\r\r- To build a Windows DLL version, include in a DLL project zlib.def, zlib.rc
\r and all .c files except example.c and minigzip.c; compile with -DZLIB_DLL
\r The zlib DLL support was initially done by Alessandro Iacopetti and is
\r now maintained by Gilles Vollant <info@winimage.com>. Check the zlib DLL
\r home page at http://www.winimage.com/zLibDll
\r\r From Visual Basic, you can call the DLL functions which do not take
\r a structure as argument: compress, uncompress and all gz* functions.
\r See contrib/visual-basic.txt for more information, or get
\r http://www.tcfb.com/dowseware/cmp-z-it.zip
\r\r- For 64-bit Irix, deflate.c must be compiled without any optimization.
\r With -O, one libpng test fails. The test works in 32 bit mode (with
\r the -n32 compiler flag). The compiler bug has been reported to SGI.
\r\r- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1
\r it works when compiled with cc.
\r\r- on Digital Unix 4.0D (formely OSF/1) on AlphaServer, the cc option -std1
\r is necessary to get gzprintf working correctly. This is done by configure.
\r\r- zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works
\r with other compilers. Use "make test" to check your compiler.
\r\r- gzdopen is not supported on RISCOS, BEOS and by some Mac compilers.
\r\r- For Turbo C the small model is supported only with reduced performance to
\r avoid any far allocation; it was tested with -DMAX_WBITS=11 -DMAX_MEM_LEVEL=3
\r\r- For PalmOs, see http://www.cs.uit.no/~perm/PASTA/pilot/software.html
\r Per Harald Myrvang <perm@stud.cs.uit.no>
\r\r\rAcknowledgments:
\r\r The deflate format used by zlib was defined by Phil Katz. The deflate
\r and zlib specifications were written by L. Peter Deutsch. Thanks to all the
\r people who reported problems and suggested various improvements in zlib;
\r they are too numerous to cite here.
\r\rCopyright notice:
\r\r (C) 1995-1998 Jean-loup Gailly and Mark Adler
\r\r This software is provided 'as-is', without any express or implied
\r warranty. In no event will the authors be held liable for any damages
\r arising from the use of this software.
\r\r Permission is granted to anyone to use this software for any purpose,
\r including commercial applications, and to alter it and redistribute it
\r freely, subject to the following restrictions:
\r\r 1. The origin of this software must not be misrepresented; you must not
\r claim that you wrote the original software. If you use this software
\r in a product, an acknowledgment in the product documentation would be
\r appreciated but is not required.
\r 2. Altered source versions must be plainly marked as such, and must not be
\r misrepresented as being the original software.
\r 3. This notice may not be removed or altered from any source distribution.
\r\r Jean-loup Gailly Mark Adler
\r jloup@gzip.org madler@alumni.caltech.edu
\r\rIf you use the zlib library in a product, we would appreciate *not*
\rreceiving lengthy legal documents to sign. The sources are provided
\rfor free but without warranty of any kind. The library has been
\rentirely written by Jean-loup Gailly and Mark Adler; it does not
\rinclude third-party code.
\r\rIf you redistribute modified sources, we would appreciate that you include
\rin the file ChangeLog history information documenting your changes.
\r\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* adler32.c -- compute the Adler-32 checksum of a data stream
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* @(#) $Id: adler32.c,v 1.1.1.1 2001/05/18 23:14:03 mb Exp $ */
-
-#include "zlib.h"
-
-#define BASE 65521L /* largest prime smaller than 65536 */
-#define NMAX 5552
-/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */
-
-#define DO1(buf,i) {s1 += buf[i]; s2 += s1;}
-#define DO2(buf,i) DO1(buf,i); DO1(buf,i+1);
-#define DO4(buf,i) DO2(buf,i); DO2(buf,i+2);
-#define DO8(buf,i) DO4(buf,i); DO4(buf,i+4);
-#define DO16(buf) DO8(buf,0); DO8(buf,8);
-
-/* ========================================================================= */
-uLong ZEXPORT adler32(adler, buf, len)
- uLong adler;
- const Bytef *buf;
- uInt len;
-{
- unsigned long s1 = adler & 0xffff;
- unsigned long s2 = (adler >> 16) & 0xffff;
- int k;
-
- if (buf == Z_NULL) return 1L;
-
- while (len > 0) {
- k = len < NMAX ? len : NMAX;
- len -= k;
- while (k >= 16) {
- DO16(buf);
- buf += 16;
- k -= 16;
- }
- if (k != 0) do {
- s1 += *buf++;
- s2 += s1;
- } while (--k);
- s1 %= BASE;
- s2 %= BASE;
- }
- return (s2 << 16) | s1;
-}
+++ /dev/null
-1. Compression algorithm (deflate)\r\rThe deflation algorithm used by gzip (also zip and zlib) is a variation of\rLZ77 (Lempel-Ziv 1977, see reference below). It finds duplicated strings in\rthe input data. The second occurrence of a string is replaced by a\rpointer to the previous string, in the form of a pair (distance,\rlength). Distances are limited to 32K bytes, and lengths are limited\rto 258 bytes. When a string does not occur anywhere in the previous\r32K bytes, it is emitted as a sequence of literal bytes. (In this\rdescription, `string' must be taken as an arbitrary sequence of bytes,\rand is not restricted to printable characters.)\r\rLiterals or match lengths are compressed with one Huffman tree, and\rmatch distances are compressed with another tree. The trees are stored\rin a compact form at the start of each block. The blocks can have any\rsize (except that the compressed data for one block must fit in\ravailable memory). A block is terminated when deflate() determines that\rit would be useful to start another block with fresh trees. (This is\rsomewhat similar to the behavior of LZW-based _compress_.)\r\rDuplicated strings are found using a hash table. All input strings of\rlength 3 are inserted in the hash table. A hash index is computed for\rthe next 3 bytes. If the hash chain for this index is not empty, all\rstrings in the chain are compared with the current input string, and\rthe longest match is selected.\r\rThe hash chains are searched starting with the most recent strings, to\rfavor small distances and thus take advantage of the Huffman encoding.\rThe hash chains are singly linked. There are no deletions from the\rhash chains, the algorithm simply discards matches that are too old.\r\rTo avoid a worst-case situation, very long hash chains are arbitrarily\rtruncated at a certain length, determined by a runtime option (level\rparameter of deflateInit). So deflate() does not always find the longest\rpossible match but generally finds a match which is long enough.\r\rdeflate() also defers the selection of matches with a lazy evaluation\rmechanism. After a match of length N has been found, deflate() searches for\ra longer match at the next input byte. If a longer match is found, the\rprevious match is truncated to a length of one (thus producing a single\rliteral byte) and the process of lazy evaluation begins again. Otherwise,\rthe original match is kept, and the next match search is attempted only N\rsteps later.\r\rThe lazy match evaluation is also subject to a runtime parameter. If\rthe current match is long enough, deflate() reduces the search for a longer\rmatch, thus speeding up the whole process. If compression ratio is more\rimportant than speed, deflate() attempts a complete second search even if\rthe first match is already long enough.\r\rThe lazy match evaluation is not performed for the fastest compression\rmodes (level parameter 1 to 3). For these fast modes, new strings\rare inserted in the hash table only when no match was found, or\rwhen the match is not too long. This degrades the compression ratio\rbut saves time since there are both fewer insertions and fewer searches.\r\r\r2. Decompression algorithm (inflate)\r\r2.1 Introduction\r\rThe real question is, given a Huffman tree, how to decode fast. The most\rimportant realization is that shorter codes are much more common than\rlonger codes, so pay attention to decoding the short codes fast, and let\rthe long codes take longer to decode.\r\rinflate() sets up a first level table that covers some number of bits of\rinput less than the length of longest code. It gets that many bits from the\rstream, and looks it up in the table. The table will tell if the next\rcode is that many bits or less and how many, and if it is, it will tell\rthe value, else it will point to the next level table for which inflate()\rgrabs more bits and tries to decode a longer code.\r\rHow many bits to make the first lookup is a tradeoff between the time it\rtakes to decode and the time it takes to build the table. If building the\rtable took no time (and if you had infinite memory), then there would only\rbe a first level table to cover all the way to the longest code. However,\rbuilding the table ends up taking a lot longer for more bits since short\rcodes are replicated many times in such a table. What inflate() does is\rsimply to make the number of bits in the first table a variable, and set it\rfor the maximum speed.\r\rinflate() sends new trees relatively often, so it is possibly set for a\rsmaller first level table than an application that has only one tree for\rall the data. For inflate, which has 286 possible codes for the\rliteral/length tree, the size of the first table is nine bits. Also the\rdistance trees have 30 possible values, and the size of the first table is\rsix bits. Note that for each of those cases, the table ended up one bit\rlonger than the ``average'' code length, i.e. the code length of an\rapproximately flat code which would be a little more than eight bits for\r286 symbols and a little less than five bits for 30 symbols. It would be\rinteresting to see if optimizing the first level table for other\rapplications gave values within a bit or two of the flat code size.\r\r\r2.2 More details on the inflate table lookup\r\rOk, you want to know what this cleverly obfuscated inflate tree actually \rlooks like. You are correct that it's not a Huffman tree. It is simply a \rlookup table for the first, let's say, nine bits of a Huffman symbol. The \rsymbol could be as short as one bit or as long as 15 bits. If a particular \rsymbol is shorter than nine bits, then that symbol's translation is duplicated\rin all those entries that start with that symbol's bits. For example, if the \rsymbol is four bits, then it's duplicated 32 times in a nine-bit table. If a \rsymbol is nine bits long, it appears in the table once.\r\rIf the symbol is longer than nine bits, then that entry in the table points \rto another similar table for the remaining bits. Again, there are duplicated \rentries as needed. The idea is that most of the time the symbol will be short\rand there will only be one table look up. (That's whole idea behind data \rcompression in the first place.) For the less frequent long symbols, there \rwill be two lookups. If you had a compression method with really long \rsymbols, you could have as many levels of lookups as is efficient. For \rinflate, two is enough.\r\rSo a table entry either points to another table (in which case nine bits in \rthe above example are gobbled), or it contains the translation for the symbol \rand the number of bits to gobble. Then you start again with the next \rungobbled bit.\r\rYou may wonder: why not just have one lookup table for how ever many bits the \rlongest symbol is? The reason is that if you do that, you end up spending \rmore time filling in duplicate symbol entries than you do actually decoding. \rAt least for deflate's output that generates new trees every several 10's of \rkbytes. You can imagine that filling in a 2^15 entry table for a 15-bit code \rwould take too long if you're only decoding several thousand symbols. At the \rother extreme, you could make a new table for every bit in the code. In fact,\rthat's essentially a Huffman tree. But then you spend two much time \rtraversing the tree while decoding, even for short symbols.\r\rSo the number of bits for the first lookup table is a trade of the time to \rfill out the table vs. the time spent looking at the second level and above of\rthe table.\r\rHere is an example, scaled down:\r\rThe code being decoded, with 10 symbols, from 1 to 6 bits long:\r\rA: 0\rB: 10\rC: 1100\rD: 11010\rE: 11011\rF: 11100\rG: 11101\rH: 11110\rI: 111110\rJ: 111111\r\rLet's make the first table three bits long (eight entries):\r\r000: A,1\r001: A,1\r010: A,1\r011: A,1\r100: B,2\r101: B,2\r110: -> table X (gobble 3 bits)\r111: -> table Y (gobble 3 bits)\r\rEach entry is what the bits decode to and how many bits that is, i.e. how \rmany bits to gobble. Or the entry points to another table, with the number of\rbits to gobble implicit in the size of the table.\r\rTable X is two bits long since the longest code starting with 110 is five bits\rlong:\r\r00: C,1\r01: C,1\r10: D,2\r11: E,2\r\rTable Y is three bits long since the longest code starting with 111 is six \rbits long:\r\r000: F,2\r001: F,2\r010: G,2\r011: G,2\r100: H,2\r101: H,2\r110: I,3\r111: J,3\r\rSo what we have here are three tables with a total of 20 entries that had to \rbe constructed. That's compared to 64 entries for a single table. Or \rcompared to 16 entries for a Huffman tree (six two entry tables and one four \rentry table). Assuming that the code ideally represents the probability of \rthe symbols, it takes on the average 1.25 lookups per symbol. That's compared\rto one lookup for the single table, or 1.66 lookups per symbol for the \rHuffman tree.\r\rThere, I think that gives you a picture of what's going on. For inflate, the \rmeaning of a particular symbol is often more than just a letter. It can be a \rbyte (a "literal"), or it can be either a length or a distance which \rindicates a base value and a number of bits to fetch after the code that is \radded to the base value. Or it might be the special end-of-block code. The \rdata structures created in inftrees.c try to encode all that information \rcompactly in the tables.\r\r\rJean-loup Gailly Mark Adler\rjloup@gzip.org madler@alumni.caltech.edu\r\r\rReferences:\r\r[LZ77] Ziv J., Lempel A., ``A Universal Algorithm for Sequential Data\rCompression,'' IEEE Transactions on Information Theory, Vol. 23, No. 3,\rpp. 337-343.\r\r``DEFLATE Compressed Data Format Specification'' available in\rftp://ds.internic.net/rfc/rfc1951.txt\r
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* compress.c -- compress a memory buffer
- * Copyright (C) 1995-1998 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* @(#) $Id: compress.c,v 1.1.1.1 2001/05/18 23:14:03 mb Exp $ */
-
-#include "zlib.h"
-
-/* ===========================================================================
- Compresses the source buffer into the destination buffer. The level
- parameter has the same meaning as in deflateInit. sourceLen is the byte
- length of the source buffer. Upon entry, destLen is the total size of the
- destination buffer, which must be at least 0.1% larger than sourceLen plus
- 12 bytes. Upon exit, destLen is the actual size of the compressed buffer.
-
- compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
- memory, Z_BUF_ERROR if there was not enough room in the output buffer,
- Z_STREAM_ERROR if the level parameter is invalid.
-*/
-int ZEXPORT compress2 (dest, destLen, source, sourceLen, level)
- Bytef *dest;
- uLongf *destLen;
- const Bytef *source;
- uLong sourceLen;
- int level;
-{
- z_stream stream;
- int err;
-
- stream.next_in = (Bytef*)source;
- stream.avail_in = (uInt)sourceLen;
-#ifdef MAXSEG_64K
- /* Check for source > 64K on 16-bit machine: */
- if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;
-#endif
- stream.next_out = dest;
- stream.avail_out = (uInt)*destLen;
- if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
-
- stream.zalloc = (alloc_func)0;
- stream.zfree = (free_func)0;
- stream.opaque = (voidpf)0;
-
- err = deflateInit(&stream, level);
- if (err != Z_OK) return err;
-
- err = deflate(&stream, Z_FINISH);
- if (err != Z_STREAM_END) {
- deflateEnd(&stream);
- return err == Z_OK ? Z_BUF_ERROR : err;
- }
- *destLen = stream.total_out;
-
- err = deflateEnd(&stream);
- return err;
-}
-
-/* ===========================================================================
- */
-int ZEXPORT compress (dest, destLen, source, sourceLen)
- Bytef *dest;
- uLongf *destLen;
- const Bytef *source;
- uLong sourceLen;
-{
- return compress2(dest, destLen, source, sourceLen, Z_DEFAULT_COMPRESSION);
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* crc32.c -- compute the CRC-32 of a data stream
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* @(#) $Id: crc32.c,v 1.1.1.1 2001/05/18 23:14:03 mb Exp $ */
-
-#include "zlib.h"
-
-#define local static
-
-#ifdef DYNAMIC_CRC_TABLE
-
-local int crc_table_empty = 1;
-local uLongf crc_table[256];
-local void make_crc_table OF((void));
-
-/*
- Generate a table for a byte-wise 32-bit CRC calculation on the polynomial:
- x^32+x^26+x^23+x^22+x^16+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1.
-
- Polynomials over GF(2) are represented in binary, one bit per coefficient,
- with the lowest powers in the most significant bit. Then adding polynomials
- is just exclusive-or, and multiplying a polynomial by x is a right shift by
- one. If we call the above polynomial p, and represent a byte as the
- polynomial q, also with the lowest power in the most significant bit (so the
- byte 0xb1 is the polynomial x^7+x^3+x+1), then the CRC is (q*x^32) mod p,
- where a mod b means the remainder after dividing a by b.
-
- This calculation is done using the shift-register method of multiplying and
- taking the remainder. The register is initialized to zero, and for each
- incoming bit, x^32 is added mod p to the register if the bit is a one (where
- x^32 mod p is p+x^32 = x^26+...+1), and the register is multiplied mod p by
- x (which is shifting right by one and adding x^32 mod p if the bit shifted
- out is a one). We start with the highest power (least significant bit) of
- q and repeat for all eight bits of q.
-
- The table is simply the CRC of all possible eight bit values. This is all
- the information needed to generate CRC's on data a byte at a time for all
- combinations of CRC register values and incoming bytes.
-*/
-local void make_crc_table()
-{
- uLong c;
- int n, k;
- uLong poly; /* polynomial exclusive-or pattern */
- /* terms of polynomial defining this crc (except x^32): */
- static const Byte p[] = {0,1,2,4,5,7,8,10,11,12,16,22,23,26};
-
- /* make exclusive-or pattern from polynomial (0xedb88320L) */
- poly = 0L;
- for (n = 0; n < sizeof(p)/sizeof(Byte); n++)
- poly |= 1L << (31 - p[n]);
-
- for (n = 0; n < 256; n++)
- {
- c = (uLong)n;
- for (k = 0; k < 8; k++)
- c = c & 1 ? poly ^ (c >> 1) : c >> 1;
- crc_table[n] = c;
- }
- crc_table_empty = 0;
-}
-#else
-/* ========================================================================
- * Table of CRC-32's of all single-byte values (made by make_crc_table)
- */
-local const uLongf crc_table[256] = {
- 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
- 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
- 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
- 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
- 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
- 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
- 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
- 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
- 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
- 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
- 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
- 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
- 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
- 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
- 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
- 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
- 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
- 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
- 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
- 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
- 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
- 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
- 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
- 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
- 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
- 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
- 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
- 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
- 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
- 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
- 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
- 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
- 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
- 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
- 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
- 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
- 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
- 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
- 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
- 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
- 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
- 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
- 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
- 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
- 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
- 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
- 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
- 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
- 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
- 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
- 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
- 0x2d02ef8dL
-};
-#endif
-
-/* =========================================================================
- * This function can be used by asm versions of crc32()
- */
-const uLongf * ZEXPORT get_crc_table()
-{
-#ifdef DYNAMIC_CRC_TABLE
- if (crc_table_empty) make_crc_table();
-#endif
- return (const uLongf *)crc_table;
-}
-
-/* ========================================================================= */
-#define DO1(buf) crc = crc_table[((int)crc ^ (*buf++)) & 0xff] ^ (crc >> 8);
-#define DO2(buf) DO1(buf); DO1(buf);
-#define DO4(buf) DO2(buf); DO2(buf);
-#define DO8(buf) DO4(buf); DO4(buf);
-
-/* ========================================================================= */
-uLong ZEXPORT crc32(crc, buf, len)
- uLong crc;
- const Bytef *buf;
- uInt len;
-{
- if (buf == Z_NULL) return 0L;
-#ifdef DYNAMIC_CRC_TABLE
- if (crc_table_empty)
- make_crc_table();
-#endif
- crc = crc ^ 0xffffffffL;
- while (len >= 8)
- {
- DO8(buf);
- len -= 8;
- }
- if (len) do {
- DO1(buf);
- } while (--len);
- return crc ^ 0xffffffffL;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* deflate.c -- compress data using the deflation algorithm
- * Copyright (C) 1995-1998 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/*
- * ALGORITHM
- *
- * The "deflation" process depends on being able to identify portions
- * of the input text which are identical to earlier input (within a
- * sliding window trailing behind the input currently being processed).
- *
- * The most straightforward technique turns out to be the fastest for
- * most input files: try all possible matches and select the longest.
- * The key feature of this algorithm is that insertions into the string
- * dictionary are very simple and thus fast, and deletions are avoided
- * completely. Insertions are performed at each input character, whereas
- * string matches are performed only when the previous match ends. So it
- * is preferable to spend more time in matches to allow very fast string
- * insertions and avoid deletions. The matching algorithm for small
- * strings is inspired from that of Rabin & Karp. A brute force approach
- * is used to find longer strings when a small match has been found.
- * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze
- * (by Leonid Broukhis).
- * A previous version of this file used a more sophisticated algorithm
- * (by Fiala and Greene) which is guaranteed to run in linear amortized
- * time, but has a larger average cost, uses more memory and is patented.
- * However the F&G algorithm may be faster for some highly redundant
- * files if the parameter max_chain_length (described below) is too large.
- *
- * ACKNOWLEDGEMENTS
- *
- * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and
- * I found it in 'freeze' written by Leonid Broukhis.
- * Thanks to many people for bug reports and testing.
- *
- * REFERENCES
- *
- * Deutsch, L.P.,"DEFLATE Compressed Data Format Specification".
- * Available in ftp://ds.internic.net/rfc/rfc1951.txt
- *
- * A description of the Rabin and Karp algorithm is given in the book
- * "Algorithms" by R. Sedgewick, Addison-Wesley, p252.
- *
- * Fiala,E.R., and Greene,D.H.
- * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595
- *
- */
-
-/* @(#) $Id: deflate.c,v 1.1.1.1 2001/05/18 23:14:03 mb Exp $ */
-
-#include "deflate.h"
-
-const char deflate_copyright[] =
- " deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly ";
-/*
- If you use the zlib library in a product, an acknowledgment is welcome
- in the documentation of your product. If for some reason you cannot
- include such an acknowledgment, I would appreciate that you keep this
- copyright string in the executable of your product.
- */
-
-/* ===========================================================================
- * Function prototypes.
- */
-typedef enum {
- need_more, /* block not completed, need more input or more output */
- block_done, /* block flush performed */
- finish_started, /* finish started, need only more output at next deflate */
- finish_done /* finish done, accept no more input or output */
-} block_state;
-
-typedef block_state (*compress_func) OF((deflate_state *s, int flush));
-/* Compression function. Returns the block state after the call. */
-
-local void fill_window OF((deflate_state *s));
-local block_state deflate_stored OF((deflate_state *s, int flush));
-local block_state deflate_fast OF((deflate_state *s, int flush));
-local block_state deflate_slow OF((deflate_state *s, int flush));
-local void lm_init OF((deflate_state *s));
-local void putShortMSB OF((deflate_state *s, uInt b));
-local void flush_pending OF((z_streamp strm));
-local int read_buf OF((z_streamp strm, Bytef *buf, unsigned size));
-#ifdef ASMV
- void match_init OF((void)); /* asm code initialization */
- uInt longest_match OF((deflate_state *s, IPos cur_match));
-#else
-local uInt longest_match OF((deflate_state *s, IPos cur_match));
-#endif
-
-#ifdef DEBUG
-local void check_match OF((deflate_state *s, IPos start, IPos match,
- int length));
-#endif
-
-/* ===========================================================================
- * Local data
- */
-
-#define NIL 0
-/* Tail of hash chains */
-
-#ifndef TOO_FAR
-# define TOO_FAR 4096
-#endif
-/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */
-
-#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
-/* Minimum amount of lookahead, except at the end of the input file.
- * See deflate.c for comments about the MIN_MATCH+1.
- */
-
-/* Values for max_lazy_match, good_match and max_chain_length, depending on
- * the desired pack level (0..9). The values given below have been tuned to
- * exclude worst case performance for pathological files. Better values may be
- * found for specific files.
- */
-typedef struct config_s {
- ush good_length; /* reduce lazy search above this match length */
- ush max_lazy; /* do not perform lazy search above this match length */
- ush nice_length; /* quit search above this match length */
- ush max_chain;
- compress_func func;
-} config;
-
-local const config configuration_table[10] = {
-/* good lazy nice chain */
-/* 0 */ {0, 0, 0, 0, deflate_stored}, /* store only */
-/* 1 */ {4, 4, 8, 4, deflate_fast}, /* maximum speed, no lazy matches */
-/* 2 */ {4, 5, 16, 8, deflate_fast},
-/* 3 */ {4, 6, 32, 32, deflate_fast},
-
-/* 4 */ {4, 4, 16, 16, deflate_slow}, /* lazy matches */
-/* 5 */ {8, 16, 32, 32, deflate_slow},
-/* 6 */ {8, 16, 128, 128, deflate_slow},
-/* 7 */ {8, 32, 128, 256, deflate_slow},
-/* 8 */ {32, 128, 258, 1024, deflate_slow},
-/* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* maximum compression */
-
-/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4
- * For deflate_fast() (levels <= 3) good is ignored and lazy has a different
- * meaning.
- */
-
-#define EQUAL 0
-/* result of memcmp for equal strings */
-
-struct static_tree_desc_s {int dummy;}; /* for buggy compilers */
-
-/* ===========================================================================
- * Update a hash value with the given input byte
- * IN assertion: all calls to to UPDATE_HASH are made with consecutive
- * input characters, so that a running hash key can be computed from the
- * previous key instead of complete recalculation each time.
- */
-#define UPDATE_HASH(s,h,c) (h = (((h)<<s->hash_shift) ^ (c)) & s->hash_mask)
-
-
-/* ===========================================================================
- * Insert string str in the dictionary and set match_head to the previous head
- * of the hash chain (the most recent string with same hash key). Return
- * the previous length of the hash chain.
- * If this file is compiled with -DFASTEST, the compression level is forced
- * to 1, and no hash chains are maintained.
- * IN assertion: all calls to to INSERT_STRING are made with consecutive
- * input characters and the first MIN_MATCH bytes of str are valid
- * (except for the last MIN_MATCH-1 bytes of the input file).
- */
-#ifdef FASTEST
-#define INSERT_STRING(s, str, match_head) \
- (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
- match_head = s->head[s->ins_h], \
- s->head[s->ins_h] = (Pos)(str))
-#else
-#define INSERT_STRING(s, str, match_head) \
- (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
- s->prev[(str) & s->w_mask] = match_head = s->head[s->ins_h], \
- s->head[s->ins_h] = (Pos)(str))
-#endif
-
-/* ===========================================================================
- * Initialize the hash table (avoiding 64K overflow for 16 bit systems).
- * prev[] will be initialized on the fly.
- */
-#define CLEAR_HASH(s) \
- s->head[s->hash_size-1] = NIL; \
- zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head));
-
-/* ========================================================================= */
-int ZEXPORT deflateInit_(strm, level, version, stream_size)
- z_streamp strm;
- int level;
- const char *version;
- int stream_size;
-{
- return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL,
- Z_DEFAULT_STRATEGY, version, stream_size);
- /* To do: ignore strm->next_in if we use it as window */
-}
-
-/* ========================================================================= */
-int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
- version, stream_size)
- z_streamp strm;
- int level;
- int method;
- int windowBits;
- int memLevel;
- int strategy;
- const char *version;
- int stream_size;
-{
- deflate_state *s;
- int noheader = 0;
- static const char* my_version = ZLIB_VERSION;
-
- ushf *overlay;
- /* We overlay pending_buf and d_buf+l_buf. This works since the average
- * output size for (length,distance) codes is <= 24 bits.
- */
-
- if (version == Z_NULL || version[0] != my_version[0] ||
- stream_size != sizeof(z_stream)) {
- return Z_VERSION_ERROR;
- }
- if (strm == Z_NULL) return Z_STREAM_ERROR;
-
- strm->msg = Z_NULL;
- if (strm->zalloc == Z_NULL) {
- strm->zalloc = zcalloc;
- strm->opaque = (voidpf)0;
- }
- if (strm->zfree == Z_NULL) strm->zfree = zcfree;
-
- if (level == Z_DEFAULT_COMPRESSION) level = 6;
-#ifdef FASTEST
- level = 1;
-#endif
-
- if (windowBits < 0) { /* undocumented feature: suppress zlib header */
- noheader = 1;
- windowBits = -windowBits;
- }
- if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
- windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
- strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
- return Z_STREAM_ERROR;
- }
- s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state));
- if (s == Z_NULL) return Z_MEM_ERROR;
- strm->state = (struct internal_state FAR *)s;
- s->strm = strm;
-
- s->noheader = noheader;
- s->w_bits = windowBits;
- s->w_size = 1 << s->w_bits;
- s->w_mask = s->w_size - 1;
-
- s->hash_bits = memLevel + 7;
- s->hash_size = 1 << s->hash_bits;
- s->hash_mask = s->hash_size - 1;
- s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH);
-
- s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte));
- s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
- s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
-
- s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
-
- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
- s->pending_buf = (uchf *) overlay;
- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
-
- if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
- s->pending_buf == Z_NULL) {
- strm->msg = (char*)ERR_MSG(Z_MEM_ERROR);
- deflateEnd (strm);
- return Z_MEM_ERROR;
- }
- s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
-
- s->level = level;
- s->strategy = strategy;
- s->method = (Byte)method;
-
- return deflateReset(strm);
-}
-
-/* ========================================================================= */
-int ZEXPORT deflateSetDictionary (strm, dictionary, dictLength)
- z_streamp strm;
- const Bytef *dictionary;
- uInt dictLength;
-{
- deflate_state *s;
- uInt length = dictLength;
- uInt n;
- IPos hash_head = 0;
-
- if (strm == Z_NULL || strm->state == Z_NULL || dictionary == Z_NULL ||
- strm->state->status != INIT_STATE) return Z_STREAM_ERROR;
-
- s = strm->state;
- strm->adler = adler32(strm->adler, dictionary, dictLength);
-
- if (length < MIN_MATCH) return Z_OK;
- if (length > MAX_DIST(s)) {
- length = MAX_DIST(s);
-#ifndef USE_DICT_HEAD
- dictionary += dictLength - length; /* use the tail of the dictionary */
-#endif
- }
- zmemcpy(s->window, dictionary, length);
- s->strstart = length;
- s->block_start = (long)length;
-
- /* Insert all strings in the hash table (except for the last two bytes).
- * s->lookahead stays null, so s->ins_h will be recomputed at the next
- * call of fill_window.
- */
- s->ins_h = s->window[0];
- UPDATE_HASH(s, s->ins_h, s->window[1]);
- for (n = 0; n <= length - MIN_MATCH; n++) {
- INSERT_STRING(s, n, hash_head);
- }
- if (hash_head) hash_head = 0; /* to make compiler happy */
- return Z_OK;
-}
-
-/* ========================================================================= */
-int ZEXPORT deflateReset (strm)
- z_streamp strm;
-{
- deflate_state *s;
-
- if (strm == Z_NULL || strm->state == Z_NULL ||
- strm->zalloc == Z_NULL || strm->zfree == Z_NULL) return Z_STREAM_ERROR;
-
- strm->total_in = strm->total_out = 0;
- strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */
- strm->data_type = Z_UNKNOWN;
-
- s = (deflate_state *)strm->state;
- s->pending = 0;
- s->pending_out = s->pending_buf;
-
- if (s->noheader < 0) {
- s->noheader = 0; /* was set to -1 by deflate(..., Z_FINISH); */
- }
- s->status = s->noheader ? BUSY_STATE : INIT_STATE;
- strm->adler = 1;
- s->last_flush = Z_NO_FLUSH;
-
- _tr_init(s);
- lm_init(s);
-
- return Z_OK;
-}
-
-/* ========================================================================= */
-int ZEXPORT deflateParams(strm, level, strategy)
- z_streamp strm;
- int level;
- int strategy;
-{
- deflate_state *s;
- compress_func func;
- int err = Z_OK;
-
- if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
- s = strm->state;
-
- if (level == Z_DEFAULT_COMPRESSION) {
- level = 6;
- }
- if (level < 0 || level > 9 || strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
- return Z_STREAM_ERROR;
- }
- func = configuration_table[s->level].func;
-
- if (func != configuration_table[level].func && strm->total_in != 0) {
- /* Flush the last buffer: */
- err = deflate(strm, Z_PARTIAL_FLUSH);
- }
- if (s->level != level) {
- s->level = level;
- s->max_lazy_match = configuration_table[level].max_lazy;
- s->good_match = configuration_table[level].good_length;
- s->nice_match = configuration_table[level].nice_length;
- s->max_chain_length = configuration_table[level].max_chain;
- }
- s->strategy = strategy;
- return err;
-}
-
-/* =========================================================================
- * Put a short in the pending buffer. The 16-bit value is put in MSB order.
- * IN assertion: the stream state is correct and there is enough room in
- * pending_buf.
- */
-local void putShortMSB (s, b)
- deflate_state *s;
- uInt b;
-{
- put_byte(s, (Byte)(b >> 8));
- put_byte(s, (Byte)(b & 0xff));
-}
-
-/* =========================================================================
- * Flush as much pending output as possible. All deflate() output goes
- * through this function so some applications may wish to modify it
- * to avoid allocating a large strm->next_out buffer and copying into it.
- * (See also read_buf()).
- */
-local void flush_pending(strm)
- z_streamp strm;
-{
- unsigned len = strm->state->pending;
-
- if (len > strm->avail_out) len = strm->avail_out;
- if (len == 0) return;
-
- zmemcpy(strm->next_out, strm->state->pending_out, len);
- strm->next_out += len;
- strm->state->pending_out += len;
- strm->total_out += len;
- strm->avail_out -= len;
- strm->state->pending -= len;
- if (strm->state->pending == 0) {
- strm->state->pending_out = strm->state->pending_buf;
- }
-}
-
-/* ========================================================================= */
-int ZEXPORT deflate (strm, flush)
- z_streamp strm;
- int flush;
-{
- int old_flush; /* value of flush param for previous deflate call */
- deflate_state *s;
-
- if (strm == Z_NULL || strm->state == Z_NULL ||
- flush > Z_FINISH || flush < 0) {
- return Z_STREAM_ERROR;
- }
- s = strm->state;
-
- if (strm->next_out == Z_NULL ||
- (strm->next_in == Z_NULL && strm->avail_in != 0) ||
- (s->status == FINISH_STATE && flush != Z_FINISH)) {
- ERR_RETURN(strm, Z_STREAM_ERROR);
- }
- if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR);
-
- s->strm = strm; /* just in case */
- old_flush = s->last_flush;
- s->last_flush = flush;
-
- /* Write the zlib header */
- if (s->status == INIT_STATE) {
-
- uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8;
- uInt level_flags = (s->level-1) >> 1;
-
- if (level_flags > 3) level_flags = 3;
- header |= (level_flags << 6);
- if (s->strstart != 0) header |= PRESET_DICT;
- header += 31 - (header % 31);
-
- s->status = BUSY_STATE;
- putShortMSB(s, header);
-
- /* Save the adler32 of the preset dictionary: */
- if (s->strstart != 0) {
- putShortMSB(s, (uInt)(strm->adler >> 16));
- putShortMSB(s, (uInt)(strm->adler & 0xffff));
- }
- strm->adler = 1L;
- }
-
- /* Flush as much pending output as possible */
- if (s->pending != 0) {
- flush_pending(strm);
- if (strm->avail_out == 0) {
- /* Since avail_out is 0, deflate will be called again with
- * more output space, but possibly with both pending and
- * avail_in equal to zero. There won't be anything to do,
- * but this is not an error situation so make sure we
- * return OK instead of BUF_ERROR at next call of deflate:
- */
- s->last_flush = -1;
- return Z_OK;
- }
-
- /* Make sure there is something to do and avoid duplicate consecutive
- * flushes. For repeated and useless calls with Z_FINISH, we keep
- * returning Z_STREAM_END instead of Z_BUFF_ERROR.
- */
- } else if (strm->avail_in == 0 && flush <= old_flush &&
- flush != Z_FINISH) {
- ERR_RETURN(strm, Z_BUF_ERROR);
- }
-
- /* User must not provide more input after the first FINISH: */
- if (s->status == FINISH_STATE && strm->avail_in != 0) {
- ERR_RETURN(strm, Z_BUF_ERROR);
- }
-
- /* Start a new block or continue the current one.
- */
- if (strm->avail_in != 0 || s->lookahead != 0 ||
- (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) {
- block_state bstate;
-
- bstate = (*(configuration_table[s->level].func))(s, flush);
-
- if (bstate == finish_started || bstate == finish_done) {
- s->status = FINISH_STATE;
- }
- if (bstate == need_more || bstate == finish_started) {
- if (strm->avail_out == 0) {
- s->last_flush = -1; /* avoid BUF_ERROR next call, see above */
- }
- return Z_OK;
- /* If flush != Z_NO_FLUSH && avail_out == 0, the next call
- * of deflate should use the same flush parameter to make sure
- * that the flush is complete. So we don't have to output an
- * empty block here, this will be done at next call. This also
- * ensures that for a very small output buffer, we emit at most
- * one empty block.
- */
- }
- if (bstate == block_done) {
- if (flush == Z_PARTIAL_FLUSH) {
- _tr_align(s);
- } else { /* FULL_FLUSH or SYNC_FLUSH */
- _tr_stored_block(s, (char*)0, 0L, 0);
- /* For a full flush, this empty block will be recognized
- * as a special marker by inflate_sync().
- */
- if (flush == Z_FULL_FLUSH) {
- CLEAR_HASH(s); /* forget history */
- }
- }
- flush_pending(strm);
- if (strm->avail_out == 0) {
- s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */
- return Z_OK;
- }
- }
- }
- Assert(strm->avail_out > 0, "bug2");
-
- if (flush != Z_FINISH) return Z_OK;
- if (s->noheader) return Z_STREAM_END;
-
- /* Write the zlib trailer (adler32) */
- putShortMSB(s, (uInt)(strm->adler >> 16));
- putShortMSB(s, (uInt)(strm->adler & 0xffff));
- flush_pending(strm);
- /* If avail_out is zero, the application will call deflate again
- * to flush the rest.
- */
- s->noheader = -1; /* write the trailer only once! */
- return s->pending != 0 ? Z_OK : Z_STREAM_END;
-}
-
-/* ========================================================================= */
-int ZEXPORT deflateEnd (strm)
- z_streamp strm;
-{
- int status;
-
- if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
-
- status = strm->state->status;
- if (status != INIT_STATE && status != BUSY_STATE &&
- status != FINISH_STATE) {
- return Z_STREAM_ERROR;
- }
-
- /* Deallocate in reverse order of allocations: */
- TRY_FREE(strm, strm->state->pending_buf);
- TRY_FREE(strm, strm->state->head);
- TRY_FREE(strm, strm->state->prev);
- TRY_FREE(strm, strm->state->window);
-
- ZFREE(strm, strm->state);
- strm->state = Z_NULL;
-
- return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK;
-}
-
-/* =========================================================================
- * Copy the source state to the destination state.
- * To simplify the source, this is not supported for 16-bit MSDOS (which
- * doesn't have enough memory anyway to duplicate compression states).
- */
-int ZEXPORT deflateCopy (dest, source)
- z_streamp dest;
- z_streamp source;
-{
-#ifdef MAXSEG_64K
- return Z_STREAM_ERROR;
-#else
- deflate_state *ds;
- deflate_state *ss;
- ushf *overlay;
-
-
- if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) {
- return Z_STREAM_ERROR;
- }
-
- ss = source->state;
-
- *dest = *source;
-
- ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state));
- if (ds == Z_NULL) return Z_MEM_ERROR;
- dest->state = (struct internal_state FAR *) ds;
- *ds = *ss;
- ds->strm = dest;
-
- ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
- ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos));
- ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos));
- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
- ds->pending_buf = (uchf *) overlay;
-
- if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
- ds->pending_buf == Z_NULL) {
- deflateEnd (dest);
- return Z_MEM_ERROR;
- }
- /* following zmemcpy do not work for 16-bit MSDOS */
- zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte));
- zmemcpy(ds->prev, ss->prev, ds->w_size * sizeof(Pos));
- zmemcpy(ds->head, ss->head, ds->hash_size * sizeof(Pos));
- zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
-
- ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
-
- ds->l_desc.dyn_tree = ds->dyn_ltree;
- ds->d_desc.dyn_tree = ds->dyn_dtree;
- ds->bl_desc.dyn_tree = ds->bl_tree;
-
- return Z_OK;
-#endif
-}
-
-/* ===========================================================================
- * Read a new buffer from the current input stream, update the adler32
- * and total number of bytes read. All deflate() input goes through
- * this function so some applications may wish to modify it to avoid
- * allocating a large strm->next_in buffer and copying from it.
- * (See also flush_pending()).
- */
-local int read_buf(strm, buf, size)
- z_streamp strm;
- Bytef *buf;
- unsigned size;
-{
- unsigned len = strm->avail_in;
-
- if (len > size) len = size;
- if (len == 0) return 0;
-
- strm->avail_in -= len;
-
- if (!strm->state->noheader) {
- strm->adler = adler32(strm->adler, strm->next_in, len);
- }
- zmemcpy(buf, strm->next_in, len);
- strm->next_in += len;
- strm->total_in += len;
-
- return (int)len;
-}
-
-/* ===========================================================================
- * Initialize the "longest match" routines for a new zlib stream
- */
-local void lm_init (s)
- deflate_state *s;
-{
- s->window_size = (ulg)2L*s->w_size;
-
- CLEAR_HASH(s);
-
- /* Set the default configuration parameters:
- */
- s->max_lazy_match = configuration_table[s->level].max_lazy;
- s->good_match = configuration_table[s->level].good_length;
- s->nice_match = configuration_table[s->level].nice_length;
- s->max_chain_length = configuration_table[s->level].max_chain;
-
- s->strstart = 0;
- s->block_start = 0L;
- s->lookahead = 0;
- s->match_length = s->prev_length = MIN_MATCH-1;
- s->match_available = 0;
- s->ins_h = 0;
-#ifdef ASMV
- match_init(); /* initialize the asm code */
-#endif
-}
-
-/* ===========================================================================
- * Set match_start to the longest match starting at the given string and
- * return its length. Matches shorter or equal to prev_length are discarded,
- * in which case the result is equal to prev_length and match_start is
- * garbage.
- * IN assertions: cur_match is the head of the hash chain for the current
- * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1
- * OUT assertion: the match length is not greater than s->lookahead.
- */
-#ifndef ASMV
-/* For 80x86 and 680x0, an optimized version will be provided in match.asm or
- * match.S. The code will be functionally equivalent.
- */
-#ifndef FASTEST
-local uInt longest_match(s, cur_match)
- deflate_state *s;
- IPos cur_match; /* current match */
-{
- unsigned chain_length = s->max_chain_length;/* max hash chain length */
- register Bytef *scan = s->window + s->strstart; /* current string */
- register Bytef *match; /* matched string */
- register int len; /* length of current match */
- int best_len = s->prev_length; /* best match length so far */
- int nice_match = s->nice_match; /* stop if match long enough */
- IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
- s->strstart - (IPos)MAX_DIST(s) : NIL;
- /* Stop when cur_match becomes <= limit. To simplify the code,
- * we prevent matches with the string of window index 0.
- */
- Posf *prev = s->prev;
- uInt wmask = s->w_mask;
-
-#ifdef UNALIGNED_OK
- /* Compare two bytes at a time. Note: this is not always beneficial.
- * Try with and without -DUNALIGNED_OK to check.
- */
- register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1;
- register ush scan_start = *(ushf*)scan;
- register ush scan_end = *(ushf*)(scan+best_len-1);
-#else
- register Bytef *strend = s->window + s->strstart + MAX_MATCH;
- register Byte scan_end1 = scan[best_len-1];
- register Byte scan_end = scan[best_len];
-#endif
-
- /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
- * It is easy to get rid of this optimization if necessary.
- */
- Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
-
- /* Do not waste too much time if we already have a good match: */
- if (s->prev_length >= s->good_match) {
- chain_length >>= 2;
- }
- /* Do not look for matches beyond the end of the input. This is necessary
- * to make deflate deterministic.
- */
- if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead;
-
- Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
-
- do {
- Assert(cur_match < s->strstart, "no future");
- match = s->window + cur_match;
-
- /* Skip to next match if the match length cannot increase
- * or if the match length is less than 2:
- */
-#if (defined(UNALIGNED_OK) && MAX_MATCH == 258)
- /* This code assumes sizeof(unsigned short) == 2. Do not use
- * UNALIGNED_OK if your compiler uses a different size.
- */
- if (*(ushf*)(match+best_len-1) != scan_end ||
- *(ushf*)match != scan_start) continue;
-
- /* It is not necessary to compare scan[2] and match[2] since they are
- * always equal when the other bytes match, given that the hash keys
- * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at
- * strstart+3, +5, ... up to strstart+257. We check for insufficient
- * lookahead only every 4th comparison; the 128th check will be made
- * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is
- * necessary to put more guard bytes at the end of the window, or
- * to check more often for insufficient lookahead.
- */
- Assert(scan[2] == match[2], "scan[2]?");
- scan++, match++;
- do {
- } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- scan < strend);
- /* The funny "do {}" generates better code on most compilers */
-
- /* Here, scan <= window+strstart+257 */
- Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
- if (*scan == *match) scan++;
-
- len = (MAX_MATCH - 1) - (int)(strend-scan);
- scan = strend - (MAX_MATCH-1);
-
-#else /* UNALIGNED_OK */
-
- if (match[best_len] != scan_end ||
- match[best_len-1] != scan_end1 ||
- *match != *scan ||
- *++match != scan[1]) continue;
-
- /* The check at best_len-1 can be removed because it will be made
- * again later. (This heuristic is not always a win.)
- * It is not necessary to compare scan[2] and match[2] since they
- * are always equal when the other bytes match, given that
- * the hash keys are equal and that HASH_BITS >= 8.
- */
- scan += 2, match++;
- Assert(*scan == *match, "match[2]?");
-
- /* We check for insufficient lookahead only every 8th comparison;
- * the 256th check will be made at strstart+258.
- */
- do {
- } while (*++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- scan < strend);
-
- Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
-
- len = MAX_MATCH - (int)(strend - scan);
- scan = strend - MAX_MATCH;
-
-#endif /* UNALIGNED_OK */
-
- if (len > best_len) {
- s->match_start = cur_match;
- best_len = len;
- if (len >= nice_match) break;
-#ifdef UNALIGNED_OK
- scan_end = *(ushf*)(scan+best_len-1);
-#else
- scan_end1 = scan[best_len-1];
- scan_end = scan[best_len];
-#endif
- }
- } while ((cur_match = prev[cur_match & wmask]) > limit
- && --chain_length != 0);
-
- if ((uInt)best_len <= s->lookahead) return (uInt)best_len;
- return s->lookahead;
-}
-
-#else /* FASTEST */
-/* ---------------------------------------------------------------------------
- * Optimized version for level == 1 only
- */
-local uInt longest_match(s, cur_match)
- deflate_state *s;
- IPos cur_match; /* current match */
-{
- register Bytef *scan = s->window + s->strstart; /* current string */
- register Bytef *match; /* matched string */
- register int len; /* length of current match */
- register Bytef *strend = s->window + s->strstart + MAX_MATCH;
-
- /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
- * It is easy to get rid of this optimization if necessary.
- */
- Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
-
- Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
-
- Assert(cur_match < s->strstart, "no future");
-
- match = s->window + cur_match;
-
- /* Return failure if the match length is less than 2:
- */
- if (match[0] != scan[0] || match[1] != scan[1]) return MIN_MATCH-1;
-
- /* The check at best_len-1 can be removed because it will be made
- * again later. (This heuristic is not always a win.)
- * It is not necessary to compare scan[2] and match[2] since they
- * are always equal when the other bytes match, given that
- * the hash keys are equal and that HASH_BITS >= 8.
- */
- scan += 2, match += 2;
- Assert(*scan == *match, "match[2]?");
-
- /* We check for insufficient lookahead only every 8th comparison;
- * the 256th check will be made at strstart+258.
- */
- do {
- } while (*++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- scan < strend);
-
- Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
-
- len = MAX_MATCH - (int)(strend - scan);
-
- if (len < MIN_MATCH) return MIN_MATCH - 1;
-
- s->match_start = cur_match;
- return len <= s->lookahead ? len : s->lookahead;
-}
-#endif /* FASTEST */
-#endif /* ASMV */
-
-#ifdef DEBUG
-/* ===========================================================================
- * Check that the match at match_start is indeed a match.
- */
-local void check_match(s, start, match, length)
- deflate_state *s;
- IPos start, match;
- int length;
-{
- /* check that the match is indeed a match */
- if (zmemcmp(s->window + match,
- s->window + start, length) != EQUAL) {
- fprintf(stderr, " start %u, match %u, length %d\n",
- start, match, length);
- do {
- fprintf(stderr, "%c%c", s->window[match++], s->window[start++]);
- } while (--length != 0);
- z_error("invalid match");
- }
- if (z_verbose > 1) {
- fprintf(stderr,"\\[%d,%d]", start-match, length);
- do { putc(s->window[start++], stderr); } while (--length != 0);
- }
-}
-#else
-# define check_match(s, start, match, length)
-#endif
-
-/* ===========================================================================
- * Fill the window when the lookahead becomes insufficient.
- * Updates strstart and lookahead.
- *
- * IN assertion: lookahead < MIN_LOOKAHEAD
- * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD
- * At least one byte has been read, or avail_in == 0; reads are
- * performed for at least two bytes (required for the zip translate_eol
- * option -- not supported here).
- */
-local void fill_window(s)
- deflate_state *s;
-{
- register unsigned n, m;
- register Posf *p;
- unsigned more; /* Amount of free space at the end of the window. */
- uInt wsize = s->w_size;
-
- do {
- more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart);
-
- /* Deal with !@#$% 64K limit: */
- if (more == 0 && s->strstart == 0 && s->lookahead == 0) {
- more = wsize;
-
- } else if (more == (unsigned)(-1)) {
- /* Very unlikely, but possible on 16 bit machine if strstart == 0
- * and lookahead == 1 (input done one byte at time)
- */
- more--;
-
- /* If the window is almost full and there is insufficient lookahead,
- * move the upper half to the lower one to make room in the upper half.
- */
- } else if (s->strstart >= wsize+MAX_DIST(s)) {
-
- zmemcpy(s->window, s->window+wsize, (unsigned)wsize);
- s->match_start -= wsize;
- s->strstart -= wsize; /* we now have strstart >= MAX_DIST */
- s->block_start -= (long) wsize;
-
- /* Slide the hash table (could be avoided with 32 bit values
- at the expense of memory usage). We slide even when level == 0
- to keep the hash table consistent if we switch back to level > 0
- later. (Using level 0 permanently is not an optimal usage of
- zlib, so we don't care about this pathological case.)
- */
- n = s->hash_size;
- p = &s->head[n];
- do {
- m = *--p;
- *p = (Pos)(m >= wsize ? m-wsize : NIL);
- } while (--n);
-
- n = wsize;
-#ifndef FASTEST
- p = &s->prev[n];
- do {
- m = *--p;
- *p = (Pos)(m >= wsize ? m-wsize : NIL);
- /* If n is not on any hash chain, prev[n] is garbage but
- * its value will never be used.
- */
- } while (--n);
-#endif
- more += wsize;
- }
- if (s->strm->avail_in == 0) return;
-
- /* If there was no sliding:
- * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&
- * more == window_size - lookahead - strstart
- * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)
- * => more >= window_size - 2*WSIZE + 2
- * In the BIG_MEM or MMAP case (not yet supported),
- * window_size == input_size + MIN_LOOKAHEAD &&
- * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.
- * Otherwise, window_size == 2*WSIZE so more >= 2.
- * If there was sliding, more >= WSIZE. So in all cases, more >= 2.
- */
- Assert(more >= 2, "more < 2");
-
- n = read_buf(s->strm, s->window + s->strstart + s->lookahead, more);
- s->lookahead += n;
-
- /* Initialize the hash value now that we have some input: */
- if (s->lookahead >= MIN_MATCH) {
- s->ins_h = s->window[s->strstart];
- UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
-#if MIN_MATCH != 3
- Call UPDATE_HASH() MIN_MATCH-3 more times
-#endif
- }
- /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,
- * but this is not important since only literal bytes will be emitted.
- */
-
- } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0);
-}
-
-/* ===========================================================================
- * Flush the current block, with given end-of-file flag.
- * IN assertion: strstart is set to the end of the current match.
- */
-#define FLUSH_BLOCK_ONLY(s, eof) { \
- _tr_flush_block(s, (s->block_start >= 0L ? \
- (charf *)&s->window[(unsigned)s->block_start] : \
- (charf *)Z_NULL), \
- (ulg)((long)s->strstart - s->block_start), \
- (eof)); \
- s->block_start = s->strstart; \
- flush_pending(s->strm); \
- Tracev((stderr,"[FLUSH]")); \
-}
-
-/* Same but force premature exit if necessary. */
-#define FLUSH_BLOCK(s, eof) { \
- FLUSH_BLOCK_ONLY(s, eof); \
- if (s->strm->avail_out == 0) return (eof) ? finish_started : need_more; \
-}
-
-/* ===========================================================================
- * Copy without compression as much as possible from the input stream, return
- * the current block state.
- * This function does not insert new strings in the dictionary since
- * uncompressible data is probably not useful. This function is used
- * only for the level=0 compression option.
- * NOTE: this function should be optimized to avoid extra copying from
- * window to pending_buf.
- */
-local block_state deflate_stored(s, flush)
- deflate_state *s;
- int flush;
-{
- /* Stored blocks are limited to 0xffff bytes, pending_buf is limited
- * to pending_buf_size, and each stored block has a 5 byte header:
- */
- ulg max_block_size = 0xffff;
- ulg max_start;
-
- if (max_block_size > s->pending_buf_size - 5) {
- max_block_size = s->pending_buf_size - 5;
- }
-
- /* Copy as much as possible from input to output: */
- for (;;) {
- /* Fill the window as much as possible: */
- if (s->lookahead <= 1) {
-
- Assert(s->strstart < s->w_size+MAX_DIST(s) ||
- s->block_start >= (long)s->w_size, "slide too late");
-
- fill_window(s);
- if (s->lookahead == 0 && flush == Z_NO_FLUSH) return need_more;
-
- if (s->lookahead == 0) break; /* flush the current block */
- }
- Assert(s->block_start >= 0L, "block gone");
-
- s->strstart += s->lookahead;
- s->lookahead = 0;
-
- /* Emit a stored block if pending_buf will be full: */
- max_start = s->block_start + max_block_size;
- if (s->strstart == 0 || (ulg)s->strstart >= max_start) {
- /* strstart == 0 is possible when wraparound on 16-bit machine */
- s->lookahead = (uInt)(s->strstart - max_start);
- s->strstart = (uInt)max_start;
- FLUSH_BLOCK(s, 0);
- }
- /* Flush if we may have to slide, otherwise block_start may become
- * negative and the data will be gone:
- */
- if (s->strstart - (uInt)s->block_start >= MAX_DIST(s)) {
- FLUSH_BLOCK(s, 0);
- }
- }
- FLUSH_BLOCK(s, flush == Z_FINISH);
- return flush == Z_FINISH ? finish_done : block_done;
-}
-
-/* ===========================================================================
- * Compress as much as possible from the input stream, return the current
- * block state.
- * This function does not perform lazy evaluation of matches and inserts
- * new strings in the dictionary only for unmatched strings or for short
- * matches. It is used only for the fast compression options.
- */
-local block_state deflate_fast(s, flush)
- deflate_state *s;
- int flush;
-{
- IPos hash_head = NIL; /* head of the hash chain */
- int bflush; /* set if current block must be flushed */
-
- for (;;) {
- /* Make sure that we always have enough lookahead, except
- * at the end of the input file. We need MAX_MATCH bytes
- * for the next match, plus MIN_MATCH bytes to insert the
- * string following the next match.
- */
- if (s->lookahead < MIN_LOOKAHEAD) {
- fill_window(s);
- if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
- return need_more;
- }
- if (s->lookahead == 0) break; /* flush the current block */
- }
-
- /* Insert the string window[strstart .. strstart+2] in the
- * dictionary, and set hash_head to the head of the hash chain:
- */
- if (s->lookahead >= MIN_MATCH) {
- INSERT_STRING(s, s->strstart, hash_head);
- }
-
- /* Find the longest match, discarding those <= prev_length.
- * At this point we have always match_length < MIN_MATCH
- */
- if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) {
- /* To simplify the code, we prevent matches with the string
- * of window index 0 (in particular we have to avoid a match
- * of the string with itself at the start of the input file).
- */
- if (s->strategy != Z_HUFFMAN_ONLY) {
- s->match_length = longest_match (s, hash_head);
- }
- /* longest_match() sets match_start */
- }
- if (s->match_length >= MIN_MATCH) {
- check_match(s, s->strstart, s->match_start, s->match_length);
-
- _tr_tally_dist(s, s->strstart - s->match_start,
- s->match_length - MIN_MATCH, bflush);
-
- s->lookahead -= s->match_length;
-
- /* Insert new strings in the hash table only if the match length
- * is not too large. This saves time but degrades compression.
- */
-#ifndef FASTEST
- if (s->match_length <= s->max_insert_length &&
- s->lookahead >= MIN_MATCH) {
- s->match_length--; /* string at strstart already in hash table */
- do {
- s->strstart++;
- INSERT_STRING(s, s->strstart, hash_head);
- /* strstart never exceeds WSIZE-MAX_MATCH, so there are
- * always MIN_MATCH bytes ahead.
- */
- } while (--s->match_length != 0);
- s->strstart++;
- } else
-#endif
- {
- s->strstart += s->match_length;
- s->match_length = 0;
- s->ins_h = s->window[s->strstart];
- UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
-#if MIN_MATCH != 3
- Call UPDATE_HASH() MIN_MATCH-3 more times
-#endif
- /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not
- * matter since it will be recomputed at next deflate call.
- */
- }
- } else {
- /* No match, output a literal byte */
- Tracevv((stderr,"%c", s->window[s->strstart]));
- _tr_tally_lit (s, s->window[s->strstart], bflush);
- s->lookahead--;
- s->strstart++;
- }
- if (bflush) FLUSH_BLOCK(s, 0);
- }
- FLUSH_BLOCK(s, flush == Z_FINISH);
- return flush == Z_FINISH ? finish_done : block_done;
-}
-
-/* ===========================================================================
- * Same as above, but achieves better compression. We use a lazy
- * evaluation for matches: a match is finally adopted only if there is
- * no better match at the next window position.
- */
-local block_state deflate_slow(s, flush)
- deflate_state *s;
- int flush;
-{
- IPos hash_head = NIL; /* head of hash chain */
- int bflush; /* set if current block must be flushed */
-
- /* Process the input block. */
- for (;;) {
- /* Make sure that we always have enough lookahead, except
- * at the end of the input file. We need MAX_MATCH bytes
- * for the next match, plus MIN_MATCH bytes to insert the
- * string following the next match.
- */
- if (s->lookahead < MIN_LOOKAHEAD) {
- fill_window(s);
- if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
- return need_more;
- }
- if (s->lookahead == 0) break; /* flush the current block */
- }
-
- /* Insert the string window[strstart .. strstart+2] in the
- * dictionary, and set hash_head to the head of the hash chain:
- */
- if (s->lookahead >= MIN_MATCH) {
- INSERT_STRING(s, s->strstart, hash_head);
- }
-
- /* Find the longest match, discarding those <= prev_length.
- */
- s->prev_length = s->match_length, s->prev_match = s->match_start;
- s->match_length = MIN_MATCH-1;
-
- if (hash_head != NIL && s->prev_length < s->max_lazy_match &&
- s->strstart - hash_head <= MAX_DIST(s)) {
- /* To simplify the code, we prevent matches with the string
- * of window index 0 (in particular we have to avoid a match
- * of the string with itself at the start of the input file).
- */
- if (s->strategy != Z_HUFFMAN_ONLY) {
- s->match_length = longest_match (s, hash_head);
- }
- /* longest_match() sets match_start */
-
- if (s->match_length <= 5 && (s->strategy == Z_FILTERED ||
- (s->match_length == MIN_MATCH &&
- s->strstart - s->match_start > TOO_FAR))) {
-
- /* If prev_match is also MIN_MATCH, match_start is garbage
- * but we will ignore the current match anyway.
- */
- s->match_length = MIN_MATCH-1;
- }
- }
- /* If there was a match at the previous step and the current
- * match is not better, output the previous match:
- */
- if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) {
- uInt max_insert = s->strstart + s->lookahead - MIN_MATCH;
- /* Do not insert strings in hash table beyond this. */
-
- check_match(s, s->strstart-1, s->prev_match, s->prev_length);
-
- _tr_tally_dist(s, s->strstart -1 - s->prev_match,
- s->prev_length - MIN_MATCH, bflush);
-
- /* Insert in hash table all strings up to the end of the match.
- * strstart-1 and strstart are already inserted. If there is not
- * enough lookahead, the last two strings are not inserted in
- * the hash table.
- */
- s->lookahead -= s->prev_length-1;
- s->prev_length -= 2;
- do {
- if (++s->strstart <= max_insert) {
- INSERT_STRING(s, s->strstart, hash_head);
- }
- } while (--s->prev_length != 0);
- s->match_available = 0;
- s->match_length = MIN_MATCH-1;
- s->strstart++;
-
- if (bflush) FLUSH_BLOCK(s, 0);
-
- } else if (s->match_available) {
- /* If there was no match at the previous position, output a
- * single literal. If there was a match but the current match
- * is longer, truncate the previous match to a single literal.
- */
- Tracevv((stderr,"%c", s->window[s->strstart-1]));
- _tr_tally_lit(s, s->window[s->strstart-1], bflush);
- if (bflush) {
- FLUSH_BLOCK_ONLY(s, 0);
- }
- s->strstart++;
- s->lookahead--;
- if (s->strm->avail_out == 0) return need_more;
- } else {
- /* There is no previous match to compare with, wait for
- * the next step to decide.
- */
- s->match_available = 1;
- s->strstart++;
- s->lookahead--;
- }
- }
- Assert (flush != Z_NO_FLUSH, "no flush?");
- if (s->match_available) {
- Tracevv((stderr,"%c", s->window[s->strstart-1]));
- _tr_tally_lit(s, s->window[s->strstart-1], bflush);
- s->match_available = 0;
- }
- FLUSH_BLOCK(s, flush == Z_FINISH);
- return flush == Z_FINISH ? finish_done : block_done;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* deflate.h -- internal compression state
- * Copyright (C) 1995-1998 Jean-loup Gailly
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-/* @(#) $Id: deflate.h,v 1.1.1.1 2001/05/18 23:14:03 mb Exp $ */
-
-#ifndef _DEFLATE_H
-#define _DEFLATE_H
-
-#include "zutil.h"
-
-/* ===========================================================================
- * Internal compression state.
- */
-
-#define LENGTH_CODES 29
-/* number of length codes, not counting the special END_BLOCK code */
-
-#define LITERALS 256
-/* number of literal bytes 0..255 */
-
-#define L_CODES (LITERALS+1+LENGTH_CODES)
-/* number of Literal or Length codes, including the END_BLOCK code */
-
-#define D_CODES 30
-/* number of distance codes */
-
-#define BL_CODES 19
-/* number of codes used to transfer the bit lengths */
-
-#define HEAP_SIZE (2*L_CODES+1)
-/* maximum heap size */
-
-#define MAX_BITS 15
-/* All codes must not exceed MAX_BITS bits */
-
-#define INIT_STATE 42
-#define BUSY_STATE 113
-#define FINISH_STATE 666
-/* Stream status */
-
-
-/* Data structure describing a single value and its code string. */
-typedef struct ct_data_s {
- union {
- ush freq; /* frequency count */
- ush code; /* bit string */
- } fc;
- union {
- ush dad; /* father node in Huffman tree */
- ush len; /* length of bit string */
- } dl;
-} FAR ct_data;
-
-#define Freq fc.freq
-#define Code fc.code
-#define Dad dl.dad
-#define Len dl.len
-
-typedef struct static_tree_desc_s static_tree_desc;
-
-typedef struct tree_desc_s {
- ct_data *dyn_tree; /* the dynamic tree */
- int max_code; /* largest code with non zero frequency */
- static_tree_desc *stat_desc; /* the corresponding static tree */
-} FAR tree_desc;
-
-typedef ush Pos;
-typedef Pos FAR Posf;
-typedef unsigned IPos;
-
-/* A Pos is an index in the character window. We use short instead of int to
- * save space in the various tables. IPos is used only for parameter passing.
- */
-
-typedef struct internal_state {
- z_streamp strm; /* pointer back to this zlib stream */
- int status; /* as the name implies */
- Bytef *pending_buf; /* output still pending */
- ulg pending_buf_size; /* size of pending_buf */
- Bytef *pending_out; /* next pending byte to output to the stream */
- int pending; /* nb of bytes in the pending buffer */
- int noheader; /* suppress zlib header and adler32 */
- Byte data_type; /* UNKNOWN, BINARY or ASCII */
- Byte method; /* STORED (for zip only) or DEFLATED */
- int last_flush; /* value of flush param for previous deflate call */
-
- /* used by deflate.c: */
-
- uInt w_size; /* LZ77 window size (32K by default) */
- uInt w_bits; /* log2(w_size) (8..16) */
- uInt w_mask; /* w_size - 1 */
-
- Bytef *window;
- /* Sliding window. Input bytes are read into the second half of the window,
- * and move to the first half later to keep a dictionary of at least wSize
- * bytes. With this organization, matches are limited to a distance of
- * wSize-MAX_MATCH bytes, but this ensures that IO is always
- * performed with a length multiple of the block size. Also, it limits
- * the window size to 64K, which is quite useful on MSDOS.
- * To do: use the user input buffer as sliding window.
- */
-
- ulg window_size;
- /* Actual size of window: 2*wSize, except when the user input buffer
- * is directly used as sliding window.
- */
-
- Posf *prev;
- /* Link to older string with same hash index. To limit the size of this
- * array to 64K, this link is maintained only for the last 32K strings.
- * An index in this array is thus a window index modulo 32K.
- */
-
- Posf *head; /* Heads of the hash chains or NIL. */
-
- uInt ins_h; /* hash index of string to be inserted */
- uInt hash_size; /* number of elements in hash table */
- uInt hash_bits; /* log2(hash_size) */
- uInt hash_mask; /* hash_size-1 */
-
- uInt hash_shift;
- /* Number of bits by which ins_h must be shifted at each input
- * step. It must be such that after MIN_MATCH steps, the oldest
- * byte no longer takes part in the hash key, that is:
- * hash_shift * MIN_MATCH >= hash_bits
- */
-
- long block_start;
- /* Window position at the beginning of the current output block. Gets
- * negative when the window is moved backwards.
- */
-
- uInt match_length; /* length of best match */
- IPos prev_match; /* previous match */
- int match_available; /* set if previous match exists */
- uInt strstart; /* start of string to insert */
- uInt match_start; /* start of matching string */
- uInt lookahead; /* number of valid bytes ahead in window */
-
- uInt prev_length;
- /* Length of the best match at previous step. Matches not greater than this
- * are discarded. This is used in the lazy match evaluation.
- */
-
- uInt max_chain_length;
- /* To speed up deflation, hash chains are never searched beyond this
- * length. A higher limit improves compression ratio but degrades the
- * speed.
- */
-
- uInt max_lazy_match;
- /* Attempt to find a better match only when the current match is strictly
- * smaller than this value. This mechanism is used only for compression
- * levels >= 4.
- */
-# define max_insert_length max_lazy_match
- /* Insert new strings in the hash table only if the match length is not
- * greater than this length. This saves time but degrades compression.
- * max_insert_length is used only for compression levels <= 3.
- */
-
- int level; /* compression level (1..9) */
- int strategy; /* favor or force Huffman coding*/
-
- uInt good_match;
- /* Use a faster search when the previous match is longer than this */
-
- int nice_match; /* Stop searching when current match exceeds this */
-
- /* used by trees.c: */
- /* Didn't use ct_data typedef below to supress compiler warning */
- struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */
- struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */
- struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */
-
- struct tree_desc_s l_desc; /* desc. for literal tree */
- struct tree_desc_s d_desc; /* desc. for distance tree */
- struct tree_desc_s bl_desc; /* desc. for bit length tree */
-
- ush bl_count[MAX_BITS+1];
- /* number of codes at each bit length for an optimal tree */
-
- int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */
- int heap_len; /* number of elements in the heap */
- int heap_max; /* element of largest frequency */
- /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.
- * The same heap array is used to build all trees.
- */
-
- uch depth[2*L_CODES+1];
- /* Depth of each subtree used as tie breaker for trees of equal frequency
- */
-
- uchf *l_buf; /* buffer for literals or lengths */
-
- uInt lit_bufsize;
- /* Size of match buffer for literals/lengths. There are 4 reasons for
- * limiting lit_bufsize to 64K:
- * - frequencies can be kept in 16 bit counters
- * - if compression is not successful for the first block, all input
- * data is still in the window so we can still emit a stored block even
- * when input comes from standard input. (This can also be done for
- * all blocks if lit_bufsize is not greater than 32K.)
- * - if compression is not successful for a file smaller than 64K, we can
- * even emit a stored file instead of a stored block (saving 5 bytes).
- * This is applicable only for zip (not gzip or zlib).
- * - creating new Huffman trees less frequently may not provide fast
- * adaptation to changes in the input data statistics. (Take for
- * example a binary file with poorly compressible code followed by
- * a highly compressible string table.) Smaller buffer sizes give
- * fast adaptation but have of course the overhead of transmitting
- * trees more frequently.
- * - I can't count above 4
- */
-
- uInt last_lit; /* running index in l_buf */
-
- ushf *d_buf;
- /* Buffer for distances. To simplify the code, d_buf and l_buf have
- * the same number of elements. To use different lengths, an extra flag
- * array would be necessary.
- */
-
- ulg opt_len; /* bit length of current block with optimal trees */
- ulg static_len; /* bit length of current block with static trees */
- uInt matches; /* number of string matches in current block */
- int last_eob_len; /* bit length of EOB code for last block */
-
-#ifdef DEBUG
- ulg compressed_len; /* total bit length of compressed file mod 2^32 */
- ulg bits_sent; /* bit length of compressed data sent mod 2^32 */
-#endif
-
- ush bi_buf;
- /* Output buffer. bits are inserted starting at the bottom (least
- * significant bits).
- */
- int bi_valid;
- /* Number of valid bits in bi_buf. All bits above the last valid bit
- * are always zero.
- */
-
-} FAR deflate_state;
-
-/* Output a byte on the stream.
- * IN assertion: there is enough room in pending_buf.
- */
-#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);}
-
-
-#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
-/* Minimum amount of lookahead, except at the end of the input file.
- * See deflate.c for comments about the MIN_MATCH+1.
- */
-
-#define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD)
-/* In order to simplify the code, particularly on 16 bit machines, match
- * distances are limited to MAX_DIST instead of WSIZE.
- */
-
- /* in trees.c */
-void _tr_init OF((deflate_state *s));
-int _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc));
-void _tr_flush_block OF((deflate_state *s, charf *buf, ulg stored_len,
- int eof));
-void _tr_align OF((deflate_state *s));
-void _tr_stored_block OF((deflate_state *s, charf *buf, ulg stored_len,
- int eof));
-
-#define d_code(dist) \
- ((dist) < 256 ? _dist_code[dist] : _dist_code[256+((dist)>>7)])
-/* Mapping from a distance to a distance code. dist is the distance - 1 and
- * must not have side effects. _dist_code[256] and _dist_code[257] are never
- * used.
- */
-
-#ifndef DEBUG
-/* Inline versions of _tr_tally for speed: */
-
-#if defined(GEN_TREES_H) || !defined(STDC)
- extern uch _length_code[];
- extern uch _dist_code[];
-#else
- extern const uch _length_code[];
- extern const uch _dist_code[];
-#endif
-
-# define _tr_tally_lit(s, c, flush) \
- { uch cc = (c); \
- s->d_buf[s->last_lit] = 0; \
- s->l_buf[s->last_lit++] = cc; \
- s->dyn_ltree[cc].Freq++; \
- flush = (s->last_lit == s->lit_bufsize-1); \
- }
-# define _tr_tally_dist(s, distance, length, flush) \
- { uch len = (length); \
- ush dist = (distance); \
- s->d_buf[s->last_lit] = dist; \
- s->l_buf[s->last_lit++] = len; \
- dist--; \
- s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
- s->dyn_dtree[d_code(dist)].Freq++; \
- flush = (s->last_lit == s->lit_bufsize-1); \
- }
-#else
-# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
-# define _tr_tally_dist(s, distance, length, flush) \
- flush = _tr_tally(s, distance, length)
-#endif
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* infblock.c -- interpret and process block types to last block
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-#include "zutil.h"
-#include "infblock.h"
-#include "inftrees.h"
-#include "infcodes.h"
-#include "infutil.h"
-
-struct inflate_codes_state {int dummy;}; /* for buggy compilers */
-
-/* simplify the use of the inflate_huft type with some defines */
-#define exop word.what.Exop
-#define bits word.what.Bits
-
-/* Table for deflate from PKZIP's appnote.txt. */
-local const uInt border[] = { /* Order of the bit length code lengths */
- 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};
-
-/*
- Notes beyond the 1.93a appnote.txt:
-
- 1. Distance pointers never point before the beginning of the output
- stream.
- 2. Distance pointers can point back across blocks, up to 32k away.
- 3. There is an implied maximum of 7 bits for the bit length table and
- 15 bits for the actual data.
- 4. If only one code exists, then it is encoded using one bit. (Zero
- would be more efficient, but perhaps a little confusing.) If two
- codes exist, they are coded using one bit each (0 and 1).
- 5. There is no way of sending zero distance codes--a dummy must be
- sent if there are none. (History: a pre 2.0 version of PKZIP would
- store blocks with no distance codes, but this was discovered to be
- too harsh a criterion.) Valid only for 1.93a. 2.04c does allow
- zero distance codes, which is sent as one code of zero bits in
- length.
- 6. There are up to 286 literal/length codes. Code 256 represents the
- end-of-block. Note however that the static length tree defines
- 288 codes just to fill out the Huffman codes. Codes 286 and 287
- cannot be used though, since there is no length base or extra bits
- defined for them. Similarily, there are up to 30 distance codes.
- However, static trees define 32 codes (all 5 bits) to fill out the
- Huffman codes, but the last two had better not show up in the data.
- 7. Unzip can check dynamic Huffman blocks for complete code sets.
- The exception is that a single code would not be complete (see #4).
- 8. The five bits following the block type is really the number of
- literal codes sent minus 257.
- 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits
- (1+6+6). Therefore, to output three times the length, you output
- three codes (1+1+1), whereas to output four times the same length,
- you only need two codes (1+3). Hmm.
- 10. In the tree reconstruction algorithm, Code = Code + Increment
- only if BitLength(i) is not zero. (Pretty obvious.)
- 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19)
- 12. Note: length code 284 can represent 227-258, but length code 285
- really is 258. The last length deserves its own, short code
- since it gets used a lot in very redundant files. The length
- 258 is special since 258 - 3 (the min match length) is 255.
- 13. The literal/length and distance code bit lengths are read as a
- single stream of lengths. It is possible (and advantageous) for
- a repeat code (16, 17, or 18) to go across the boundary between
- the two sets of lengths.
- */
-
-
-void inflate_blocks_reset(s, z, c)
-inflate_blocks_statef *s;
-z_streamp z;
-uLongf *c;
-{
- if (c != Z_NULL)
- *c = s->check;
- if (s->mode == BTREE || s->mode == DTREE)
- ZFREE(z, s->sub.trees.blens);
- if (s->mode == CODES)
- inflate_codes_free(s->sub.decode.codes, z);
- s->mode = TYPE;
- s->bitk = 0;
- s->bitb = 0;
- s->read = s->write = s->window;
- if (s->checkfn != Z_NULL)
- z->adler = s->check = (*s->checkfn)(0L, (const Bytef *)Z_NULL, 0);
- Tracev((stderr, "inflate: blocks reset\n"));
-}
-
-
-inflate_blocks_statef *inflate_blocks_new(z, c, w)
-z_streamp z;
-check_func c;
-uInt w;
-{
- inflate_blocks_statef *s;
-
- if ((s = (inflate_blocks_statef *)ZALLOC
- (z,1,sizeof(struct inflate_blocks_state))) == Z_NULL)
- return s;
- if ((s->hufts =
- (inflate_huft *)ZALLOC(z, sizeof(inflate_huft), MANY)) == Z_NULL)
- {
- ZFREE(z, s);
- return Z_NULL;
- }
- if ((s->window = (Bytef *)ZALLOC(z, 1, w)) == Z_NULL)
- {
- ZFREE(z, s->hufts);
- ZFREE(z, s);
- return Z_NULL;
- }
- s->end = s->window + w;
- s->checkfn = c;
- s->mode = TYPE;
- Tracev((stderr, "inflate: blocks allocated\n"));
- inflate_blocks_reset(s, z, Z_NULL);
- return s;
-}
-
-
-int inflate_blocks(s, z, r)
-inflate_blocks_statef *s;
-z_streamp z;
-int r;
-{
- uInt t; /* temporary storage */
- uLong b; /* bit buffer */
- uInt k; /* bits in bit buffer */
- Bytef *p; /* input data pointer */
- uInt n; /* bytes available there */
- Bytef *q; /* output window write pointer */
- uInt m; /* bytes to end of window or read pointer */
-
- /* copy input/output information to locals (UPDATE macro restores) */
- LOAD
-
- /* process input based on current state */
- while (1) switch (s->mode)
- {
- case TYPE:
- NEEDBITS(3)
- t = (uInt)b & 7;
- s->last = t & 1;
- switch (t >> 1)
- {
- case 0: /* stored */
- Tracev((stderr, "inflate: stored block%s\n",
- s->last ? " (last)" : ""));
- DUMPBITS(3)
- t = k & 7; /* go to byte boundary */
- DUMPBITS(t)
- s->mode = LENS; /* get length of stored block */
- break;
- case 1: /* fixed */
- Tracev((stderr, "inflate: fixed codes block%s\n",
- s->last ? " (last)" : ""));
- {
- uInt bl, bd;
- inflate_huft *tl, *td;
-
- inflate_trees_fixed(&bl, &bd, &tl, &td, z);
- s->sub.decode.codes = inflate_codes_new(bl, bd, tl, td, z);
- if (s->sub.decode.codes == Z_NULL)
- {
- r = Z_MEM_ERROR;
- LEAVE
- }
- }
- DUMPBITS(3)
- s->mode = CODES;
- break;
- case 2: /* dynamic */
- Tracev((stderr, "inflate: dynamic codes block%s\n",
- s->last ? " (last)" : ""));
- DUMPBITS(3)
- s->mode = TABLE;
- break;
- case 3: /* illegal */
- DUMPBITS(3)
- s->mode = BAD;
- z->msg = (char*)"invalid block type";
- r = Z_DATA_ERROR;
- LEAVE
- }
- break;
- case LENS:
- NEEDBITS(32)
- if ((((~b) >> 16) & 0xffff) != (b & 0xffff))
- {
- s->mode = BAD;
- z->msg = (char*)"invalid stored block lengths";
- r = Z_DATA_ERROR;
- LEAVE
- }
- s->sub.left = (uInt)b & 0xffff;
- b = k = 0; /* dump bits */
- Tracev((stderr, "inflate: stored length %u\n", s->sub.left));
- s->mode = s->sub.left ? STORED : (s->last ? DRY : TYPE);
- break;
- case STORED:
- if (n == 0)
- LEAVE
- NEEDOUT
- t = s->sub.left;
- if (t > n) t = n;
- if (t > m) t = m;
- zmemcpy(q, p, t);
- p += t; n -= t;
- q += t; m -= t;
- if ((s->sub.left -= t) != 0)
- break;
- Tracev((stderr, "inflate: stored end, %lu total out\n",
- z->total_out + (q >= s->read ? q - s->read :
- (s->end - s->read) + (q - s->window))));
- s->mode = s->last ? DRY : TYPE;
- break;
- case TABLE:
- NEEDBITS(14)
- s->sub.trees.table = t = (uInt)b & 0x3fff;
-#ifndef PKZIP_BUG_WORKAROUND
- if ((t & 0x1f) > 29 || ((t >> 5) & 0x1f) > 29)
- {
- s->mode = BAD;
- z->msg = (char*)"too many length or distance symbols";
- r = Z_DATA_ERROR;
- LEAVE
- }
-#endif
- t = 258 + (t & 0x1f) + ((t >> 5) & 0x1f);
- if ((s->sub.trees.blens = (uIntf*)ZALLOC(z, t, sizeof(uInt))) == Z_NULL)
- {
- r = Z_MEM_ERROR;
- LEAVE
- }
- DUMPBITS(14)
- s->sub.trees.index = 0;
- Tracev((stderr, "inflate: table sizes ok\n"));
- s->mode = BTREE;
- case BTREE:
- while (s->sub.trees.index < 4 + (s->sub.trees.table >> 10))
- {
- NEEDBITS(3)
- s->sub.trees.blens[border[s->sub.trees.index++]] = (uInt)b & 7;
- DUMPBITS(3)
- }
- while (s->sub.trees.index < 19)
- s->sub.trees.blens[border[s->sub.trees.index++]] = 0;
- s->sub.trees.bb = 7;
- t = inflate_trees_bits(s->sub.trees.blens, &s->sub.trees.bb,
- &s->sub.trees.tb, s->hufts, z);
- if (t != Z_OK)
- {
- ZFREE(z, s->sub.trees.blens);
- r = t;
- if (r == Z_DATA_ERROR)
- s->mode = BAD;
- LEAVE
- }
- s->sub.trees.index = 0;
- Tracev((stderr, "inflate: bits tree ok\n"));
- s->mode = DTREE;
- case DTREE:
- while (t = s->sub.trees.table,
- s->sub.trees.index < 258 + (t & 0x1f) + ((t >> 5) & 0x1f))
- {
- inflate_huft *h;
- uInt i, j, c;
-
- t = s->sub.trees.bb;
- NEEDBITS(t)
- h = s->sub.trees.tb + ((uInt)b & inflate_mask[t]);
- t = h->bits;
- c = h->base;
- if (c < 16)
- {
- DUMPBITS(t)
- s->sub.trees.blens[s->sub.trees.index++] = c;
- }
- else /* c == 16..18 */
- {
- i = c == 18 ? 7 : c - 14;
- j = c == 18 ? 11 : 3;
- NEEDBITS(t + i)
- DUMPBITS(t)
- j += (uInt)b & inflate_mask[i];
- DUMPBITS(i)
- i = s->sub.trees.index;
- t = s->sub.trees.table;
- if (i + j > 258 + (t & 0x1f) + ((t >> 5) & 0x1f) ||
- (c == 16 && i < 1))
- {
- ZFREE(z, s->sub.trees.blens);
- s->mode = BAD;
- z->msg = (char*)"invalid bit length repeat";
- r = Z_DATA_ERROR;
- LEAVE
- }
- c = c == 16 ? s->sub.trees.blens[i - 1] : 0;
- do {
- s->sub.trees.blens[i++] = c;
- } while (--j);
- s->sub.trees.index = i;
- }
- }
- s->sub.trees.tb = Z_NULL;
- {
- uInt bl, bd;
- inflate_huft *tl, *td;
- inflate_codes_statef *c;
-
- bl = 9; /* must be <= 9 for lookahead assumptions */
- bd = 6; /* must be <= 9 for lookahead assumptions */
- t = s->sub.trees.table;
- t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
- s->sub.trees.blens, &bl, &bd, &tl, &td,
- s->hufts, z);
- ZFREE(z, s->sub.trees.blens);
- if (t != Z_OK)
- {
- if (t == (uInt)Z_DATA_ERROR)
- s->mode = BAD;
- r = t;
- LEAVE
- }
- Tracev((stderr, "inflate: trees ok\n"));
- if ((c = inflate_codes_new(bl, bd, tl, td, z)) == Z_NULL)
- {
- r = Z_MEM_ERROR;
- LEAVE
- }
- s->sub.decode.codes = c;
- }
- s->mode = CODES;
- case CODES:
- UPDATE
- if ((r = inflate_codes(s, z, r)) != Z_STREAM_END)
- return inflate_flush(s, z, r);
- r = Z_OK;
- inflate_codes_free(s->sub.decode.codes, z);
- LOAD
- Tracev((stderr, "inflate: codes end, %lu total out\n",
- z->total_out + (q >= s->read ? q - s->read :
- (s->end - s->read) + (q - s->window))));
- if (!s->last)
- {
- s->mode = TYPE;
- break;
- }
- s->mode = DRY;
- case DRY:
- FLUSH
- if (s->read != s->write)
- LEAVE
- s->mode = DONE;
- case DONE:
- r = Z_STREAM_END;
- LEAVE
- case BAD:
- r = Z_DATA_ERROR;
- LEAVE
- default:
- r = Z_STREAM_ERROR;
- LEAVE
- }
-}
-
-
-int inflate_blocks_free(s, z)
-inflate_blocks_statef *s;
-z_streamp z;
-{
- inflate_blocks_reset(s, z, Z_NULL);
- ZFREE(z, s->window);
- ZFREE(z, s->hufts);
- ZFREE(z, s);
- Tracev((stderr, "inflate: blocks freed\n"));
- return Z_OK;
-}
-
-
-void inflate_set_dictionary(s, d, n)
-inflate_blocks_statef *s;
-const Bytef *d;
-uInt n;
-{
- zmemcpy(s->window, d, n);
- s->read = s->write = s->window + n;
-}
-
-
-/* Returns true if inflate is currently at the end of a block generated
- * by Z_SYNC_FLUSH or Z_FULL_FLUSH.
- * IN assertion: s != Z_NULL
- */
-int inflate_blocks_sync_point(s)
-inflate_blocks_statef *s;
-{
- return s->mode == LENS;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* infblock.h -- header to use infblock.c
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-struct inflate_blocks_state;
-typedef struct inflate_blocks_state FAR inflate_blocks_statef;
-
-extern inflate_blocks_statef * inflate_blocks_new OF((
- z_streamp z,
- check_func c, /* check function */
- uInt w)); /* window size */
-
-extern int inflate_blocks OF((
- inflate_blocks_statef *,
- z_streamp ,
- int)); /* initial return code */
-
-extern void inflate_blocks_reset OF((
- inflate_blocks_statef *,
- z_streamp ,
- uLongf *)); /* check value on output */
-
-extern int inflate_blocks_free OF((
- inflate_blocks_statef *,
- z_streamp));
-
-extern void inflate_set_dictionary OF((
- inflate_blocks_statef *s,
- const Bytef *d, /* dictionary */
- uInt n)); /* dictionary length */
-
-extern int inflate_blocks_sync_point OF((
- inflate_blocks_statef *s));
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* infcodes.c -- process literals and length/distance pairs
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-#include "zutil.h"
-#include "inftrees.h"
-#include "infblock.h"
-#include "infcodes.h"
-#include "infutil.h"
-#include "inffast.h"
-
-/* simplify the use of the inflate_huft type with some defines */
-#define exop word.what.Exop
-#define bits word.what.Bits
-
-typedef enum { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */
- START, /* x: set up for LEN */
- LEN, /* i: get length/literal/eob next */
- LENEXT, /* i: getting length extra (have base) */
- DIST, /* i: get distance next */
- DISTEXT, /* i: getting distance extra */
- COPY, /* o: copying bytes in window, waiting for space */
- LIT, /* o: got literal, waiting for output space */
- WASH, /* o: got eob, possibly still output waiting */
- END, /* x: got eob and all data flushed */
- BADCODE} /* x: got error */
-inflate_codes_mode;
-
-/* inflate codes private state */
-struct inflate_codes_state {
-
- /* mode */
- inflate_codes_mode mode; /* current inflate_codes mode */
-
- /* mode dependent information */
- uInt len;
- union {
- struct {
- inflate_huft *tree; /* pointer into tree */
- uInt need; /* bits needed */
- } code; /* if LEN or DIST, where in tree */
- uInt lit; /* if LIT, literal */
- struct {
- uInt get; /* bits to get for extra */
- uInt dist; /* distance back to copy from */
- } copy; /* if EXT or COPY, where and how much */
- } sub; /* submode */
-
- /* mode independent information */
- Byte lbits; /* ltree bits decoded per branch */
- Byte dbits; /* dtree bits decoder per branch */
- inflate_huft *ltree; /* literal/length/eob tree */
- inflate_huft *dtree; /* distance tree */
-
-};
-
-
-inflate_codes_statef *inflate_codes_new(bl, bd, tl, td, z)
-uInt bl, bd;
-inflate_huft *tl;
-inflate_huft *td; /* need separate declaration for Borland C++ */
-z_streamp z;
-{
- inflate_codes_statef *c;
-
- if ((c = (inflate_codes_statef *)
- ZALLOC(z,1,sizeof(struct inflate_codes_state))) != Z_NULL)
- {
- c->mode = START;
- c->lbits = (Byte)bl;
- c->dbits = (Byte)bd;
- c->ltree = tl;
- c->dtree = td;
- Tracev((stderr, "inflate: codes new\n"));
- }
- return c;
-}
-
-
-int inflate_codes(s, z, r)
-inflate_blocks_statef *s;
-z_streamp z;
-int r;
-{
- uInt j; /* temporary storage */
- inflate_huft *t; /* temporary pointer */
- uInt e; /* extra bits or operation */
- uLong b; /* bit buffer */
- uInt k; /* bits in bit buffer */
- Bytef *p; /* input data pointer */
- uInt n; /* bytes available there */
- Bytef *q; /* output window write pointer */
- uInt m; /* bytes to end of window or read pointer */
- Bytef *f; /* pointer to copy strings from */
- inflate_codes_statef *c = s->sub.decode.codes; /* codes state */
-
- /* copy input/output information to locals (UPDATE macro restores) */
- LOAD
-
- /* process input and output based on current state */
- while (1) switch (c->mode)
- { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */
- case START: /* x: set up for LEN */
-#ifndef SLOW
- if (m >= 258 && n >= 10)
- {
- UPDATE
- r = inflate_fast(c->lbits, c->dbits, c->ltree, c->dtree, s, z);
- LOAD
- if (r != Z_OK)
- {
- c->mode = r == Z_STREAM_END ? WASH : BADCODE;
- break;
- }
- }
-#endif /* !SLOW */
- c->sub.code.need = c->lbits;
- c->sub.code.tree = c->ltree;
- c->mode = LEN;
- case LEN: /* i: get length/literal/eob next */
- j = c->sub.code.need;
- NEEDBITS(j)
- t = c->sub.code.tree + ((uInt)b & inflate_mask[j]);
- DUMPBITS(t->bits)
- e = (uInt)(t->exop);
- if (e == 0) /* literal */
- {
- c->sub.lit = t->base;
- Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ?
- "inflate: literal '%c'\n" :
- "inflate: literal 0x%02x\n", t->base));
- c->mode = LIT;
- break;
- }
- if (e & 16) /* length */
- {
- c->sub.copy.get = e & 15;
- c->len = t->base;
- c->mode = LENEXT;
- break;
- }
- if ((e & 64) == 0) /* next table */
- {
- c->sub.code.need = e;
- c->sub.code.tree = t + t->base;
- break;
- }
- if (e & 32) /* end of block */
- {
- Tracevv((stderr, "inflate: end of block\n"));
- c->mode = WASH;
- break;
- }
- c->mode = BADCODE; /* invalid code */
- z->msg = (char*)"invalid literal/length code";
- r = Z_DATA_ERROR;
- LEAVE
- case LENEXT: /* i: getting length extra (have base) */
- j = c->sub.copy.get;
- NEEDBITS(j)
- c->len += (uInt)b & inflate_mask[j];
- DUMPBITS(j)
- c->sub.code.need = c->dbits;
- c->sub.code.tree = c->dtree;
- Tracevv((stderr, "inflate: length %u\n", c->len));
- c->mode = DIST;
- case DIST: /* i: get distance next */
- j = c->sub.code.need;
- NEEDBITS(j)
- t = c->sub.code.tree + ((uInt)b & inflate_mask[j]);
- DUMPBITS(t->bits)
- e = (uInt)(t->exop);
- if (e & 16) /* distance */
- {
- c->sub.copy.get = e & 15;
- c->sub.copy.dist = t->base;
- c->mode = DISTEXT;
- break;
- }
- if ((e & 64) == 0) /* next table */
- {
- c->sub.code.need = e;
- c->sub.code.tree = t + t->base;
- break;
- }
- c->mode = BADCODE; /* invalid code */
- z->msg = (char*)"invalid distance code";
- r = Z_DATA_ERROR;
- LEAVE
- case DISTEXT: /* i: getting distance extra */
- j = c->sub.copy.get;
- NEEDBITS(j)
- c->sub.copy.dist += (uInt)b & inflate_mask[j];
- DUMPBITS(j)
- Tracevv((stderr, "inflate: distance %u\n", c->sub.copy.dist));
- c->mode = COPY;
- case COPY: /* o: copying bytes in window, waiting for space */
-#ifndef __TURBOC__ /* Turbo C bug for following expression */
- f = (uInt)(q - s->window) < c->sub.copy.dist ?
- s->end - (c->sub.copy.dist - (q - s->window)) :
- q - c->sub.copy.dist;
-#else
- f = q - c->sub.copy.dist;
- if ((uInt)(q - s->window) < c->sub.copy.dist)
- f = s->end - (c->sub.copy.dist - (uInt)(q - s->window));
-#endif
- while (c->len)
- {
- NEEDOUT
- OUTBYTE(*f++)
- if (f == s->end)
- f = s->window;
- c->len--;
- }
- c->mode = START;
- break;
- case LIT: /* o: got literal, waiting for output space */
- NEEDOUT
- OUTBYTE(c->sub.lit)
- c->mode = START;
- break;
- case WASH: /* o: got eob, possibly more output */
- if (k > 7) /* return unused byte, if any */
- {
- Assert(k < 16, "inflate_codes grabbed too many bytes")
- k -= 8;
- n++;
- p--; /* can always return one */
- }
- FLUSH
- if (s->read != s->write)
- LEAVE
- c->mode = END;
- case END:
- r = Z_STREAM_END;
- LEAVE
- case BADCODE: /* x: got error */
- r = Z_DATA_ERROR;
- LEAVE
- default:
- r = Z_STREAM_ERROR;
- LEAVE
- }
-#ifdef NEED_DUMMY_RETURN
- return Z_STREAM_ERROR; /* Some dumb compilers complain without this */
-#endif
-}
-
-
-void inflate_codes_free(c, z)
-inflate_codes_statef *c;
-z_streamp z;
-{
- ZFREE(z, c);
- Tracev((stderr, "inflate: codes free\n"));
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* infcodes.h -- header to use infcodes.c
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-struct inflate_codes_state;
-typedef struct inflate_codes_state FAR inflate_codes_statef;
-
-extern inflate_codes_statef *inflate_codes_new OF((
- uInt, uInt,
- inflate_huft *, inflate_huft *,
- z_streamp ));
-
-extern int inflate_codes OF((
- inflate_blocks_statef *,
- z_streamp ,
- int));
-
-extern void inflate_codes_free OF((
- inflate_codes_statef *,
- z_streamp ));
-
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* inffast.c -- process literals and length/distance pairs fast
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-#include "zutil.h"
-#include "inftrees.h"
-#include "infblock.h"
-#include "infcodes.h"
-#include "infutil.h"
-#include "inffast.h"
-
-struct inflate_codes_state {int dummy;}; /* for buggy compilers */
-
-/* simplify the use of the inflate_huft type with some defines */
-#define exop word.what.Exop
-#define bits word.what.Bits
-
-/* macros for bit input with no checking and for returning unused bytes */
-#define GRABBITS(j) {while(k<(j)){b|=((uLong)NEXTBYTE)<<k;k+=8;}}
-#define UNGRAB {c=z->avail_in-n;c=(k>>3)<c?k>>3:c;n+=c;p-=c;k-=c<<3;}
-
-/* Called with number of bytes left to write in window at least 258
- (the maximum string length) and number of input bytes available
- at least ten. The ten bytes are six bytes for the longest length/
- distance pair plus four bytes for overloading the bit buffer. */
-
-int inflate_fast(bl, bd, tl, td, s, z)
-uInt bl, bd;
-inflate_huft *tl;
-inflate_huft *td; /* need separate declaration for Borland C++ */
-inflate_blocks_statef *s;
-z_streamp z;
-{
- inflate_huft *t; /* temporary pointer */
- uInt e; /* extra bits or operation */
- uLong b; /* bit buffer */
- uInt k; /* bits in bit buffer */
- Bytef *p; /* input data pointer */
- uInt n; /* bytes available there */
- Bytef *q; /* output window write pointer */
- uInt m; /* bytes to end of window or read pointer */
- uInt ml; /* mask for literal/length tree */
- uInt md; /* mask for distance tree */
- uInt c; /* bytes to copy */
- uInt d; /* distance back to copy from */
- Bytef *r; /* copy source pointer */
-
- /* load input, output, bit values */
- LOAD
-
- /* initialize masks */
- ml = inflate_mask[bl];
- md = inflate_mask[bd];
-
- /* do until not enough input or output space for fast loop */
- do { /* assume called with m >= 258 && n >= 10 */
- /* get literal/length code */
- GRABBITS(20) /* max bits for literal/length code */
- if ((e = (t = tl + ((uInt)b & ml))->exop) == 0)
- {
- DUMPBITS(t->bits)
- Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ?
- "inflate: * literal '%c'\n" :
- "inflate: * literal 0x%02x\n", t->base));
- *q++ = (Byte)t->base;
- m--;
- continue;
- }
- do {
- DUMPBITS(t->bits)
- if (e & 16)
- {
- /* get extra bits for length */
- e &= 15;
- c = t->base + ((uInt)b & inflate_mask[e]);
- DUMPBITS(e)
- Tracevv((stderr, "inflate: * length %u\n", c));
-
- /* decode distance base of block to copy */
- GRABBITS(15); /* max bits for distance code */
- e = (t = td + ((uInt)b & md))->exop;
- do {
- DUMPBITS(t->bits)
- if (e & 16)
- {
- /* get extra bits to add to distance base */
- e &= 15;
- GRABBITS(e) /* get extra bits (up to 13) */
- d = t->base + ((uInt)b & inflate_mask[e]);
- DUMPBITS(e)
- Tracevv((stderr, "inflate: * distance %u\n", d));
-
- /* do the copy */
- m -= c;
- if ((uInt)(q - s->window) >= d) /* offset before dest */
- { /* just copy */
- r = q - d;
- *q++ = *r++; c--; /* minimum count is three, */
- *q++ = *r++; c--; /* so unroll loop a little */
- }
- else /* else offset after destination */
- {
- e = d - (uInt)(q - s->window); /* bytes from offset to end */
- r = s->end - e; /* pointer to offset */
- if (c > e) /* if source crosses, */
- {
- c -= e; /* copy to end of window */
- do {
- *q++ = *r++;
- } while (--e);
- r = s->window; /* copy rest from start of window */
- }
- }
- do { /* copy all or what's left */
- *q++ = *r++;
- } while (--c);
- break;
- }
- else if ((e & 64) == 0)
- {
- t += t->base;
- e = (t += ((uInt)b & inflate_mask[e]))->exop;
- }
- else
- {
- z->msg = (char*)"invalid distance code";
- UNGRAB
- UPDATE
- return Z_DATA_ERROR;
- }
- } while (1);
- break;
- }
- if ((e & 64) == 0)
- {
- t += t->base;
- if ((e = (t += ((uInt)b & inflate_mask[e]))->exop) == 0)
- {
- DUMPBITS(t->bits)
- Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ?
- "inflate: * literal '%c'\n" :
- "inflate: * literal 0x%02x\n", t->base));
- *q++ = (Byte)t->base;
- m--;
- break;
- }
- }
- else if (e & 32)
- {
- Tracevv((stderr, "inflate: * end of block\n"));
- UNGRAB
- UPDATE
- return Z_STREAM_END;
- }
- else
- {
- z->msg = (char*)"invalid literal/length code";
- UNGRAB
- UPDATE
- return Z_DATA_ERROR;
- }
- } while (1);
- } while (m >= 258 && n >= 10);
-
- /* not enough input or output--restore pointers and return */
- UNGRAB
- UPDATE
- return Z_OK;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* inffast.h -- header to use inffast.c
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-extern int inflate_fast OF((
- uInt,
- uInt,
- inflate_huft *,
- inflate_huft *,
- inflate_blocks_statef *,
- z_streamp ));
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* inffixed.h -- table for decoding fixed codes
- * Generated automatically by the maketree.c program
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-local uInt fixed_bl = 9;
-local uInt fixed_bd = 5;
-local inflate_huft fixed_tl[] = {
- {{{96,7}},256}, {{{0,8}},80}, {{{0,8}},16}, {{{84,8}},115},
- {{{82,7}},31}, {{{0,8}},112}, {{{0,8}},48}, {{{0,9}},192},
- {{{80,7}},10}, {{{0,8}},96}, {{{0,8}},32}, {{{0,9}},160},
- {{{0,8}},0}, {{{0,8}},128}, {{{0,8}},64}, {{{0,9}},224},
- {{{80,7}},6}, {{{0,8}},88}, {{{0,8}},24}, {{{0,9}},144},
- {{{83,7}},59}, {{{0,8}},120}, {{{0,8}},56}, {{{0,9}},208},
- {{{81,7}},17}, {{{0,8}},104}, {{{0,8}},40}, {{{0,9}},176},
- {{{0,8}},8}, {{{0,8}},136}, {{{0,8}},72}, {{{0,9}},240},
- {{{80,7}},4}, {{{0,8}},84}, {{{0,8}},20}, {{{85,8}},227},
- {{{83,7}},43}, {{{0,8}},116}, {{{0,8}},52}, {{{0,9}},200},
- {{{81,7}},13}, {{{0,8}},100}, {{{0,8}},36}, {{{0,9}},168},
- {{{0,8}},4}, {{{0,8}},132}, {{{0,8}},68}, {{{0,9}},232},
- {{{80,7}},8}, {{{0,8}},92}, {{{0,8}},28}, {{{0,9}},152},
- {{{84,7}},83}, {{{0,8}},124}, {{{0,8}},60}, {{{0,9}},216},
- {{{82,7}},23}, {{{0,8}},108}, {{{0,8}},44}, {{{0,9}},184},
- {{{0,8}},12}, {{{0,8}},140}, {{{0,8}},76}, {{{0,9}},248},
- {{{80,7}},3}, {{{0,8}},82}, {{{0,8}},18}, {{{85,8}},163},
- {{{83,7}},35}, {{{0,8}},114}, {{{0,8}},50}, {{{0,9}},196},
- {{{81,7}},11}, {{{0,8}},98}, {{{0,8}},34}, {{{0,9}},164},
- {{{0,8}},2}, {{{0,8}},130}, {{{0,8}},66}, {{{0,9}},228},
- {{{80,7}},7}, {{{0,8}},90}, {{{0,8}},26}, {{{0,9}},148},
- {{{84,7}},67}, {{{0,8}},122}, {{{0,8}},58}, {{{0,9}},212},
- {{{82,7}},19}, {{{0,8}},106}, {{{0,8}},42}, {{{0,9}},180},
- {{{0,8}},10}, {{{0,8}},138}, {{{0,8}},74}, {{{0,9}},244},
- {{{80,7}},5}, {{{0,8}},86}, {{{0,8}},22}, {{{192,8}},0},
- {{{83,7}},51}, {{{0,8}},118}, {{{0,8}},54}, {{{0,9}},204},
- {{{81,7}},15}, {{{0,8}},102}, {{{0,8}},38}, {{{0,9}},172},
- {{{0,8}},6}, {{{0,8}},134}, {{{0,8}},70}, {{{0,9}},236},
- {{{80,7}},9}, {{{0,8}},94}, {{{0,8}},30}, {{{0,9}},156},
- {{{84,7}},99}, {{{0,8}},126}, {{{0,8}},62}, {{{0,9}},220},
- {{{82,7}},27}, {{{0,8}},110}, {{{0,8}},46}, {{{0,9}},188},
- {{{0,8}},14}, {{{0,8}},142}, {{{0,8}},78}, {{{0,9}},252},
- {{{96,7}},256}, {{{0,8}},81}, {{{0,8}},17}, {{{85,8}},131},
- {{{82,7}},31}, {{{0,8}},113}, {{{0,8}},49}, {{{0,9}},194},
- {{{80,7}},10}, {{{0,8}},97}, {{{0,8}},33}, {{{0,9}},162},
- {{{0,8}},1}, {{{0,8}},129}, {{{0,8}},65}, {{{0,9}},226},
- {{{80,7}},6}, {{{0,8}},89}, {{{0,8}},25}, {{{0,9}},146},
- {{{83,7}},59}, {{{0,8}},121}, {{{0,8}},57}, {{{0,9}},210},
- {{{81,7}},17}, {{{0,8}},105}, {{{0,8}},41}, {{{0,9}},178},
- {{{0,8}},9}, {{{0,8}},137}, {{{0,8}},73}, {{{0,9}},242},
- {{{80,7}},4}, {{{0,8}},85}, {{{0,8}},21}, {{{80,8}},258},
- {{{83,7}},43}, {{{0,8}},117}, {{{0,8}},53}, {{{0,9}},202},
- {{{81,7}},13}, {{{0,8}},101}, {{{0,8}},37}, {{{0,9}},170},
- {{{0,8}},5}, {{{0,8}},133}, {{{0,8}},69}, {{{0,9}},234},
- {{{80,7}},8}, {{{0,8}},93}, {{{0,8}},29}, {{{0,9}},154},
- {{{84,7}},83}, {{{0,8}},125}, {{{0,8}},61}, {{{0,9}},218},
- {{{82,7}},23}, {{{0,8}},109}, {{{0,8}},45}, {{{0,9}},186},
- {{{0,8}},13}, {{{0,8}},141}, {{{0,8}},77}, {{{0,9}},250},
- {{{80,7}},3}, {{{0,8}},83}, {{{0,8}},19}, {{{85,8}},195},
- {{{83,7}},35}, {{{0,8}},115}, {{{0,8}},51}, {{{0,9}},198},
- {{{81,7}},11}, {{{0,8}},99}, {{{0,8}},35}, {{{0,9}},166},
- {{{0,8}},3}, {{{0,8}},131}, {{{0,8}},67}, {{{0,9}},230},
- {{{80,7}},7}, {{{0,8}},91}, {{{0,8}},27}, {{{0,9}},150},
- {{{84,7}},67}, {{{0,8}},123}, {{{0,8}},59}, {{{0,9}},214},
- {{{82,7}},19}, {{{0,8}},107}, {{{0,8}},43}, {{{0,9}},182},
- {{{0,8}},11}, {{{0,8}},139}, {{{0,8}},75}, {{{0,9}},246},
- {{{80,7}},5}, {{{0,8}},87}, {{{0,8}},23}, {{{192,8}},0},
- {{{83,7}},51}, {{{0,8}},119}, {{{0,8}},55}, {{{0,9}},206},
- {{{81,7}},15}, {{{0,8}},103}, {{{0,8}},39}, {{{0,9}},174},
- {{{0,8}},7}, {{{0,8}},135}, {{{0,8}},71}, {{{0,9}},238},
- {{{80,7}},9}, {{{0,8}},95}, {{{0,8}},31}, {{{0,9}},158},
- {{{84,7}},99}, {{{0,8}},127}, {{{0,8}},63}, {{{0,9}},222},
- {{{82,7}},27}, {{{0,8}},111}, {{{0,8}},47}, {{{0,9}},190},
- {{{0,8}},15}, {{{0,8}},143}, {{{0,8}},79}, {{{0,9}},254},
- {{{96,7}},256}, {{{0,8}},80}, {{{0,8}},16}, {{{84,8}},115},
- {{{82,7}},31}, {{{0,8}},112}, {{{0,8}},48}, {{{0,9}},193},
- {{{80,7}},10}, {{{0,8}},96}, {{{0,8}},32}, {{{0,9}},161},
- {{{0,8}},0}, {{{0,8}},128}, {{{0,8}},64}, {{{0,9}},225},
- {{{80,7}},6}, {{{0,8}},88}, {{{0,8}},24}, {{{0,9}},145},
- {{{83,7}},59}, {{{0,8}},120}, {{{0,8}},56}, {{{0,9}},209},
- {{{81,7}},17}, {{{0,8}},104}, {{{0,8}},40}, {{{0,9}},177},
- {{{0,8}},8}, {{{0,8}},136}, {{{0,8}},72}, {{{0,9}},241},
- {{{80,7}},4}, {{{0,8}},84}, {{{0,8}},20}, {{{85,8}},227},
- {{{83,7}},43}, {{{0,8}},116}, {{{0,8}},52}, {{{0,9}},201},
- {{{81,7}},13}, {{{0,8}},100}, {{{0,8}},36}, {{{0,9}},169},
- {{{0,8}},4}, {{{0,8}},132}, {{{0,8}},68}, {{{0,9}},233},
- {{{80,7}},8}, {{{0,8}},92}, {{{0,8}},28}, {{{0,9}},153},
- {{{84,7}},83}, {{{0,8}},124}, {{{0,8}},60}, {{{0,9}},217},
- {{{82,7}},23}, {{{0,8}},108}, {{{0,8}},44}, {{{0,9}},185},
- {{{0,8}},12}, {{{0,8}},140}, {{{0,8}},76}, {{{0,9}},249},
- {{{80,7}},3}, {{{0,8}},82}, {{{0,8}},18}, {{{85,8}},163},
- {{{83,7}},35}, {{{0,8}},114}, {{{0,8}},50}, {{{0,9}},197},
- {{{81,7}},11}, {{{0,8}},98}, {{{0,8}},34}, {{{0,9}},165},
- {{{0,8}},2}, {{{0,8}},130}, {{{0,8}},66}, {{{0,9}},229},
- {{{80,7}},7}, {{{0,8}},90}, {{{0,8}},26}, {{{0,9}},149},
- {{{84,7}},67}, {{{0,8}},122}, {{{0,8}},58}, {{{0,9}},213},
- {{{82,7}},19}, {{{0,8}},106}, {{{0,8}},42}, {{{0,9}},181},
- {{{0,8}},10}, {{{0,8}},138}, {{{0,8}},74}, {{{0,9}},245},
- {{{80,7}},5}, {{{0,8}},86}, {{{0,8}},22}, {{{192,8}},0},
- {{{83,7}},51}, {{{0,8}},118}, {{{0,8}},54}, {{{0,9}},205},
- {{{81,7}},15}, {{{0,8}},102}, {{{0,8}},38}, {{{0,9}},173},
- {{{0,8}},6}, {{{0,8}},134}, {{{0,8}},70}, {{{0,9}},237},
- {{{80,7}},9}, {{{0,8}},94}, {{{0,8}},30}, {{{0,9}},157},
- {{{84,7}},99}, {{{0,8}},126}, {{{0,8}},62}, {{{0,9}},221},
- {{{82,7}},27}, {{{0,8}},110}, {{{0,8}},46}, {{{0,9}},189},
- {{{0,8}},14}, {{{0,8}},142}, {{{0,8}},78}, {{{0,9}},253},
- {{{96,7}},256}, {{{0,8}},81}, {{{0,8}},17}, {{{85,8}},131},
- {{{82,7}},31}, {{{0,8}},113}, {{{0,8}},49}, {{{0,9}},195},
- {{{80,7}},10}, {{{0,8}},97}, {{{0,8}},33}, {{{0,9}},163},
- {{{0,8}},1}, {{{0,8}},129}, {{{0,8}},65}, {{{0,9}},227},
- {{{80,7}},6}, {{{0,8}},89}, {{{0,8}},25}, {{{0,9}},147},
- {{{83,7}},59}, {{{0,8}},121}, {{{0,8}},57}, {{{0,9}},211},
- {{{81,7}},17}, {{{0,8}},105}, {{{0,8}},41}, {{{0,9}},179},
- {{{0,8}},9}, {{{0,8}},137}, {{{0,8}},73}, {{{0,9}},243},
- {{{80,7}},4}, {{{0,8}},85}, {{{0,8}},21}, {{{80,8}},258},
- {{{83,7}},43}, {{{0,8}},117}, {{{0,8}},53}, {{{0,9}},203},
- {{{81,7}},13}, {{{0,8}},101}, {{{0,8}},37}, {{{0,9}},171},
- {{{0,8}},5}, {{{0,8}},133}, {{{0,8}},69}, {{{0,9}},235},
- {{{80,7}},8}, {{{0,8}},93}, {{{0,8}},29}, {{{0,9}},155},
- {{{84,7}},83}, {{{0,8}},125}, {{{0,8}},61}, {{{0,9}},219},
- {{{82,7}},23}, {{{0,8}},109}, {{{0,8}},45}, {{{0,9}},187},
- {{{0,8}},13}, {{{0,8}},141}, {{{0,8}},77}, {{{0,9}},251},
- {{{80,7}},3}, {{{0,8}},83}, {{{0,8}},19}, {{{85,8}},195},
- {{{83,7}},35}, {{{0,8}},115}, {{{0,8}},51}, {{{0,9}},199},
- {{{81,7}},11}, {{{0,8}},99}, {{{0,8}},35}, {{{0,9}},167},
- {{{0,8}},3}, {{{0,8}},131}, {{{0,8}},67}, {{{0,9}},231},
- {{{80,7}},7}, {{{0,8}},91}, {{{0,8}},27}, {{{0,9}},151},
- {{{84,7}},67}, {{{0,8}},123}, {{{0,8}},59}, {{{0,9}},215},
- {{{82,7}},19}, {{{0,8}},107}, {{{0,8}},43}, {{{0,9}},183},
- {{{0,8}},11}, {{{0,8}},139}, {{{0,8}},75}, {{{0,9}},247},
- {{{80,7}},5}, {{{0,8}},87}, {{{0,8}},23}, {{{192,8}},0},
- {{{83,7}},51}, {{{0,8}},119}, {{{0,8}},55}, {{{0,9}},207},
- {{{81,7}},15}, {{{0,8}},103}, {{{0,8}},39}, {{{0,9}},175},
- {{{0,8}},7}, {{{0,8}},135}, {{{0,8}},71}, {{{0,9}},239},
- {{{80,7}},9}, {{{0,8}},95}, {{{0,8}},31}, {{{0,9}},159},
- {{{84,7}},99}, {{{0,8}},127}, {{{0,8}},63}, {{{0,9}},223},
- {{{82,7}},27}, {{{0,8}},111}, {{{0,8}},47}, {{{0,9}},191},
- {{{0,8}},15}, {{{0,8}},143}, {{{0,8}},79}, {{{0,9}},255}
- };
-local inflate_huft fixed_td[] = {
- {{{80,5}},1}, {{{87,5}},257}, {{{83,5}},17}, {{{91,5}},4097},
- {{{81,5}},5}, {{{89,5}},1025}, {{{85,5}},65}, {{{93,5}},16385},
- {{{80,5}},3}, {{{88,5}},513}, {{{84,5}},33}, {{{92,5}},8193},
- {{{82,5}},9}, {{{90,5}},2049}, {{{86,5}},129}, {{{192,5}},24577},
- {{{80,5}},2}, {{{87,5}},385}, {{{83,5}},25}, {{{91,5}},6145},
- {{{81,5}},7}, {{{89,5}},1537}, {{{85,5}},97}, {{{93,5}},24577},
- {{{80,5}},4}, {{{88,5}},769}, {{{84,5}},49}, {{{92,5}},12289},
- {{{82,5}},13}, {{{90,5}},3073}, {{{86,5}},193}, {{{192,5}},24577}
- };
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* inflate.c -- zlib interface to inflate modules
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-#include "zutil.h"
-#include "infblock.h"
-
-struct inflate_blocks_state {int dummy;}; /* for buggy compilers */
-
-typedef enum {
- METHOD, /* waiting for method byte */
- FLAG, /* waiting for flag byte */
- DICT4, /* four dictionary check bytes to go */
- DICT3, /* three dictionary check bytes to go */
- DICT2, /* two dictionary check bytes to go */
- DICT1, /* one dictionary check byte to go */
- DICT0, /* waiting for inflateSetDictionary */
- BLOCKS, /* decompressing blocks */
- CHECK4, /* four check bytes to go */
- CHECK3, /* three check bytes to go */
- CHECK2, /* two check bytes to go */
- CHECK1, /* one check byte to go */
- DONE, /* finished check, done */
- BAD} /* got an error--stay here */
-inflate_mode;
-
-/* inflate private state */
-struct internal_state {
-
- /* mode */
- inflate_mode mode; /* current inflate mode */
-
- /* mode dependent information */
- union {
- uInt method; /* if FLAGS, method byte */
- struct {
- uLong was; /* computed check value */
- uLong need; /* stream check value */
- } check; /* if CHECK, check values to compare */
- uInt marker; /* if BAD, inflateSync's marker bytes count */
- } sub; /* submode */
-
- /* mode independent information */
- int nowrap; /* flag for no wrapper */
- uInt wbits; /* log2(window size) (8..15, defaults to 15) */
- inflate_blocks_statef
- *blocks; /* current inflate_blocks state */
-
-};
-
-
-int ZEXPORT inflateReset(z)
-z_streamp z;
-{
- if (z == Z_NULL || z->state == Z_NULL)
- return Z_STREAM_ERROR;
- z->total_in = z->total_out = 0;
- z->msg = Z_NULL;
- z->state->mode = z->state->nowrap ? BLOCKS : METHOD;
- inflate_blocks_reset(z->state->blocks, z, Z_NULL);
- Tracev((stderr, "inflate: reset\n"));
- return Z_OK;
-}
-
-
-int ZEXPORT inflateEnd(z)
-z_streamp z;
-{
- if (z == Z_NULL || z->state == Z_NULL || z->zfree == Z_NULL)
- return Z_STREAM_ERROR;
- if (z->state->blocks != Z_NULL)
- inflate_blocks_free(z->state->blocks, z);
- ZFREE(z, z->state);
- z->state = Z_NULL;
- Tracev((stderr, "inflate: end\n"));
- return Z_OK;
-}
-
-
-int ZEXPORT inflateInit2_(z, w, version, stream_size)
-z_streamp z;
-int w;
-const char *version;
-int stream_size;
-{
- if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
- stream_size != sizeof(z_stream))
- return Z_VERSION_ERROR;
-
- /* initialize state */
- if (z == Z_NULL)
- return Z_STREAM_ERROR;
- z->msg = Z_NULL;
- if (z->zalloc == Z_NULL)
- {
- z->zalloc = zcalloc;
- z->opaque = (voidpf)0;
- }
- if (z->zfree == Z_NULL) z->zfree = zcfree;
- if ((z->state = (struct internal_state FAR *)
- ZALLOC(z,1,sizeof(struct internal_state))) == Z_NULL)
- return Z_MEM_ERROR;
- z->state->blocks = Z_NULL;
-
- /* handle undocumented nowrap option (no zlib header or check) */
- z->state->nowrap = 0;
- if (w < 0)
- {
- w = - w;
- z->state->nowrap = 1;
- }
-
- /* set window size */
- if (w < 8 || w > 15)
- {
- inflateEnd(z);
- return Z_STREAM_ERROR;
- }
- z->state->wbits = (uInt)w;
-
- /* create inflate_blocks state */
- if ((z->state->blocks =
- inflate_blocks_new(z, z->state->nowrap ? Z_NULL : adler32, (uInt)1 << w))
- == Z_NULL)
- {
- inflateEnd(z);
- return Z_MEM_ERROR;
- }
- Tracev((stderr, "inflate: allocated\n"));
-
- /* reset state */
- inflateReset(z);
- return Z_OK;
-}
-
-
-int ZEXPORT inflateInit_(z, version, stream_size)
-z_streamp z;
-const char *version;
-int stream_size;
-{
- return inflateInit2_(z, DEF_WBITS, version, stream_size);
-}
-
-
-#define NEEDBYTE {if(z->avail_in==0)return r;r=f;}
-#define NEXTBYTE (z->avail_in--,z->total_in++,*z->next_in++)
-
-int ZEXPORT inflate(z, f)
-z_streamp z;
-int f;
-{
- int r;
- uInt b;
-
- if (z == Z_NULL || z->state == Z_NULL || z->next_in == Z_NULL)
- return Z_STREAM_ERROR;
- f = f == Z_FINISH ? Z_BUF_ERROR : Z_OK;
- r = Z_BUF_ERROR;
- while (1) switch (z->state->mode)
- {
- case METHOD:
- NEEDBYTE
- if (((z->state->sub.method = NEXTBYTE) & 0xf) != Z_DEFLATED)
- {
- z->state->mode = BAD;
- z->msg = (char*)"unknown compression method";
- z->state->sub.marker = 5; /* can't try inflateSync */
- break;
- }
- if ((z->state->sub.method >> 4) + 8 > z->state->wbits)
- {
- z->state->mode = BAD;
- z->msg = (char*)"invalid window size";
- z->state->sub.marker = 5; /* can't try inflateSync */
- break;
- }
- z->state->mode = FLAG;
- case FLAG:
- NEEDBYTE
- b = NEXTBYTE;
- if (((z->state->sub.method << 8) + b) % 31)
- {
- z->state->mode = BAD;
- z->msg = (char*)"incorrect header check";
- z->state->sub.marker = 5; /* can't try inflateSync */
- break;
- }
- Tracev((stderr, "inflate: zlib header ok\n"));
- if (!(b & PRESET_DICT))
- {
- z->state->mode = BLOCKS;
- break;
- }
- z->state->mode = DICT4;
- case DICT4:
- NEEDBYTE
- z->state->sub.check.need = (uLong)NEXTBYTE << 24;
- z->state->mode = DICT3;
- case DICT3:
- NEEDBYTE
- z->state->sub.check.need += (uLong)NEXTBYTE << 16;
- z->state->mode = DICT2;
- case DICT2:
- NEEDBYTE
- z->state->sub.check.need += (uLong)NEXTBYTE << 8;
- z->state->mode = DICT1;
- case DICT1:
- NEEDBYTE
- z->state->sub.check.need += (uLong)NEXTBYTE;
- z->adler = z->state->sub.check.need;
- z->state->mode = DICT0;
- return Z_NEED_DICT;
- case DICT0:
- z->state->mode = BAD;
- z->msg = (char*)"need dictionary";
- z->state->sub.marker = 0; /* can try inflateSync */
- return Z_STREAM_ERROR;
- case BLOCKS:
- r = inflate_blocks(z->state->blocks, z, r);
- if (r == Z_DATA_ERROR)
- {
- z->state->mode = BAD;
- z->state->sub.marker = 0; /* can try inflateSync */
- break;
- }
- if (r == Z_OK)
- r = f;
- if (r != Z_STREAM_END)
- return r;
- r = f;
- inflate_blocks_reset(z->state->blocks, z, &z->state->sub.check.was);
- if (z->state->nowrap)
- {
- z->state->mode = DONE;
- break;
- }
- z->state->mode = CHECK4;
- case CHECK4:
- NEEDBYTE
- z->state->sub.check.need = (uLong)NEXTBYTE << 24;
- z->state->mode = CHECK3;
- case CHECK3:
- NEEDBYTE
- z->state->sub.check.need += (uLong)NEXTBYTE << 16;
- z->state->mode = CHECK2;
- case CHECK2:
- NEEDBYTE
- z->state->sub.check.need += (uLong)NEXTBYTE << 8;
- z->state->mode = CHECK1;
- case CHECK1:
- NEEDBYTE
- z->state->sub.check.need += (uLong)NEXTBYTE;
-
- if (z->state->sub.check.was != z->state->sub.check.need)
- {
- z->state->mode = BAD;
- z->msg = (char*)"incorrect data check";
- z->state->sub.marker = 5; /* can't try inflateSync */
- break;
- }
- Tracev((stderr, "inflate: zlib check ok\n"));
- z->state->mode = DONE;
- case DONE:
- return Z_STREAM_END;
- case BAD:
- return Z_DATA_ERROR;
- default:
- return Z_STREAM_ERROR;
- }
-#ifdef NEED_DUMMY_RETURN
- return Z_STREAM_ERROR; /* Some dumb compilers complain without this */
-#endif
-}
-
-
-int ZEXPORT inflateSetDictionary(z, dictionary, dictLength)
-z_streamp z;
-const Bytef *dictionary;
-uInt dictLength;
-{
- uInt length = dictLength;
-
- if (z == Z_NULL || z->state == Z_NULL || z->state->mode != DICT0)
- return Z_STREAM_ERROR;
-
- if (adler32(1L, dictionary, dictLength) != z->adler) return Z_DATA_ERROR;
- z->adler = 1L;
-
- if (length >= ((uInt)1<<z->state->wbits))
- {
- length = (1<<z->state->wbits)-1;
- dictionary += dictLength - length;
- }
- inflate_set_dictionary(z->state->blocks, dictionary, length);
- z->state->mode = BLOCKS;
- return Z_OK;
-}
-
-
-int ZEXPORT inflateSync(z)
-z_streamp z;
-{
- uInt n; /* number of bytes to look at */
- Bytef *p; /* pointer to bytes */
- uInt m; /* number of marker bytes found in a row */
- uLong r, w; /* temporaries to save total_in and total_out */
-
- /* set up */
- if (z == Z_NULL || z->state == Z_NULL)
- return Z_STREAM_ERROR;
- if (z->state->mode != BAD)
- {
- z->state->mode = BAD;
- z->state->sub.marker = 0;
- }
- if ((n = z->avail_in) == 0)
- return Z_BUF_ERROR;
- p = z->next_in;
- m = z->state->sub.marker;
-
- /* search */
- while (n && m < 4)
- {
- static const Byte mark[4] = {0, 0, 0xff, 0xff};
- if (*p == mark[m])
- m++;
- else if (*p)
- m = 0;
- else
- m = 4 - m;
- p++, n--;
- }
-
- /* restore */
- z->total_in += p - z->next_in;
- z->next_in = p;
- z->avail_in = n;
- z->state->sub.marker = m;
-
- /* return no joy or set up to restart on a new block */
- if (m != 4)
- return Z_DATA_ERROR;
- r = z->total_in; w = z->total_out;
- inflateReset(z);
- z->total_in = r; z->total_out = w;
- z->state->mode = BLOCKS;
- return Z_OK;
-}
-
-
-/* Returns true if inflate is currently at the end of a block generated
- * by Z_SYNC_FLUSH or Z_FULL_FLUSH. This function is used by one PPP
- * implementation to provide an additional safety check. PPP uses Z_SYNC_FLUSH
- * but removes the length bytes of the resulting empty stored block. When
- * decompressing, PPP checks that at the end of input packet, inflate is
- * waiting for these length bytes.
- */
-int ZEXPORT inflateSyncPoint(z)
-z_streamp z;
-{
- if (z == Z_NULL || z->state == Z_NULL || z->state->blocks == Z_NULL)
- return Z_STREAM_ERROR;
- return inflate_blocks_sync_point(z->state->blocks);
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* inftrees.c -- generate Huffman trees for efficient decoding
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-#include "zutil.h"
-#include "inftrees.h"
-
-#if !defined(BUILDFIXED) && !defined(STDC)
-# define BUILDFIXED /* non ANSI compilers may not accept inffixed.h */
-#endif
-
-const char inflate_copyright[] =
- " inflate 1.1.3 Copyright 1995-1998 Mark Adler ";
-/*
- If you use the zlib library in a product, an acknowledgment is welcome
- in the documentation of your product. If for some reason you cannot
- include such an acknowledgment, I would appreciate that you keep this
- copyright string in the executable of your product.
- */
-struct internal_state {int dummy;}; /* for buggy compilers */
-
-/* simplify the use of the inflate_huft type with some defines */
-#define exop word.what.Exop
-#define bits word.what.Bits
-
-
-local int huft_build OF((
- uIntf *, /* code lengths in bits */
- uInt, /* number of codes */
- uInt, /* number of "simple" codes */
- const uIntf *, /* list of base values for non-simple codes */
- const uIntf *, /* list of extra bits for non-simple codes */
- inflate_huft * FAR*,/* result: starting table */
- uIntf *, /* maximum lookup bits (returns actual) */
- inflate_huft *, /* space for trees */
- uInt *, /* hufts used in space */
- uIntf * )); /* space for values */
-
-/* Tables for deflate from PKZIP's appnote.txt. */
-local const uInt cplens[31] = { /* Copy lengths for literal codes 257..285 */
- 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,
- 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0};
- /* see note #13 above about 258 */
-local const uInt cplext[31] = { /* Extra bits for literal codes 257..285 */
- 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2,
- 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 112, 112}; /* 112==invalid */
-local const uInt cpdist[30] = { /* Copy offsets for distance codes 0..29 */
- 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,
- 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,
- 8193, 12289, 16385, 24577};
-local const uInt cpdext[30] = { /* Extra bits for distance codes */
- 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6,
- 7, 7, 8, 8, 9, 9, 10, 10, 11, 11,
- 12, 12, 13, 13};
-
-/*
- Huffman code decoding is performed using a multi-level table lookup.
- The fastest way to decode is to simply build a lookup table whose
- size is determined by the longest code. However, the time it takes
- to build this table can also be a factor if the data being decoded
- is not very long. The most common codes are necessarily the
- shortest codes, so those codes dominate the decoding time, and hence
- the speed. The idea is you can have a shorter table that decodes the
- shorter, more probable codes, and then point to subsidiary tables for
- the longer codes. The time it costs to decode the longer codes is
- then traded against the time it takes to make longer tables.
-
- This results of this trade are in the variables lbits and dbits
- below. lbits is the number of bits the first level table for literal/
- length codes can decode in one step, and dbits is the same thing for
- the distance codes. Subsequent tables are also less than or equal to
- those sizes. These values may be adjusted either when all of the
- codes are shorter than that, in which case the longest code length in
- bits is used, or when the shortest code is *longer* than the requested
- table size, in which case the length of the shortest code in bits is
- used.
-
- There are two different values for the two tables, since they code a
- different number of possibilities each. The literal/length table
- codes 286 possible values, or in a flat code, a little over eight
- bits. The distance table codes 30 possible values, or a little less
- than five bits, flat. The optimum values for speed end up being
- about one bit more than those, so lbits is 8+1 and dbits is 5+1.
- The optimum values may differ though from machine to machine, and
- possibly even between compilers. Your mileage may vary.
- */
-
-
-/* If BMAX needs to be larger than 16, then h and x[] should be uLong. */
-#define BMAX 15 /* maximum bit length of any code */
-
-local int huft_build(b, n, s, d, e, t, m, hp, hn, v)
-uIntf *b; /* code lengths in bits (all assumed <= BMAX) */
-uInt n; /* number of codes (assumed <= 288) */
-uInt s; /* number of simple-valued codes (0..s-1) */
-const uIntf *d; /* list of base values for non-simple codes */
-const uIntf *e; /* list of extra bits for non-simple codes */
-inflate_huft * FAR *t; /* result: starting table */
-uIntf *m; /* maximum lookup bits, returns actual */
-inflate_huft *hp; /* space for trees */
-uInt *hn; /* hufts used in space */
-uIntf *v; /* working area: values in order of bit length */
-/* Given a list of code lengths and a maximum table size, make a set of
- tables to decode that set of codes. Return Z_OK on success, Z_BUF_ERROR
- if the given code set is incomplete (the tables are still built in this
- case), Z_DATA_ERROR if the input is invalid (an over-subscribed set of
- lengths), or Z_MEM_ERROR if not enough memory. */
-{
-
- uInt a; /* counter for codes of length k */
- uInt c[BMAX+1]; /* bit length count table */
- uInt f; /* i repeats in table every f entries */
- int g; /* maximum code length */
- int h; /* table level */
- register uInt i; /* counter, current code */
- register uInt j; /* counter */
- register int k; /* number of bits in current code */
- int l; /* bits per table (returned in m) */
- uInt mask; /* (1 << w) - 1, to avoid cc -O bug on HP */
- register uIntf *p; /* pointer into c[], b[], or v[] */
- inflate_huft *q; /* points to current table */
- struct inflate_huft_s r; /* table entry for structure assignment */
- inflate_huft *u[BMAX]; /* table stack */
- register int w; /* bits before this table == (l * h) */
- uInt x[BMAX+1]; /* bit offsets, then code stack */
- uIntf *xp; /* pointer into x */
- int y; /* number of dummy codes added */
- uInt z; /* number of entries in current table */
-
-
- /* Generate counts for each bit length */
- p = c;
-#define C0 *p++ = 0;
-#define C2 C0 C0 C0 C0
-#define C4 C2 C2 C2 C2
- C4 /* clear c[]--assume BMAX+1 is 16 */
- p = b; i = n;
- do {
- c[*p++]++; /* assume all entries <= BMAX */
- } while (--i);
- if (c[0] == n) /* null input--all zero length codes */
- {
- *t = (inflate_huft *)Z_NULL;
- *m = 0;
- return Z_OK;
- }
-
-
- /* Find minimum and maximum length, bound *m by those */
- l = *m;
- for (j = 1; j <= BMAX; j++)
- if (c[j])
- break;
- k = j; /* minimum code length */
- if ((uInt)l < j)
- l = j;
- for (i = BMAX; i; i--)
- if (c[i])
- break;
- g = i; /* maximum code length */
- if ((uInt)l > i)
- l = i;
- *m = l;
-
-
- /* Adjust last length count to fill out codes, if needed */
- for (y = 1 << j; j < i; j++, y <<= 1)
- if ((y -= c[j]) < 0)
- return Z_DATA_ERROR;
- if ((y -= c[i]) < 0)
- return Z_DATA_ERROR;
- c[i] += y;
-
-
- /* Generate starting offsets into the value table for each length */
- x[1] = j = 0;
- p = c + 1; xp = x + 2;
- while (--i) { /* note that i == g from above */
- *xp++ = (j += *p++);
- }
-
-
- /* Make a table of values in order of bit lengths */
- p = b; i = 0;
- do {
- if ((j = *p++) != 0)
- v[x[j]++] = i;
- } while (++i < n);
- n = x[g]; /* set n to length of v */
-
-
- /* Generate the Huffman codes and for each, make the table entries */
- x[0] = i = 0; /* first Huffman code is zero */
- p = v; /* grab values in bit order */
- h = -1; /* no tables yet--level -1 */
- w = -l; /* bits decoded == (l * h) */
- u[0] = (inflate_huft *)Z_NULL; /* just to keep compilers happy */
- q = (inflate_huft *)Z_NULL; /* ditto */
- z = 0; /* ditto */
-
- /* go through the bit lengths (k already is bits in shortest code) */
- for (; k <= g; k++)
- {
- a = c[k];
- while (a--)
- {
- /* here i is the Huffman code of length k bits for value *p */
- /* make tables up to required level */
- while (k > w + l)
- {
- h++;
- w += l; /* previous table always l bits */
-
- /* compute minimum size table less than or equal to l bits */
- z = g - w;
- z = z > (uInt)l ? l : z; /* table size upper limit */
- if ((f = 1 << (j = k - w)) > a + 1) /* try a k-w bit table */
- { /* too few codes for k-w bit table */
- f -= a + 1; /* deduct codes from patterns left */
- xp = c + k;
- if (j < z)
- while (++j < z) /* try smaller tables up to z bits */
- {
- if ((f <<= 1) <= *++xp)
- break; /* enough codes to use up j bits */
- f -= *xp; /* else deduct codes from patterns */
- }
- }
- z = 1 << j; /* table entries for j-bit table */
-
- /* allocate new table */
- if (*hn + z > MANY) /* (note: doesn't matter for fixed) */
- return Z_MEM_ERROR; /* not enough memory */
- u[h] = q = hp + *hn;
- *hn += z;
-
- /* connect to last table, if there is one */
- if (h)
- {
- x[h] = i; /* save pattern for backing up */
- r.bits = (Byte)l; /* bits to dump before this table */
- r.exop = (Byte)j; /* bits in this table */
- j = i >> (w - l);
- r.base = (uInt)(q - u[h-1] - j); /* offset to this table */
- u[h-1][j] = r; /* connect to last table */
- }
- else
- *t = q; /* first table is returned result */
- }
-
- /* set up table entry in r */
- r.bits = (Byte)(k - w);
- if (p >= v + n)
- r.exop = 128 + 64; /* out of values--invalid code */
- else if (*p < s)
- {
- r.exop = (Byte)(*p < 256 ? 0 : 32 + 64); /* 256 is end-of-block */
- r.base = *p++; /* simple code is just the value */
- }
- else
- {
- r.exop = (Byte)(e[*p - s] + 16 + 64);/* non-simple--look up in lists */
- r.base = d[*p++ - s];
- }
-
- /* fill code-like entries with r */
- f = 1 << (k - w);
- for (j = i >> w; j < z; j += f)
- q[j] = r;
-
- /* backwards increment the k-bit code i */
- for (j = 1 << (k - 1); i & j; j >>= 1)
- i ^= j;
- i ^= j;
-
- /* backup over finished tables */
- mask = (1 << w) - 1; /* needed on HP, cc -O bug */
- while ((i & mask) != x[h])
- {
- h--; /* don't need to update q */
- w -= l;
- mask = (1 << w) - 1;
- }
- }
- }
-
-
- /* Return Z_BUF_ERROR if we were given an incomplete table */
- return y != 0 && g != 1 ? Z_BUF_ERROR : Z_OK;
-}
-
-
-int inflate_trees_bits(c, bb, tb, hp, z)
-uIntf *c; /* 19 code lengths */
-uIntf *bb; /* bits tree desired/actual depth */
-inflate_huft * FAR *tb; /* bits tree result */
-inflate_huft *hp; /* space for trees */
-z_streamp z; /* for messages */
-{
- int r;
- uInt hn = 0; /* hufts used in space */
- uIntf *v; /* work area for huft_build */
-
- if ((v = (uIntf*)ZALLOC(z, 19, sizeof(uInt))) == Z_NULL)
- return Z_MEM_ERROR;
- r = huft_build(c, 19, 19, (uIntf*)Z_NULL, (uIntf*)Z_NULL,
- tb, bb, hp, &hn, v);
- if (r == Z_DATA_ERROR)
- z->msg = (char*)"oversubscribed dynamic bit lengths tree";
- else if (r == Z_BUF_ERROR || *bb == 0)
- {
- z->msg = (char*)"incomplete dynamic bit lengths tree";
- r = Z_DATA_ERROR;
- }
- ZFREE(z, v);
- return r;
-}
-
-
-int inflate_trees_dynamic(nl, nd, c, bl, bd, tl, td, hp, z)
-uInt nl; /* number of literal/length codes */
-uInt nd; /* number of distance codes */
-uIntf *c; /* that many (total) code lengths */
-uIntf *bl; /* literal desired/actual bit depth */
-uIntf *bd; /* distance desired/actual bit depth */
-inflate_huft * FAR *tl; /* literal/length tree result */
-inflate_huft * FAR *td; /* distance tree result */
-inflate_huft *hp; /* space for trees */
-z_streamp z; /* for messages */
-{
- int r;
- uInt hn = 0; /* hufts used in space */
- uIntf *v; /* work area for huft_build */
-
- /* allocate work area */
- if ((v = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL)
- return Z_MEM_ERROR;
-
- /* build literal/length tree */
- r = huft_build(c, nl, 257, cplens, cplext, tl, bl, hp, &hn, v);
- if (r != Z_OK || *bl == 0)
- {
- if (r == Z_DATA_ERROR)
- z->msg = (char*)"oversubscribed literal/length tree";
- else if (r != Z_MEM_ERROR)
- {
- z->msg = (char*)"incomplete literal/length tree";
- r = Z_DATA_ERROR;
- }
- ZFREE(z, v);
- return r;
- }
-
- /* build distance tree */
- r = huft_build(c + nl, nd, 0, cpdist, cpdext, td, bd, hp, &hn, v);
- if (r != Z_OK || (*bd == 0 && nl > 257))
- {
- if (r == Z_DATA_ERROR)
- z->msg = (char*)"oversubscribed distance tree";
- else if (r == Z_BUF_ERROR) {
-#ifdef PKZIP_BUG_WORKAROUND
- r = Z_OK;
- }
-#else
- z->msg = (char*)"incomplete distance tree";
- r = Z_DATA_ERROR;
- }
- else if (r != Z_MEM_ERROR)
- {
- z->msg = (char*)"empty distance tree with lengths";
- r = Z_DATA_ERROR;
- }
- ZFREE(z, v);
- return r;
-#endif
- }
-
- /* done */
- ZFREE(z, v);
- return Z_OK;
-}
-
-
-/* build fixed tables only once--keep them here */
-#ifdef BUILDFIXED
-local int fixed_built = 0;
-#define FIXEDH 544 /* number of hufts used by fixed tables */
-local inflate_huft fixed_mem[FIXEDH];
-local uInt fixed_bl;
-local uInt fixed_bd;
-local inflate_huft *fixed_tl;
-local inflate_huft *fixed_td;
-#else
-#include "inffixed.h"
-#endif
-
-
-int inflate_trees_fixed(bl, bd, tl, td, z)
-uIntf *bl; /* literal desired/actual bit depth */
-uIntf *bd; /* distance desired/actual bit depth */
-inflate_huft * FAR *tl; /* literal/length tree result */
-inflate_huft * FAR *td; /* distance tree result */
-z_streamp z; /* for memory allocation */
-{
-#ifdef BUILDFIXED
- /* build fixed tables if not already */
- if (!fixed_built)
- {
- int k; /* temporary variable */
- uInt f = 0; /* number of hufts used in fixed_mem */
- uIntf *c; /* length list for huft_build */
- uIntf *v; /* work area for huft_build */
-
- /* allocate memory */
- if ((c = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL)
- return Z_MEM_ERROR;
- if ((v = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL)
- {
- ZFREE(z, c);
- return Z_MEM_ERROR;
- }
-
- /* literal table */
- for (k = 0; k < 144; k++)
- c[k] = 8;
- for (; k < 256; k++)
- c[k] = 9;
- for (; k < 280; k++)
- c[k] = 7;
- for (; k < 288; k++)
- c[k] = 8;
- fixed_bl = 9;
- huft_build(c, 288, 257, cplens, cplext, &fixed_tl, &fixed_bl,
- fixed_mem, &f, v);
-
- /* distance table */
- for (k = 0; k < 30; k++)
- c[k] = 5;
- fixed_bd = 5;
- huft_build(c, 30, 0, cpdist, cpdext, &fixed_td, &fixed_bd,
- fixed_mem, &f, v);
-
- /* done */
- ZFREE(z, v);
- ZFREE(z, c);
- fixed_built = 1;
- }
-#endif
- *bl = fixed_bl;
- *bd = fixed_bd;
- *tl = fixed_tl;
- *td = fixed_td;
- return Z_OK;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* inftrees.h -- header to use inftrees.c
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-/* Huffman code lookup table entry--this entry is four bytes for machines
- that have 16-bit pointers (e.g. PC's in the small or medium model). */
-
-typedef struct inflate_huft_s FAR inflate_huft;
-
-struct inflate_huft_s {
- union {
- struct {
- Byte Exop; /* number of extra bits or operation */
- Byte Bits; /* number of bits in this code or subcode */
- } what;
- uInt pad; /* pad structure to a power of 2 (4 bytes for */
- } word; /* 16-bit, 8 bytes for 32-bit int's) */
- uInt base; /* literal, length base, distance base,
- or table offset */
-};
-
-/* Maximum size of dynamic tree. The maximum found in a long but non-
- exhaustive search was 1004 huft structures (850 for length/literals
- and 154 for distances, the latter actually the result of an
- exhaustive search). The actual maximum is not known, but the
- value below is more than safe. */
-#define MANY 1440
-
-extern int inflate_trees_bits OF((
- uIntf *, /* 19 code lengths */
- uIntf *, /* bits tree desired/actual depth */
- inflate_huft * FAR *, /* bits tree result */
- inflate_huft *, /* space for trees */
- z_streamp)); /* for messages */
-
-extern int inflate_trees_dynamic OF((
- uInt, /* number of literal/length codes */
- uInt, /* number of distance codes */
- uIntf *, /* that many (total) code lengths */
- uIntf *, /* literal desired/actual bit depth */
- uIntf *, /* distance desired/actual bit depth */
- inflate_huft * FAR *, /* literal/length tree result */
- inflate_huft * FAR *, /* distance tree result */
- inflate_huft *, /* space for trees */
- z_streamp)); /* for messages */
-
-extern int inflate_trees_fixed OF((
- uIntf *, /* literal desired/actual bit depth */
- uIntf *, /* distance desired/actual bit depth */
- inflate_huft * FAR *, /* literal/length tree result */
- inflate_huft * FAR *, /* distance tree result */
- z_streamp)); /* for memory allocation */
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* inflate_util.c -- data and routines common to blocks and codes
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-#include "zutil.h"
-#include "infblock.h"
-#include "inftrees.h"
-#include "infcodes.h"
-#include "infutil.h"
-
-struct inflate_codes_state {int dummy;}; /* for buggy compilers */
-
-/* And'ing with mask[n] masks the lower n bits */
-uInt inflate_mask[17] = {
- 0x0000,
- 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff,
- 0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff
-};
-
-
-/* copy as much as possible from the sliding window to the output area */
-int inflate_flush(s, z, r)
-inflate_blocks_statef *s;
-z_streamp z;
-int r;
-{
- uInt n;
- Bytef *p;
- Bytef *q;
-
- /* local copies of source and destination pointers */
- p = z->next_out;
- q = s->read;
-
- /* compute number of bytes to copy as far as end of window */
- n = (uInt)((q <= s->write ? s->write : s->end) - q);
- if (n > z->avail_out) n = z->avail_out;
- if (n && r == Z_BUF_ERROR) r = Z_OK;
-
- /* update counters */
- z->avail_out -= n;
- z->total_out += n;
-
- /* update check information */
- if (s->checkfn != Z_NULL)
- z->adler = s->check = (*s->checkfn)(s->check, q, n);
-
- /* copy as far as end of window */
- zmemcpy(p, q, n);
- p += n;
- q += n;
-
- /* see if more to copy at beginning of window */
- if (q == s->end)
- {
- /* wrap pointers */
- q = s->window;
- if (s->write == s->end)
- s->write = s->window;
-
- /* compute bytes to copy */
- n = (uInt)(s->write - q);
- if (n > z->avail_out) n = z->avail_out;
- if (n && r == Z_BUF_ERROR) r = Z_OK;
-
- /* update counters */
- z->avail_out -= n;
- z->total_out += n;
-
- /* update check information */
- if (s->checkfn != Z_NULL)
- z->adler = s->check = (*s->checkfn)(s->check, q, n);
-
- /* copy */
- zmemcpy(p, q, n);
- p += n;
- q += n;
- }
-
- /* update pointers */
- z->next_out = p;
- s->read = q;
-
- /* done */
- return r;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* infutil.h -- types and macros common to blocks and codes
- * Copyright (C) 1995-1998 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-#ifndef _INFUTIL_H
-#define _INFUTIL_H
-
-typedef enum {
- TYPE, /* get type bits (3, including end bit) */
- LENS, /* get lengths for stored */
- STORED, /* processing stored block */
- TABLE, /* get table lengths */
- BTREE, /* get bit lengths tree for a dynamic block */
- DTREE, /* get length, distance trees for a dynamic block */
- CODES, /* processing fixed or dynamic block */
- DRY, /* output remaining window bytes */
- DONE, /* finished last block, done */
- BAD} /* got a data error--stuck here */
-inflate_block_mode;
-
-/* inflate blocks semi-private state */
-struct inflate_blocks_state {
-
- /* mode */
- inflate_block_mode mode; /* current inflate_block mode */
-
- /* mode dependent information */
- union {
- uInt left; /* if STORED, bytes left to copy */
- struct {
- uInt table; /* table lengths (14 bits) */
- uInt index; /* index into blens (or border) */
- uIntf *blens; /* bit lengths of codes */
- uInt bb; /* bit length tree depth */
- inflate_huft *tb; /* bit length decoding tree */
- } trees; /* if DTREE, decoding info for trees */
- struct {
- inflate_codes_statef
- *codes;
- } decode; /* if CODES, current state */
- } sub; /* submode */
- uInt last; /* true if this block is the last block */
-
- /* mode independent information */
- uInt bitk; /* bits in bit buffer */
- uLong bitb; /* bit buffer */
- inflate_huft *hufts; /* single malloc for tree space */
- Bytef *window; /* sliding window */
- Bytef *end; /* one byte after sliding window */
- Bytef *read; /* window read pointer */
- Bytef *write; /* window write pointer */
- check_func checkfn; /* check function */
- uLong check; /* check on output */
-
-};
-
-
-/* defines for inflate input/output */
-/* update pointers and return */
-#define UPDBITS {s->bitb=b;s->bitk=k;}
-#define UPDIN {z->avail_in=n;z->total_in+=p-z->next_in;z->next_in=p;}
-#define UPDOUT {s->write=q;}
-#define UPDATE {UPDBITS UPDIN UPDOUT}
-#define LEAVE {UPDATE return inflate_flush(s,z,r);}
-/* get bytes and bits */
-#define LOADIN {p=z->next_in;n=z->avail_in;b=s->bitb;k=s->bitk;}
-#define NEEDBYTE {if(n)r=Z_OK;else LEAVE}
-#define NEXTBYTE (n--,*p++)
-#define NEEDBITS(j) {while(k<(j)){NEEDBYTE;b|=((uLong)NEXTBYTE)<<k;k+=8;}}
-#define DUMPBITS(j) {b>>=(j);k-=(j);}
-/* output bytes */
-#define WAVAIL (uInt)(q<s->read?s->read-q-1:s->end-q)
-#define LOADOUT {q=s->write;m=(uInt)WAVAIL;}
-#define WRAP {if(q==s->end&&s->read!=s->window){q=s->window;m=(uInt)WAVAIL;}}
-#define FLUSH {UPDOUT r=inflate_flush(s,z,r); LOADOUT}
-#define NEEDOUT {if(m==0){WRAP if(m==0){FLUSH WRAP if(m==0) LEAVE}}r=Z_OK;}
-#define OUTBYTE(a) {*q++=(Byte)(a);m--;}
-/* load local pointers */
-#define LOAD {LOADIN LOADOUT}
-
-/* masks for lower bits (size given to avoid silly warnings with Visual C++) */
-extern uInt inflate_mask[17];
-
-/* copy as much as possible from the sliding window to the output area */
-extern int inflate_flush OF((
- inflate_blocks_statef *,
- z_streamp ,
- int));
-
-struct internal_state {int dummy;}; /* for buggy compilers */
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* trees.c -- output deflated data using Huffman coding
- * Copyright (C) 1995-1998 Jean-loup Gailly
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/*
- * ALGORITHM
- *
- * The "deflation" process uses several Huffman trees. The more
- * common source values are represented by shorter bit sequences.
- *
- * Each code tree is stored in a compressed form which is itself
- * a Huffman encoding of the lengths of all the code strings (in
- * ascending order by source values). The actual code strings are
- * reconstructed from the lengths in the inflate process, as described
- * in the deflate specification.
- *
- * REFERENCES
- *
- * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification".
- * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc
- *
- * Storer, James A.
- * Data Compression: Methods and Theory, pp. 49-50.
- * Computer Science Press, 1988. ISBN 0-7167-8156-5.
- *
- * Sedgewick, R.
- * Algorithms, p290.
- * Addison-Wesley, 1983. ISBN 0-201-06672-6.
- */
-
-/* @(#) $Id: trees.c,v 1.1.1.1 2001/05/18 23:14:03 mb Exp $ */
-
-/* #define GEN_TREES_H */
-
-#include "deflate.h"
-
-#ifdef DEBUG
-# include <ctype.h>
-#endif
-
-/* ===========================================================================
- * Constants
- */
-
-#define MAX_BL_BITS 7
-/* Bit length codes must not exceed MAX_BL_BITS bits */
-
-#define END_BLOCK 256
-/* end of block literal code */
-
-#define REP_3_6 16
-/* repeat previous bit length 3-6 times (2 bits of repeat count) */
-
-#define REPZ_3_10 17
-/* repeat a zero length 3-10 times (3 bits of repeat count) */
-
-#define REPZ_11_138 18
-/* repeat a zero length 11-138 times (7 bits of repeat count) */
-
-local const int extra_lbits[LENGTH_CODES] /* extra bits for each length code */
- = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0};
-
-local const int extra_dbits[D_CODES] /* extra bits for each distance code */
- = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13};
-
-local const int extra_blbits[BL_CODES]/* extra bits for each bit length code */
- = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7};
-
-local const uch bl_order[BL_CODES]
- = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15};
-/* The lengths of the bit length codes are sent in order of decreasing
- * probability, to avoid transmitting the lengths for unused bit length codes.
- */
-
-#define Buf_size (8 * 2*sizeof(char))
-/* Number of bits used within bi_buf. (bi_buf might be implemented on
- * more than 16 bits on some systems.)
- */
-
-/* ===========================================================================
- * Local data. These are initialized only once.
- */
-
-#define DIST_CODE_LEN 512 /* see definition of array dist_code below */
-
-#if defined(GEN_TREES_H) || !defined(STDC)
-/* non ANSI compilers may not accept trees.h */
-
-local ct_data static_ltree[L_CODES+2];
-/* The static literal tree. Since the bit lengths are imposed, there is no
- * need for the L_CODES extra codes used during heap construction. However
- * The codes 286 and 287 are needed to build a canonical tree (see _tr_init
- * below).
- */
-
-local ct_data static_dtree[D_CODES];
-/* The static distance tree. (Actually a trivial tree since all codes use
- * 5 bits.)
- */
-
-uch _dist_code[DIST_CODE_LEN];
-/* Distance codes. The first 256 values correspond to the distances
- * 3 .. 258, the last 256 values correspond to the top 8 bits of
- * the 15 bit distances.
- */
-
-uch _length_code[MAX_MATCH-MIN_MATCH+1];
-/* length code for each normalized match length (0 == MIN_MATCH) */
-
-local int base_length[LENGTH_CODES];
-/* First normalized length for each code (0 = MIN_MATCH) */
-
-local int base_dist[D_CODES];
-/* First normalized distance for each code (0 = distance of 1) */
-
-#else
-# include "trees.h"
-#endif /* GEN_TREES_H */
-
-struct static_tree_desc_s {
- const ct_data *static_tree; /* static tree or NULL */
- const intf *extra_bits; /* extra bits for each code or NULL */
- int extra_base; /* base index for extra_bits */
- int elems; /* max number of elements in the tree */
- int max_length; /* max bit length for the codes */
-};
-
-local static_tree_desc static_l_desc =
-{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS};
-
-local static_tree_desc static_d_desc =
-{static_dtree, extra_dbits, 0, D_CODES, MAX_BITS};
-
-local static_tree_desc static_bl_desc =
-{(const ct_data *)0, extra_blbits, 0, BL_CODES, MAX_BL_BITS};
-
-/* ===========================================================================
- * Local (static) routines in this file.
- */
-
-local void tr_static_init OF((void));
-local void init_block OF((deflate_state *s));
-local void pqdownheap OF((deflate_state *s, ct_data *tree, int k));
-local void gen_bitlen OF((deflate_state *s, tree_desc *desc));
-local void gen_codes OF((ct_data *tree, int max_code, ushf *bl_count));
-local void build_tree OF((deflate_state *s, tree_desc *desc));
-local void scan_tree OF((deflate_state *s, ct_data *tree, int max_code));
-local void send_tree OF((deflate_state *s, ct_data *tree, int max_code));
-local int build_bl_tree OF((deflate_state *s));
-local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes,
- int blcodes));
-local void compress_block OF((deflate_state *s, ct_data *ltree,
- ct_data *dtree));
-local void set_data_type OF((deflate_state *s));
-local unsigned bi_reverse OF((unsigned value, int length));
-local void bi_windup OF((deflate_state *s));
-local void bi_flush OF((deflate_state *s));
-local void copy_block OF((deflate_state *s, charf *buf, unsigned len,
- int header));
-
-#ifdef GEN_TREES_H
-local void gen_trees_header OF((void));
-#endif
-
-#ifndef DEBUG
-# define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len)
- /* Send a code of the given tree. c and tree must not have side effects */
-
-#else /* DEBUG */
-# define send_code(s, c, tree) \
- { if (z_verbose>2) fprintf(stderr,"\ncd %3d ",(c)); \
- send_bits(s, tree[c].Code, tree[c].Len); }
-#endif
-
-/* ===========================================================================
- * Output a short LSB first on the stream.
- * IN assertion: there is enough room in pendingBuf.
- */
-#define put_short(s, w) { \
- put_byte(s, (uch)((w) & 0xff)); \
- put_byte(s, (uch)((ush)(w) >> 8)); \
-}
-
-/* ===========================================================================
- * Send a value on a given number of bits.
- * IN assertion: length <= 16 and value fits in length bits.
- */
-#ifdef DEBUG
-local void send_bits OF((deflate_state *s, int value, int length));
-
-local void send_bits(s, value, length)
- deflate_state *s;
- int value; /* value to send */
- int length; /* number of bits */
-{
- Tracevv((stderr," l %2d v %4x ", length, value));
- Assert(length > 0 && length <= 15, "invalid length");
- s->bits_sent += (ulg)length;
-
- /* If not enough room in bi_buf, use (valid) bits from bi_buf and
- * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid))
- * unused bits in value.
- */
- if (s->bi_valid > (int)Buf_size - length) {
- s->bi_buf |= (value << s->bi_valid);
- put_short(s, s->bi_buf);
- s->bi_buf = (ush)value >> (Buf_size - s->bi_valid);
- s->bi_valid += length - Buf_size;
- } else {
- s->bi_buf |= value << s->bi_valid;
- s->bi_valid += length;
- }
-}
-#else /* !DEBUG */
-
-#define send_bits(s, value, length) \
-{ int len = length;\
- if (s->bi_valid > (int)Buf_size - len) {\
- int val = value;\
- s->bi_buf |= (val << s->bi_valid);\
- put_short(s, s->bi_buf);\
- s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\
- s->bi_valid += len - Buf_size;\
- } else {\
- s->bi_buf |= (value) << s->bi_valid;\
- s->bi_valid += len;\
- }\
-}
-#endif /* DEBUG */
-
-
-#define MAX(a,b) (a >= b ? a : b)
-/* the arguments must not have side effects */
-
-/* ===========================================================================
- * Initialize the various 'constant' tables.
- */
-local void tr_static_init()
-{
-#if defined(GEN_TREES_H) || !defined(STDC)
- static int static_init_done = 0;
- int n; /* iterates over tree elements */
- int bits; /* bit counter */
- int length; /* length value */
- int code; /* code value */
- int dist; /* distance index */
- ush bl_count[MAX_BITS+1];
- /* number of codes at each bit length for an optimal tree */
-
- if (static_init_done) return;
-
- /* For some embedded targets, global variables are not initialized: */
- static_l_desc.static_tree = static_ltree;
- static_l_desc.extra_bits = extra_lbits;
- static_d_desc.static_tree = static_dtree;
- static_d_desc.extra_bits = extra_dbits;
- static_bl_desc.extra_bits = extra_blbits;
-
- /* Initialize the mapping length (0..255) -> length code (0..28) */
- length = 0;
- for (code = 0; code < LENGTH_CODES-1; code++) {
- base_length[code] = length;
- for (n = 0; n < (1<<extra_lbits[code]); n++) {
- _length_code[length++] = (uch)code;
- }
- }
- Assert (length == 256, "tr_static_init: length != 256");
- /* Note that the length 255 (match length 258) can be represented
- * in two different ways: code 284 + 5 bits or code 285, so we
- * overwrite length_code[255] to use the best encoding:
- */
- _length_code[length-1] = (uch)code;
-
- /* Initialize the mapping dist (0..32K) -> dist code (0..29) */
- dist = 0;
- for (code = 0 ; code < 16; code++) {
- base_dist[code] = dist;
- for (n = 0; n < (1<<extra_dbits[code]); n++) {
- _dist_code[dist++] = (uch)code;
- }
- }
- Assert (dist == 256, "tr_static_init: dist != 256");
- dist >>= 7; /* from now on, all distances are divided by 128 */
- for ( ; code < D_CODES; code++) {
- base_dist[code] = dist << 7;
- for (n = 0; n < (1<<(extra_dbits[code]-7)); n++) {
- _dist_code[256 + dist++] = (uch)code;
- }
- }
- Assert (dist == 256, "tr_static_init: 256+dist != 512");
-
- /* Construct the codes of the static literal tree */
- for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0;
- n = 0;
- while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++;
- while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++;
- while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++;
- while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++;
- /* Codes 286 and 287 do not exist, but we must include them in the
- * tree construction to get a canonical Huffman tree (longest code
- * all ones)
- */
- gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count);
-
- /* The static distance tree is trivial: */
- for (n = 0; n < D_CODES; n++) {
- static_dtree[n].Len = 5;
- static_dtree[n].Code = bi_reverse((unsigned)n, 5);
- }
- static_init_done = 1;
-
-# ifdef GEN_TREES_H
- gen_trees_header();
-# endif
-#endif /* defined(GEN_TREES_H) || !defined(STDC) */
-}
-
-/* ===========================================================================
- * Genererate the file trees.h describing the static trees.
- */
-#ifdef GEN_TREES_H
-# ifndef DEBUG
-# include <stdio.h>
-# endif
-
-# define SEPARATOR(i, last, width) \
- ((i) == (last)? "\n};\n\n" : \
- ((i) % (width) == (width)-1 ? ",\n" : ", "))
-
-void gen_trees_header()
-{
- FILE *header = fopen("trees.h", "w");
- int i;
-
- Assert (header != NULL, "Can't open trees.h");
- fprintf(header,
- "/* header created automatically with -DGEN_TREES_H */\n\n");
-
- fprintf(header, "local const ct_data static_ltree[L_CODES+2] = {\n");
- for (i = 0; i < L_CODES+2; i++) {
- fprintf(header, "{{%3u},{%3u}}%s", static_ltree[i].Code,
- static_ltree[i].Len, SEPARATOR(i, L_CODES+1, 5));
- }
-
- fprintf(header, "local const ct_data static_dtree[D_CODES] = {\n");
- for (i = 0; i < D_CODES; i++) {
- fprintf(header, "{{%2u},{%2u}}%s", static_dtree[i].Code,
- static_dtree[i].Len, SEPARATOR(i, D_CODES-1, 5));
- }
-
- fprintf(header, "const uch _dist_code[DIST_CODE_LEN] = {\n");
- for (i = 0; i < DIST_CODE_LEN; i++) {
- fprintf(header, "%2u%s", _dist_code[i],
- SEPARATOR(i, DIST_CODE_LEN-1, 20));
- }
-
- fprintf(header, "const uch _length_code[MAX_MATCH-MIN_MATCH+1]= {\n");
- for (i = 0; i < MAX_MATCH-MIN_MATCH+1; i++) {
- fprintf(header, "%2u%s", _length_code[i],
- SEPARATOR(i, MAX_MATCH-MIN_MATCH, 20));
- }
-
- fprintf(header, "local const int base_length[LENGTH_CODES] = {\n");
- for (i = 0; i < LENGTH_CODES; i++) {
- fprintf(header, "%1u%s", base_length[i],
- SEPARATOR(i, LENGTH_CODES-1, 20));
- }
-
- fprintf(header, "local const int base_dist[D_CODES] = {\n");
- for (i = 0; i < D_CODES; i++) {
- fprintf(header, "%5u%s", base_dist[i],
- SEPARATOR(i, D_CODES-1, 10));
- }
-
- fclose(header);
-}
-#endif /* GEN_TREES_H */
-
-/* ===========================================================================
- * Initialize the tree data structures for a new zlib stream.
- */
-void _tr_init(s)
- deflate_state *s;
-{
- tr_static_init();
-
- s->l_desc.dyn_tree = s->dyn_ltree;
- s->l_desc.stat_desc = &static_l_desc;
-
- s->d_desc.dyn_tree = s->dyn_dtree;
- s->d_desc.stat_desc = &static_d_desc;
-
- s->bl_desc.dyn_tree = s->bl_tree;
- s->bl_desc.stat_desc = &static_bl_desc;
-
- s->bi_buf = 0;
- s->bi_valid = 0;
- s->last_eob_len = 8; /* enough lookahead for inflate */
-#ifdef DEBUG
- s->compressed_len = 0L;
- s->bits_sent = 0L;
-#endif
-
- /* Initialize the first block of the first file: */
- init_block(s);
-}
-
-/* ===========================================================================
- * Initialize a new block.
- */
-local void init_block(s)
- deflate_state *s;
-{
- int n; /* iterates over tree elements */
-
- /* Initialize the trees. */
- for (n = 0; n < L_CODES; n++) s->dyn_ltree[n].Freq = 0;
- for (n = 0; n < D_CODES; n++) s->dyn_dtree[n].Freq = 0;
- for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0;
-
- s->dyn_ltree[END_BLOCK].Freq = 1;
- s->opt_len = s->static_len = 0L;
- s->last_lit = s->matches = 0;
-}
-
-#define SMALLEST 1
-/* Index within the heap array of least frequent node in the Huffman tree */
-
-
-/* ===========================================================================
- * Remove the smallest element from the heap and recreate the heap with
- * one less element. Updates heap and heap_len.
- */
-#define pqremove(s, tree, top) \
-{\
- top = s->heap[SMALLEST]; \
- s->heap[SMALLEST] = s->heap[s->heap_len--]; \
- pqdownheap(s, tree, SMALLEST); \
-}
-
-/* ===========================================================================
- * Compares to subtrees, using the tree depth as tie breaker when
- * the subtrees have equal frequency. This minimizes the worst case length.
- */
-#define smaller(tree, n, m, depth) \
- (tree[n].Freq < tree[m].Freq || \
- (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m]))
-
-/* ===========================================================================
- * Restore the heap property by moving down the tree starting at node k,
- * exchanging a node with the smallest of its two sons if necessary, stopping
- * when the heap property is re-established (each father smaller than its
- * two sons).
- */
-local void pqdownheap(s, tree, k)
- deflate_state *s;
- ct_data *tree; /* the tree to restore */
- int k; /* node to move down */
-{
- int v = s->heap[k];
- int j = k << 1; /* left son of k */
- while (j <= s->heap_len) {
- /* Set j to the smallest of the two sons: */
- if (j < s->heap_len &&
- smaller(tree, s->heap[j+1], s->heap[j], s->depth)) {
- j++;
- }
- /* Exit if v is smaller than both sons */
- if (smaller(tree, v, s->heap[j], s->depth)) break;
-
- /* Exchange v with the smallest son */
- s->heap[k] = s->heap[j]; k = j;
-
- /* And continue down the tree, setting j to the left son of k */
- j <<= 1;
- }
- s->heap[k] = v;
-}
-
-/* ===========================================================================
- * Compute the optimal bit lengths for a tree and update the total bit length
- * for the current block.
- * IN assertion: the fields freq and dad are set, heap[heap_max] and
- * above are the tree nodes sorted by increasing frequency.
- * OUT assertions: the field len is set to the optimal bit length, the
- * array bl_count contains the frequencies for each bit length.
- * The length opt_len is updated; static_len is also updated if stree is
- * not null.
- */
-local void gen_bitlen(s, desc)
- deflate_state *s;
- tree_desc *desc; /* the tree descriptor */
-{
- ct_data *tree = desc->dyn_tree;
- int max_code = desc->max_code;
- const ct_data *stree = desc->stat_desc->static_tree;
- const intf *extra = desc->stat_desc->extra_bits;
- int base = desc->stat_desc->extra_base;
- int max_length = desc->stat_desc->max_length;
- int h; /* heap index */
- int n, m; /* iterate over the tree elements */
- int bits; /* bit length */
- int xbits; /* extra bits */
- ush f; /* frequency */
- int overflow = 0; /* number of elements with bit length too large */
-
- for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0;
-
- /* In a first pass, compute the optimal bit lengths (which may
- * overflow in the case of the bit length tree).
- */
- tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */
-
- for (h = s->heap_max+1; h < HEAP_SIZE; h++) {
- n = s->heap[h];
- bits = tree[tree[n].Dad].Len + 1;
- if (bits > max_length) bits = max_length, overflow++;
- tree[n].Len = (ush)bits;
- /* We overwrite tree[n].Dad which is no longer needed */
-
- if (n > max_code) continue; /* not a leaf node */
-
- s->bl_count[bits]++;
- xbits = 0;
- if (n >= base) xbits = extra[n-base];
- f = tree[n].Freq;
- s->opt_len += (ulg)f * (bits + xbits);
- if (stree) s->static_len += (ulg)f * (stree[n].Len + xbits);
- }
- if (overflow == 0) return;
-
- Trace((stderr,"\nbit length overflow\n"));
- /* This happens for example on obj2 and pic of the Calgary corpus */
-
- /* Find the first bit length which could increase: */
- do {
- bits = max_length-1;
- while (s->bl_count[bits] == 0) bits--;
- s->bl_count[bits]--; /* move one leaf down the tree */
- s->bl_count[bits+1] += 2; /* move one overflow item as its brother */
- s->bl_count[max_length]--;
- /* The brother of the overflow item also moves one step up,
- * but this does not affect bl_count[max_length]
- */
- overflow -= 2;
- } while (overflow > 0);
-
- /* Now recompute all bit lengths, scanning in increasing frequency.
- * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all
- * lengths instead of fixing only the wrong ones. This idea is taken
- * from 'ar' written by Haruhiko Okumura.)
- */
- for (bits = max_length; bits != 0; bits--) {
- n = s->bl_count[bits];
- while (n != 0) {
- m = s->heap[--h];
- if (m > max_code) continue;
- if (tree[m].Len != (unsigned) bits) {
- Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits));
- s->opt_len += ((long)bits - (long)tree[m].Len)
- *(long)tree[m].Freq;
- tree[m].Len = (ush)bits;
- }
- n--;
- }
- }
-}
-
-/* ===========================================================================
- * Generate the codes for a given tree and bit counts (which need not be
- * optimal).
- * IN assertion: the array bl_count contains the bit length statistics for
- * the given tree and the field len is set for all tree elements.
- * OUT assertion: the field code is set for all tree elements of non
- * zero code length.
- */
-local void gen_codes (tree, max_code, bl_count)
- ct_data *tree; /* the tree to decorate */
- int max_code; /* largest code with non zero frequency */
- ushf *bl_count; /* number of codes at each bit length */
-{
- ush next_code[MAX_BITS+1]; /* next code value for each bit length */
- ush code = 0; /* running code value */
- int bits; /* bit index */
- int n; /* code index */
-
- /* The distribution counts are first used to generate the code values
- * without bit reversal.
- */
- for (bits = 1; bits <= MAX_BITS; bits++) {
- next_code[bits] = code = (code + bl_count[bits-1]) << 1;
- }
- /* Check that the bit counts in bl_count are consistent. The last code
- * must be all ones.
- */
- Assert (code + bl_count[MAX_BITS]-1 == (1<<MAX_BITS)-1,
- "inconsistent bit counts");
- Tracev((stderr,"\ngen_codes: max_code %d ", max_code));
-
- for (n = 0; n <= max_code; n++) {
- int len = tree[n].Len;
- if (len == 0) continue;
- /* Now reverse the bits */
- tree[n].Code = bi_reverse(next_code[len]++, len);
-
- Tracecv(tree != static_ltree, (stderr,"\nn %3d %c l %2d c %4x (%x) ",
- n, (isgraph(n) ? n : ' '), len, tree[n].Code, next_code[len]-1));
- }
-}
-
-/* ===========================================================================
- * Construct one Huffman tree and assigns the code bit strings and lengths.
- * Update the total bit length for the current block.
- * IN assertion: the field freq is set for all tree elements.
- * OUT assertions: the fields len and code are set to the optimal bit length
- * and corresponding code. The length opt_len is updated; static_len is
- * also updated if stree is not null. The field max_code is set.
- */
-local void build_tree(s, desc)
- deflate_state *s;
- tree_desc *desc; /* the tree descriptor */
-{
- ct_data *tree = desc->dyn_tree;
- const ct_data *stree = desc->stat_desc->static_tree;
- int elems = desc->stat_desc->elems;
- int n, m; /* iterate over heap elements */
- int max_code = -1; /* largest code with non zero frequency */
- int node; /* new node being created */
-
- /* Construct the initial heap, with least frequent element in
- * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1].
- * heap[0] is not used.
- */
- s->heap_len = 0, s->heap_max = HEAP_SIZE;
-
- for (n = 0; n < elems; n++) {
- if (tree[n].Freq != 0) {
- s->heap[++(s->heap_len)] = max_code = n;
- s->depth[n] = 0;
- } else {
- tree[n].Len = 0;
- }
- }
-
- /* The pkzip format requires that at least one distance code exists,
- * and that at least one bit should be sent even if there is only one
- * possible code. So to avoid special checks later on we force at least
- * two codes of non zero frequency.
- */
- while (s->heap_len < 2) {
- node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0);
- tree[node].Freq = 1;
- s->depth[node] = 0;
- s->opt_len--; if (stree) s->static_len -= stree[node].Len;
- /* node is 0 or 1 so it does not have extra bits */
- }
- desc->max_code = max_code;
-
- /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree,
- * establish sub-heaps of increasing lengths:
- */
- for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n);
-
- /* Construct the Huffman tree by repeatedly combining the least two
- * frequent nodes.
- */
- node = elems; /* next internal node of the tree */
- do {
- pqremove(s, tree, n); /* n = node of least frequency */
- m = s->heap[SMALLEST]; /* m = node of next least frequency */
-
- s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */
- s->heap[--(s->heap_max)] = m;
-
- /* Create a new node father of n and m */
- tree[node].Freq = tree[n].Freq + tree[m].Freq;
- s->depth[node] = (uch) (MAX(s->depth[n], s->depth[m]) + 1);
- tree[n].Dad = tree[m].Dad = (ush)node;
-#ifdef DUMP_BL_TREE
- if (tree == s->bl_tree) {
- fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)",
- node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq);
- }
-#endif
- /* and insert the new node in the heap */
- s->heap[SMALLEST] = node++;
- pqdownheap(s, tree, SMALLEST);
-
- } while (s->heap_len >= 2);
-
- s->heap[--(s->heap_max)] = s->heap[SMALLEST];
-
- /* At this point, the fields freq and dad are set. We can now
- * generate the bit lengths.
- */
- gen_bitlen(s, (tree_desc *)desc);
-
- /* The field len is now set, we can generate the bit codes */
- gen_codes ((ct_data *)tree, max_code, s->bl_count);
-}
-
-/* ===========================================================================
- * Scan a literal or distance tree to determine the frequencies of the codes
- * in the bit length tree.
- */
-local void scan_tree (s, tree, max_code)
- deflate_state *s;
- ct_data *tree; /* the tree to be scanned */
- int max_code; /* and its largest code of non zero frequency */
-{
- int n; /* iterates over all tree elements */
- int prevlen = -1; /* last emitted length */
- int curlen; /* length of current code */
- int nextlen = tree[0].Len; /* length of next code */
- int count = 0; /* repeat count of the current code */
- int max_count = 7; /* max repeat count */
- int min_count = 4; /* min repeat count */
-
- if (nextlen == 0) max_count = 138, min_count = 3;
- tree[max_code+1].Len = (ush)0xffff; /* guard */
-
- for (n = 0; n <= max_code; n++) {
- curlen = nextlen; nextlen = tree[n+1].Len;
- if (++count < max_count && curlen == nextlen) {
- continue;
- } else if (count < min_count) {
- s->bl_tree[curlen].Freq += count;
- } else if (curlen != 0) {
- if (curlen != prevlen) s->bl_tree[curlen].Freq++;
- s->bl_tree[REP_3_6].Freq++;
- } else if (count <= 10) {
- s->bl_tree[REPZ_3_10].Freq++;
- } else {
- s->bl_tree[REPZ_11_138].Freq++;
- }
- count = 0; prevlen = curlen;
- if (nextlen == 0) {
- max_count = 138, min_count = 3;
- } else if (curlen == nextlen) {
- max_count = 6, min_count = 3;
- } else {
- max_count = 7, min_count = 4;
- }
- }
-}
-
-/* ===========================================================================
- * Send a literal or distance tree in compressed form, using the codes in
- * bl_tree.
- */
-local void send_tree (s, tree, max_code)
- deflate_state *s;
- ct_data *tree; /* the tree to be scanned */
- int max_code; /* and its largest code of non zero frequency */
-{
- int n; /* iterates over all tree elements */
- int prevlen = -1; /* last emitted length */
- int curlen; /* length of current code */
- int nextlen = tree[0].Len; /* length of next code */
- int count = 0; /* repeat count of the current code */
- int max_count = 7; /* max repeat count */
- int min_count = 4; /* min repeat count */
-
- /* tree[max_code+1].Len = -1; */ /* guard already set */
- if (nextlen == 0) max_count = 138, min_count = 3;
-
- for (n = 0; n <= max_code; n++) {
- curlen = nextlen; nextlen = tree[n+1].Len;
- if (++count < max_count && curlen == nextlen) {
- continue;
- } else if (count < min_count) {
- do { send_code(s, curlen, s->bl_tree); } while (--count != 0);
-
- } else if (curlen != 0) {
- if (curlen != prevlen) {
- send_code(s, curlen, s->bl_tree); count--;
- }
- Assert(count >= 3 && count <= 6, " 3_6?");
- send_code(s, REP_3_6, s->bl_tree); send_bits(s, count-3, 2);
-
- } else if (count <= 10) {
- send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count-3, 3);
-
- } else {
- send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count-11, 7);
- }
- count = 0; prevlen = curlen;
- if (nextlen == 0) {
- max_count = 138, min_count = 3;
- } else if (curlen == nextlen) {
- max_count = 6, min_count = 3;
- } else {
- max_count = 7, min_count = 4;
- }
- }
-}
-
-/* ===========================================================================
- * Construct the Huffman tree for the bit lengths and return the index in
- * bl_order of the last bit length code to send.
- */
-local int build_bl_tree(s)
- deflate_state *s;
-{
- int max_blindex; /* index of last bit length code of non zero freq */
-
- /* Determine the bit length frequencies for literal and distance trees */
- scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code);
- scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code);
-
- /* Build the bit length tree: */
- build_tree(s, (tree_desc *)(&(s->bl_desc)));
- /* opt_len now includes the length of the tree representations, except
- * the lengths of the bit lengths codes and the 5+5+4 bits for the counts.
- */
-
- /* Determine the number of bit length codes to send. The pkzip format
- * requires that at least 4 bit length codes be sent. (appnote.txt says
- * 3 but the actual value used is 4.)
- */
- for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) {
- if (s->bl_tree[bl_order[max_blindex]].Len != 0) break;
- }
- /* Update opt_len to include the bit length tree and counts */
- s->opt_len += 3*(max_blindex+1) + 5+5+4;
- Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld",
- s->opt_len, s->static_len));
-
- return max_blindex;
-}
-
-/* ===========================================================================
- * Send the header for a block using dynamic Huffman trees: the counts, the
- * lengths of the bit length codes, the literal tree and the distance tree.
- * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.
- */
-local void send_all_trees(s, lcodes, dcodes, blcodes)
- deflate_state *s;
- int lcodes, dcodes, blcodes; /* number of codes for each tree */
-{
- int rank; /* index in bl_order */
-
- Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes");
- Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,
- "too many codes");
- Tracev((stderr, "\nbl counts: "));
- send_bits(s, lcodes-257, 5); /* not +255 as stated in appnote.txt */
- send_bits(s, dcodes-1, 5);
- send_bits(s, blcodes-4, 4); /* not -3 as stated in appnote.txt */
- for (rank = 0; rank < blcodes; rank++) {
- Tracev((stderr, "\nbl code %2d ", bl_order[rank]));
- send_bits(s, s->bl_tree[bl_order[rank]].Len, 3);
- }
- Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent));
-
- send_tree(s, (ct_data *)s->dyn_ltree, lcodes-1); /* literal tree */
- Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent));
-
- send_tree(s, (ct_data *)s->dyn_dtree, dcodes-1); /* distance tree */
- Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent));
-}
-
-/* ===========================================================================
- * Send a stored block
- */
-void _tr_stored_block(s, buf, stored_len, eof)
- deflate_state *s;
- charf *buf; /* input block */
- ulg stored_len; /* length of input block */
- int eof; /* true if this is the last block for a file */
-{
- send_bits(s, (STORED_BLOCK<<1)+eof, 3); /* send block type */
-#ifdef DEBUG
- s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L;
- s->compressed_len += (stored_len + 4) << 3;
-#endif
- copy_block(s, buf, (unsigned)stored_len, 1); /* with header */
-}
-
-/* ===========================================================================
- * Send one empty static block to give enough lookahead for inflate.
- * This takes 10 bits, of which 7 may remain in the bit buffer.
- * The current inflate code requires 9 bits of lookahead. If the
- * last two codes for the previous block (real code plus EOB) were coded
- * on 5 bits or less, inflate may have only 5+3 bits of lookahead to decode
- * the last real code. In this case we send two empty static blocks instead
- * of one. (There are no problems if the previous block is stored or fixed.)
- * To simplify the code, we assume the worst case of last real code encoded
- * on one bit only.
- */
-void _tr_align(s)
- deflate_state *s;
-{
- send_bits(s, STATIC_TREES<<1, 3);
- send_code(s, END_BLOCK, static_ltree);
-#ifdef DEBUG
- s->compressed_len += 10L; /* 3 for block type, 7 for EOB */
-#endif
- bi_flush(s);
- /* Of the 10 bits for the empty block, we have already sent
- * (10 - bi_valid) bits. The lookahead for the last real code (before
- * the EOB of the previous block) was thus at least one plus the length
- * of the EOB plus what we have just sent of the empty static block.
- */
- if (1 + s->last_eob_len + 10 - s->bi_valid < 9) {
- send_bits(s, STATIC_TREES<<1, 3);
- send_code(s, END_BLOCK, static_ltree);
-#ifdef DEBUG
- s->compressed_len += 10L;
-#endif
- bi_flush(s);
- }
- s->last_eob_len = 7;
-}
-
-/* ===========================================================================
- * Determine the best encoding for the current block: dynamic trees, static
- * trees or store, and output the encoded block to the zip file.
- */
-void _tr_flush_block(s, buf, stored_len, eof)
- deflate_state *s;
- charf *buf; /* input block, or NULL if too old */
- ulg stored_len; /* length of input block */
- int eof; /* true if this is the last block for a file */
-{
- ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */
- int max_blindex = 0; /* index of last bit length code of non zero freq */
-
- /* Build the Huffman trees unless a stored block is forced */
- if (s->level > 0) {
-
- /* Check if the file is ascii or binary */
- if (s->data_type == Z_UNKNOWN) set_data_type(s);
-
- /* Construct the literal and distance trees */
- build_tree(s, (tree_desc *)(&(s->l_desc)));
- Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len,
- s->static_len));
-
- build_tree(s, (tree_desc *)(&(s->d_desc)));
- Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len,
- s->static_len));
- /* At this point, opt_len and static_len are the total bit lengths of
- * the compressed block data, excluding the tree representations.
- */
-
- /* Build the bit length tree for the above two trees, and get the index
- * in bl_order of the last bit length code to send.
- */
- max_blindex = build_bl_tree(s);
-
- /* Determine the best encoding. Compute first the block length in bytes*/
- opt_lenb = (s->opt_len+3+7)>>3;
- static_lenb = (s->static_len+3+7)>>3;
-
- Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
- opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
- s->last_lit));
-
- if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
-
- } else {
- Assert(buf != (char*)0, "lost buf");
- opt_lenb = static_lenb = stored_len + 5; /* force a stored block */
- }
-
-#ifdef FORCE_STORED
- if (buf != (char*)0) { /* force stored block */
-#else
- if (stored_len+4 <= opt_lenb && buf != (char*)0) {
- /* 4: two words for the lengths */
-#endif
- /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.
- * Otherwise we can't have processed more than WSIZE input bytes since
- * the last block flush, because compression would have been
- * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to
- * transform a block into a stored block.
- */
- _tr_stored_block(s, buf, stored_len, eof);
-
-#ifdef FORCE_STATIC
- } else if (static_lenb >= 0) { /* force static trees */
-#else
- } else if (static_lenb == opt_lenb) {
-#endif
- send_bits(s, (STATIC_TREES<<1)+eof, 3);
- compress_block(s, (ct_data *)static_ltree, (ct_data *)static_dtree);
-#ifdef DEBUG
- s->compressed_len += 3 + s->static_len;
-#endif
- } else {
- send_bits(s, (DYN_TREES<<1)+eof, 3);
- send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1,
- max_blindex+1);
- compress_block(s, (ct_data *)s->dyn_ltree, (ct_data *)s->dyn_dtree);
-#ifdef DEBUG
- s->compressed_len += 3 + s->opt_len;
-#endif
- }
- Assert (s->compressed_len == s->bits_sent, "bad compressed size");
- /* The above check is made mod 2^32, for files larger than 512 MB
- * and uLong implemented on 32 bits.
- */
- init_block(s);
-
- if (eof) {
- bi_windup(s);
-#ifdef DEBUG
- s->compressed_len += 7; /* align on byte boundary */
-#endif
- }
- Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3,
- s->compressed_len-7*eof));
-}
-
-/* ===========================================================================
- * Save the match info and tally the frequency counts. Return true if
- * the current block must be flushed.
- */
-int _tr_tally (s, dist, lc)
- deflate_state *s;
- unsigned dist; /* distance of matched string */
- unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */
-{
- s->d_buf[s->last_lit] = (ush)dist;
- s->l_buf[s->last_lit++] = (uch)lc;
- if (dist == 0) {
- /* lc is the unmatched char */
- s->dyn_ltree[lc].Freq++;
- } else {
- s->matches++;
- /* Here, lc is the match length - MIN_MATCH */
- dist--; /* dist = match distance - 1 */
- Assert((ush)dist < (ush)MAX_DIST(s) &&
- (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&
- (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match");
-
- s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++;
- s->dyn_dtree[d_code(dist)].Freq++;
- }
-
-#ifdef TRUNCATE_BLOCK
- /* Try to guess if it is profitable to stop the current block here */
- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) {
- /* Compute an upper bound for the compressed length */
- ulg out_length = (ulg)s->last_lit*8L;
- ulg in_length = (ulg)((long)s->strstart - s->block_start);
- int dcode;
- for (dcode = 0; dcode < D_CODES; dcode++) {
- out_length += (ulg)s->dyn_dtree[dcode].Freq *
- (5L+extra_dbits[dcode]);
- }
- out_length >>= 3;
- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
- s->last_lit, in_length, out_length,
- 100L - out_length*100L/in_length));
- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
- }
-#endif
- return (s->last_lit == s->lit_bufsize-1);
- /* We avoid equality with lit_bufsize because of wraparound at 64K
- * on 16 bit machines and because stored blocks are restricted to
- * 64K-1 bytes.
- */
-}
-
-/* ===========================================================================
- * Send the block data compressed using the given Huffman trees
- */
-local void compress_block(s, ltree, dtree)
- deflate_state *s;
- ct_data *ltree; /* literal tree */
- ct_data *dtree; /* distance tree */
-{
- unsigned dist; /* distance of matched string */
- int lc; /* match length or unmatched char (if dist == 0) */
- unsigned lx = 0; /* running index in l_buf */
- unsigned code; /* the code to send */
- int extra; /* number of extra bits to send */
-
- if (s->last_lit != 0) do {
- dist = s->d_buf[lx];
- lc = s->l_buf[lx++];
- if (dist == 0) {
- send_code(s, lc, ltree); /* send a literal byte */
- Tracecv(isgraph(lc), (stderr," '%c' ", lc));
- } else {
- /* Here, lc is the match length - MIN_MATCH */
- code = _length_code[lc];
- send_code(s, code+LITERALS+1, ltree); /* send the length code */
- extra = extra_lbits[code];
- if (extra != 0) {
- lc -= base_length[code];
- send_bits(s, lc, extra); /* send the extra length bits */
- }
- dist--; /* dist is now the match distance - 1 */
- code = d_code(dist);
- Assert (code < D_CODES, "bad d_code");
-
- send_code(s, code, dtree); /* send the distance code */
- extra = extra_dbits[code];
- if (extra != 0) {
- dist -= base_dist[code];
- send_bits(s, dist, extra); /* send the extra distance bits */
- }
- } /* literal or match pair ? */
-
- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
- Assert(s->pending < s->lit_bufsize + 2*lx, "pendingBuf overflow");
-
- } while (lx < s->last_lit);
-
- send_code(s, END_BLOCK, ltree);
- s->last_eob_len = ltree[END_BLOCK].Len;
-}
-
-/* ===========================================================================
- * Set the data type to ASCII or BINARY, using a crude approximation:
- * binary if more than 20% of the bytes are <= 6 or >= 128, ascii otherwise.
- * IN assertion: the fields freq of dyn_ltree are set and the total of all
- * frequencies does not exceed 64K (to fit in an int on 16 bit machines).
- */
-local void set_data_type(s)
- deflate_state *s;
-{
- int n = 0;
- unsigned ascii_freq = 0;
- unsigned bin_freq = 0;
- while (n < 7) bin_freq += s->dyn_ltree[n++].Freq;
- while (n < 128) ascii_freq += s->dyn_ltree[n++].Freq;
- while (n < LITERALS) bin_freq += s->dyn_ltree[n++].Freq;
- s->data_type = (Byte)(bin_freq > (ascii_freq >> 2) ? Z_BINARY : Z_ASCII);
-}
-
-/* ===========================================================================
- * Reverse the first len bits of a code, using straightforward code (a faster
- * method would use a table)
- * IN assertion: 1 <= len <= 15
- */
-local unsigned bi_reverse(code, len)
- unsigned code; /* the value to invert */
- int len; /* its bit length */
-{
- register unsigned res = 0;
- do {
- res |= code & 1;
- code >>= 1, res <<= 1;
- } while (--len > 0);
- return res >> 1;
-}
-
-/* ===========================================================================
- * Flush the bit buffer, keeping at most 7 bits in it.
- */
-local void bi_flush(s)
- deflate_state *s;
-{
- if (s->bi_valid == 16) {
- put_short(s, s->bi_buf);
- s->bi_buf = 0;
- s->bi_valid = 0;
- } else if (s->bi_valid >= 8) {
- put_byte(s, (Byte)s->bi_buf);
- s->bi_buf >>= 8;
- s->bi_valid -= 8;
- }
-}
-
-/* ===========================================================================
- * Flush the bit buffer and align the output on a byte boundary
- */
-local void bi_windup(s)
- deflate_state *s;
-{
- if (s->bi_valid > 8) {
- put_short(s, s->bi_buf);
- } else if (s->bi_valid > 0) {
- put_byte(s, (Byte)s->bi_buf);
- }
- s->bi_buf = 0;
- s->bi_valid = 0;
-#ifdef DEBUG
- s->bits_sent = (s->bits_sent+7) & ~7;
-#endif
-}
-
-/* ===========================================================================
- * Copy a stored block, storing first the length and its
- * one's complement if requested.
- */
-local void copy_block(s, buf, len, header)
- deflate_state *s;
- charf *buf; /* the input data */
- unsigned len; /* its length */
- int header; /* true if block header must be written */
-{
- bi_windup(s); /* align on byte boundary */
- s->last_eob_len = 8; /* enough lookahead for inflate */
-
- if (header) {
- put_short(s, (ush)len);
- put_short(s, (ush)~len);
-#ifdef DEBUG
- s->bits_sent += 2*16;
-#endif
- }
-#ifdef DEBUG
- s->bits_sent += (ulg)len<<3;
-#endif
- while (len--) {
- put_byte(s, *buf++);
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* header created automatically with -DGEN_TREES_H */
-
-local const ct_data static_ltree[L_CODES+2] = {
-{{ 12},{ 8}}, {{140},{ 8}}, {{ 76},{ 8}}, {{204},{ 8}}, {{ 44},{ 8}},
-{{172},{ 8}}, {{108},{ 8}}, {{236},{ 8}}, {{ 28},{ 8}}, {{156},{ 8}},
-{{ 92},{ 8}}, {{220},{ 8}}, {{ 60},{ 8}}, {{188},{ 8}}, {{124},{ 8}},
-{{252},{ 8}}, {{ 2},{ 8}}, {{130},{ 8}}, {{ 66},{ 8}}, {{194},{ 8}},
-{{ 34},{ 8}}, {{162},{ 8}}, {{ 98},{ 8}}, {{226},{ 8}}, {{ 18},{ 8}},
-{{146},{ 8}}, {{ 82},{ 8}}, {{210},{ 8}}, {{ 50},{ 8}}, {{178},{ 8}},
-{{114},{ 8}}, {{242},{ 8}}, {{ 10},{ 8}}, {{138},{ 8}}, {{ 74},{ 8}},
-{{202},{ 8}}, {{ 42},{ 8}}, {{170},{ 8}}, {{106},{ 8}}, {{234},{ 8}},
-{{ 26},{ 8}}, {{154},{ 8}}, {{ 90},{ 8}}, {{218},{ 8}}, {{ 58},{ 8}},
-{{186},{ 8}}, {{122},{ 8}}, {{250},{ 8}}, {{ 6},{ 8}}, {{134},{ 8}},
-{{ 70},{ 8}}, {{198},{ 8}}, {{ 38},{ 8}}, {{166},{ 8}}, {{102},{ 8}},
-{{230},{ 8}}, {{ 22},{ 8}}, {{150},{ 8}}, {{ 86},{ 8}}, {{214},{ 8}},
-{{ 54},{ 8}}, {{182},{ 8}}, {{118},{ 8}}, {{246},{ 8}}, {{ 14},{ 8}},
-{{142},{ 8}}, {{ 78},{ 8}}, {{206},{ 8}}, {{ 46},{ 8}}, {{174},{ 8}},
-{{110},{ 8}}, {{238},{ 8}}, {{ 30},{ 8}}, {{158},{ 8}}, {{ 94},{ 8}},
-{{222},{ 8}}, {{ 62},{ 8}}, {{190},{ 8}}, {{126},{ 8}}, {{254},{ 8}},
-{{ 1},{ 8}}, {{129},{ 8}}, {{ 65},{ 8}}, {{193},{ 8}}, {{ 33},{ 8}},
-{{161},{ 8}}, {{ 97},{ 8}}, {{225},{ 8}}, {{ 17},{ 8}}, {{145},{ 8}},
-{{ 81},{ 8}}, {{209},{ 8}}, {{ 49},{ 8}}, {{177},{ 8}}, {{113},{ 8}},
-{{241},{ 8}}, {{ 9},{ 8}}, {{137},{ 8}}, {{ 73},{ 8}}, {{201},{ 8}},
-{{ 41},{ 8}}, {{169},{ 8}}, {{105},{ 8}}, {{233},{ 8}}, {{ 25},{ 8}},
-{{153},{ 8}}, {{ 89},{ 8}}, {{217},{ 8}}, {{ 57},{ 8}}, {{185},{ 8}},
-{{121},{ 8}}, {{249},{ 8}}, {{ 5},{ 8}}, {{133},{ 8}}, {{ 69},{ 8}},
-{{197},{ 8}}, {{ 37},{ 8}}, {{165},{ 8}}, {{101},{ 8}}, {{229},{ 8}},
-{{ 21},{ 8}}, {{149},{ 8}}, {{ 85},{ 8}}, {{213},{ 8}}, {{ 53},{ 8}},
-{{181},{ 8}}, {{117},{ 8}}, {{245},{ 8}}, {{ 13},{ 8}}, {{141},{ 8}},
-{{ 77},{ 8}}, {{205},{ 8}}, {{ 45},{ 8}}, {{173},{ 8}}, {{109},{ 8}},
-{{237},{ 8}}, {{ 29},{ 8}}, {{157},{ 8}}, {{ 93},{ 8}}, {{221},{ 8}},
-{{ 61},{ 8}}, {{189},{ 8}}, {{125},{ 8}}, {{253},{ 8}}, {{ 19},{ 9}},
-{{275},{ 9}}, {{147},{ 9}}, {{403},{ 9}}, {{ 83},{ 9}}, {{339},{ 9}},
-{{211},{ 9}}, {{467},{ 9}}, {{ 51},{ 9}}, {{307},{ 9}}, {{179},{ 9}},
-{{435},{ 9}}, {{115},{ 9}}, {{371},{ 9}}, {{243},{ 9}}, {{499},{ 9}},
-{{ 11},{ 9}}, {{267},{ 9}}, {{139},{ 9}}, {{395},{ 9}}, {{ 75},{ 9}},
-{{331},{ 9}}, {{203},{ 9}}, {{459},{ 9}}, {{ 43},{ 9}}, {{299},{ 9}},
-{{171},{ 9}}, {{427},{ 9}}, {{107},{ 9}}, {{363},{ 9}}, {{235},{ 9}},
-{{491},{ 9}}, {{ 27},{ 9}}, {{283},{ 9}}, {{155},{ 9}}, {{411},{ 9}},
-{{ 91},{ 9}}, {{347},{ 9}}, {{219},{ 9}}, {{475},{ 9}}, {{ 59},{ 9}},
-{{315},{ 9}}, {{187},{ 9}}, {{443},{ 9}}, {{123},{ 9}}, {{379},{ 9}},
-{{251},{ 9}}, {{507},{ 9}}, {{ 7},{ 9}}, {{263},{ 9}}, {{135},{ 9}},
-{{391},{ 9}}, {{ 71},{ 9}}, {{327},{ 9}}, {{199},{ 9}}, {{455},{ 9}},
-{{ 39},{ 9}}, {{295},{ 9}}, {{167},{ 9}}, {{423},{ 9}}, {{103},{ 9}},
-{{359},{ 9}}, {{231},{ 9}}, {{487},{ 9}}, {{ 23},{ 9}}, {{279},{ 9}},
-{{151},{ 9}}, {{407},{ 9}}, {{ 87},{ 9}}, {{343},{ 9}}, {{215},{ 9}},
-{{471},{ 9}}, {{ 55},{ 9}}, {{311},{ 9}}, {{183},{ 9}}, {{439},{ 9}},
-{{119},{ 9}}, {{375},{ 9}}, {{247},{ 9}}, {{503},{ 9}}, {{ 15},{ 9}},
-{{271},{ 9}}, {{143},{ 9}}, {{399},{ 9}}, {{ 79},{ 9}}, {{335},{ 9}},
-{{207},{ 9}}, {{463},{ 9}}, {{ 47},{ 9}}, {{303},{ 9}}, {{175},{ 9}},
-{{431},{ 9}}, {{111},{ 9}}, {{367},{ 9}}, {{239},{ 9}}, {{495},{ 9}},
-{{ 31},{ 9}}, {{287},{ 9}}, {{159},{ 9}}, {{415},{ 9}}, {{ 95},{ 9}},
-{{351},{ 9}}, {{223},{ 9}}, {{479},{ 9}}, {{ 63},{ 9}}, {{319},{ 9}},
-{{191},{ 9}}, {{447},{ 9}}, {{127},{ 9}}, {{383},{ 9}}, {{255},{ 9}},
-{{511},{ 9}}, {{ 0},{ 7}}, {{ 64},{ 7}}, {{ 32},{ 7}}, {{ 96},{ 7}},
-{{ 16},{ 7}}, {{ 80},{ 7}}, {{ 48},{ 7}}, {{112},{ 7}}, {{ 8},{ 7}},
-{{ 72},{ 7}}, {{ 40},{ 7}}, {{104},{ 7}}, {{ 24},{ 7}}, {{ 88},{ 7}},
-{{ 56},{ 7}}, {{120},{ 7}}, {{ 4},{ 7}}, {{ 68},{ 7}}, {{ 36},{ 7}},
-{{100},{ 7}}, {{ 20},{ 7}}, {{ 84},{ 7}}, {{ 52},{ 7}}, {{116},{ 7}},
-{{ 3},{ 8}}, {{131},{ 8}}, {{ 67},{ 8}}, {{195},{ 8}}, {{ 35},{ 8}},
-{{163},{ 8}}, {{ 99},{ 8}}, {{227},{ 8}}
-};
-
-local const ct_data static_dtree[D_CODES] = {
-{{ 0},{ 5}}, {{16},{ 5}}, {{ 8},{ 5}}, {{24},{ 5}}, {{ 4},{ 5}},
-{{20},{ 5}}, {{12},{ 5}}, {{28},{ 5}}, {{ 2},{ 5}}, {{18},{ 5}},
-{{10},{ 5}}, {{26},{ 5}}, {{ 6},{ 5}}, {{22},{ 5}}, {{14},{ 5}},
-{{30},{ 5}}, {{ 1},{ 5}}, {{17},{ 5}}, {{ 9},{ 5}}, {{25},{ 5}},
-{{ 5},{ 5}}, {{21},{ 5}}, {{13},{ 5}}, {{29},{ 5}}, {{ 3},{ 5}},
-{{19},{ 5}}, {{11},{ 5}}, {{27},{ 5}}, {{ 7},{ 5}}, {{23},{ 5}}
-};
-
-const uch _dist_code[DIST_CODE_LEN] = {
- 0, 1, 2, 3, 4, 4, 5, 5, 6, 6, 6, 6, 7, 7, 7, 7, 8, 8, 8, 8,
- 8, 8, 8, 8, 9, 9, 9, 9, 9, 9, 9, 9, 10, 10, 10, 10, 10, 10, 10, 10,
-10, 10, 10, 10, 10, 10, 10, 10, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11,
-11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12,
-12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 13, 13, 13, 13,
-13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
-13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
-14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
-14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
-14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15,
-15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
-15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
-15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 0, 0, 16, 17,
-18, 18, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 22, 22, 22, 22, 22, 22, 22, 22,
-23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
-24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25,
-26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
-26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27,
-27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27,
-27, 27, 27, 27, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
-28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
-28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
-28, 28, 28, 28, 28, 28, 28, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
-29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
-29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
-29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29
-};
-
-const uch _length_code[MAX_MATCH-MIN_MATCH+1]= {
- 0, 1, 2, 3, 4, 5, 6, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 12, 12,
-13, 13, 13, 13, 14, 14, 14, 14, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16,
-17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 18, 18, 18, 18, 18, 18, 19, 19, 19, 19,
-19, 19, 19, 19, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20,
-21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 22, 22, 22, 22,
-22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 23, 23, 23, 23, 23, 23, 23,
-23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
-24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
-25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25,
-25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 26, 26, 26, 26, 26, 26, 26, 26,
-26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
-26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27,
-27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28
-};
-
-local const int base_length[LENGTH_CODES] = {
-0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 14, 16, 20, 24, 28, 32, 40, 48, 56,
-64, 80, 96, 112, 128, 160, 192, 224, 0
-};
-
-local const int base_dist[D_CODES] = {
- 0, 1, 2, 3, 4, 6, 8, 12, 16, 24,
- 32, 48, 64, 96, 128, 192, 256, 384, 512, 768,
- 1024, 1536, 2048, 3072, 4096, 6144, 8192, 12288, 16384, 24576
-};
-
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* uncompr.c -- decompress a memory buffer
- * Copyright (C) 1995-1998 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* @(#) $Id: uncompr.c,v 1.1.1.1 2001/05/18 23:14:03 mb Exp $ */
-
-#include "zlib.h"
-
-/* ===========================================================================
- Decompresses the source buffer into the destination buffer. sourceLen is
- the byte length of the source buffer. Upon entry, destLen is the total
- size of the destination buffer, which must be large enough to hold the
- entire uncompressed data. (The size of the uncompressed data must have
- been saved previously by the compressor and transmitted to the decompressor
- by some mechanism outside the scope of this compression library.)
- Upon exit, destLen is the actual size of the compressed buffer.
- This function can be used to decompress a whole file at once if the
- input file is mmap'ed.
-
- uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_BUF_ERROR if there was not enough room in the output
- buffer, or Z_DATA_ERROR if the input data was corrupted.
-*/
-int ZEXPORT uncompress (dest, destLen, source, sourceLen)
- Bytef *dest;
- uLongf *destLen;
- const Bytef *source;
- uLong sourceLen;
-{
- z_stream stream;
- int err;
-
- stream.next_in = (Bytef*)source;
- stream.avail_in = (uInt)sourceLen;
- /* Check for source > 64K on 16-bit machine: */
- if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;
-
- stream.next_out = dest;
- stream.avail_out = (uInt)*destLen;
- if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
-
- stream.zalloc = (alloc_func)0;
- stream.zfree = (free_func)0;
-
- err = inflateInit(&stream);
- if (err != Z_OK) return err;
-
- err = inflate(&stream, Z_FINISH);
- if (err != Z_STREAM_END) {
- inflateEnd(&stream);
- return err == Z_OK ? Z_BUF_ERROR : err;
- }
- *destLen = stream.total_out;
-
- err = inflateEnd(&stream);
- return err;
-}
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* zconf.h -- configuration of the zlib compression library
- * Copyright (C) 1995-1998 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* @(#) $Id: zconf.h,v 1.1.1.1 2001/05/18 23:14:03 mb Exp $ */
-
-#ifndef _ZCONF_H
-#define _ZCONF_H
-
-/*
- * If you *really* need a unique prefix for all types and library functions,
- * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
- */
-#ifdef Z_PREFIX
-# define deflateInit_ z_deflateInit_
-# define deflate z_deflate
-# define deflateEnd z_deflateEnd
-# define inflateInit_ z_inflateInit_
-# define inflate z_inflate
-# define inflateEnd z_inflateEnd
-# define deflateInit2_ z_deflateInit2_
-# define deflateSetDictionary z_deflateSetDictionary
-# define deflateCopy z_deflateCopy
-# define deflateReset z_deflateReset
-# define deflateParams z_deflateParams
-# define inflateInit2_ z_inflateInit2_
-# define inflateSetDictionary z_inflateSetDictionary
-# define inflateSync z_inflateSync
-# define inflateSyncPoint z_inflateSyncPoint
-# define inflateReset z_inflateReset
-# define compress z_compress
-# define compress2 z_compress2
-# define uncompress z_uncompress
-# define adler32 z_adler32
-# define crc32 z_crc32
-# define get_crc_table z_get_crc_table
-
-# define Byte z_Byte
-# define uInt z_uInt
-# define uLong z_uLong
-# define Bytef z_Bytef
-# define charf z_charf
-# define intf z_intf
-# define uIntf z_uIntf
-# define uLongf z_uLongf
-# define voidpf z_voidpf
-# define voidp z_voidp
-#endif
-
-#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
-# define WIN32
-#endif
-#if defined(__GNUC__) || defined(WIN32) || defined(__386__) || defined(i386)
-# ifndef __32BIT__
-# define __32BIT__
-# endif
-#endif
-#if defined(__MSDOS__) && !defined(MSDOS)
-# define MSDOS
-#endif
-
-/*
- * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
- * than 64k bytes at a time (needed on systems with 16-bit int).
- */
-#if defined(MSDOS) && !defined(__32BIT__)
-# define MAXSEG_64K
-#endif
-#ifdef MSDOS
-# define UNALIGNED_OK
-#endif
-
-#if (defined(MSDOS) || defined(_WINDOWS) || defined(WIN32)) && !defined(STDC)
-# define STDC
-#endif
-#if defined(__STDC__) || defined(__cplusplus) || defined(__OS2__)
-# ifndef STDC
-# define STDC
-# endif
-#endif
-
-#ifndef STDC
-# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
-# define const
-# endif
-#endif
-
-/* Some Mac compilers merge all .h files incorrectly: */
-#if defined(__MWERKS__) || defined(applec) ||defined(THINK_C) ||defined(__SC__)
-# define NO_DUMMY_DECL
-#endif
-
-/* Old Borland C incorrectly complains about missing returns: */
-#if defined(__BORLANDC__) && (__BORLANDC__ < 0x500)
-# define NEED_DUMMY_RETURN
-#endif
-
-
-/* Maximum value for memLevel in deflateInit2 */
-#ifndef MAX_MEM_LEVEL
-# ifdef MAXSEG_64K
-# define MAX_MEM_LEVEL 8
-# else
-# define MAX_MEM_LEVEL 9
-# endif
-#endif
-
-/* Maximum value for windowBits in deflateInit2 and inflateInit2.
- * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files
- * created by gzip. (Files created by minigzip can still be extracted by
- * gzip.)
- */
-#ifndef MAX_WBITS
-# define MAX_WBITS 15 /* 32K LZ77 window */
-#endif
-
-/* The memory requirements for deflate are (in bytes):
- (1 << (windowBits+2)) + (1 << (memLevel+9))
- that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values)
- plus a few kilobytes for small objects. For example, if you want to reduce
- the default memory requirements from 256K to 128K, compile with
- make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
- Of course this will generally degrade compression (there's no free lunch).
-
- The memory requirements for inflate are (in bytes) 1 << windowBits
- that is, 32K for windowBits=15 (default value) plus a few kilobytes
- for small objects.
-*/
-
- /* Type declarations */
-
-#ifndef OF /* function prototypes */
-# ifdef STDC
-# define OF(args) args
-# else
-# define OF(args) ()
-# endif
-#endif
-
-/* The following definitions for FAR are needed only for MSDOS mixed
- * model programming (small or medium model with some far allocations).
- * This was tested only with MSC; for other MSDOS compilers you may have
- * to define NO_MEMCPY in zutil.h. If you don't need the mixed model,
- * just define FAR to be empty.
- */
-#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(__32BIT__)
- /* MSC small or medium model */
-# define SMALL_MEDIUM
-# ifdef _MSC_VER
-# define FAR _far
-# else
-# define FAR far
-# endif
-#endif
-#if defined(__BORLANDC__) && (defined(__SMALL__) || defined(__MEDIUM__))
-# ifndef __32BIT__
-# define SMALL_MEDIUM
-# define FAR _far
-# endif
-#endif
-
-/* Compile with -DZLIB_DLL for Windows DLL support */
-#if defined(ZLIB_DLL)
-# if defined(_WINDOWS) || defined(WINDOWS)
-# ifdef FAR
-# undef FAR
-# endif
-# include <windows.h>
-# define ZEXPORT WINAPI
-# ifdef WIN32
-# define ZEXPORTVA WINAPIV
-# else
-# define ZEXPORTVA FAR _cdecl _export
-# endif
-# endif
-# if defined (__BORLANDC__)
-# if (__BORLANDC__ >= 0x0500) && defined (WIN32)
-# include <windows.h>
-# define ZEXPORT __declspec(dllexport) WINAPI
-# define ZEXPORTRVA __declspec(dllexport) WINAPIV
-# else
-# if defined (_Windows) && defined (__DLL__)
-# define ZEXPORT _export
-# define ZEXPORTVA _export
-# endif
-# endif
-# endif
-#endif
-
-#if defined (__BEOS__)
-# if defined (ZLIB_DLL)
-# define ZEXTERN extern __declspec(dllexport)
-# else
-# define ZEXTERN extern __declspec(dllimport)
-# endif
-#endif
-
-#ifndef ZEXPORT
-# define ZEXPORT
-#endif
-#ifndef ZEXPORTVA
-# define ZEXPORTVA
-#endif
-#ifndef ZEXTERN
-# define ZEXTERN extern
-#endif
-
-#ifndef FAR
-# define FAR
-#endif
-
-#if !defined(MACOS) && !defined(TARGET_OS_MAC)
-typedef unsigned char Byte; /* 8 bits */
-#endif
-typedef unsigned int uInt; /* 16 bits or more */
-typedef unsigned long uLong; /* 32 bits or more */
-
-#ifdef SMALL_MEDIUM
- /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */
-# define Bytef Byte FAR
-#else
- typedef Byte FAR Bytef;
-#endif
-typedef char FAR charf;
-typedef int FAR intf;
-typedef uInt FAR uIntf;
-typedef uLong FAR uLongf;
-
-#ifdef STDC
- typedef void FAR *voidpf;
- typedef void *voidp;
-#else
- typedef Byte FAR *voidpf;
- typedef Byte *voidp;
-#endif
-
-#ifdef HAVE_UNISTD_H
-# include <sys/types.h> /* for off_t */
-# include <unistd.h> /* for SEEK_* and off_t */
-# define z_off_t off_t
-#endif
-#ifndef SEEK_SET
-# define SEEK_SET 0 /* Seek from beginning of file. */
-# define SEEK_CUR 1 /* Seek from current position. */
-# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */
-#endif
-#ifndef z_off_t
-# define z_off_t long
-#endif
-
-/* MVS linker does not support external names larger than 8 bytes */
-#if defined(__MVS__)
-# pragma map(deflateInit_,"DEIN")
-# pragma map(deflateInit2_,"DEIN2")
-# pragma map(deflateEnd,"DEEND")
-# pragma map(inflateInit_,"ININ")
-# pragma map(inflateInit2_,"ININ2")
-# pragma map(inflateEnd,"INEND")
-# pragma map(inflateSync,"INSY")
-# pragma map(inflateSetDictionary,"INSEDI")
-# pragma map(inflate_blocks,"INBL")
-# pragma map(inflate_blocks_new,"INBLNE")
-# pragma map(inflate_blocks_free,"INBLFR")
-# pragma map(inflate_blocks_reset,"INBLRE")
-# pragma map(inflate_codes_free,"INCOFR")
-# pragma map(inflate_codes,"INCO")
-# pragma map(inflate_fast,"INFA")
-# pragma map(inflate_flush,"INFLU")
-# pragma map(inflate_mask,"INMA")
-# pragma map(inflate_set_dictionary,"INSEDI2")
-# pragma map(inflate_copyright,"INCOPY")
-# pragma map(inflate_trees_bits,"INTRBI")
-# pragma map(inflate_trees_dynamic,"INTRDY")
-# pragma map(inflate_trees_fixed,"INTRFI")
-# pragma map(inflate_trees_free,"INTRFR")
-#endif
-
-#endif /* _ZCONF_H */
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* zlib.h -- interface of the 'zlib' general purpose compression library
- version 1.1.3, July 9th, 1998
-
- Copyright (C) 1995-1998 Jean-loup Gailly and Mark Adler
-
- This software is provided 'as-is', without any express or implied
- warranty. In no event will the authors be held liable for any damages
- arising from the use of this software.
-
- Permission is granted to anyone to use this software for any purpose,
- including commercial applications, and to alter it and redistribute it
- freely, subject to the following restrictions:
-
- 1. The origin of this software must not be misrepresented; you must not
- claim that you wrote the original software. If you use this software
- in a product, an acknowledgment in the product documentation would be
- appreciated but is not required.
- 2. Altered source versions must be plainly marked as such, and must not be
- misrepresented as being the original software.
- 3. This notice may not be removed or altered from any source distribution.
-
- Jean-loup Gailly Mark Adler
- jloup@gzip.org madler@alumni.caltech.edu
-
-
- The data format used by the zlib library is described by RFCs (Request for
- Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt
- (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format).
-*/
-
-#ifndef _ZLIB_H
-#define _ZLIB_H
-
-#include "zconf.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define ZLIB_VERSION "1.1.3"
-
-/*
- The 'zlib' compression library provides in-memory compression and
- decompression functions, including integrity checks of the uncompressed
- data. This version of the library supports only one compression method
- (deflation) but other algorithms will be added later and will have the same
- stream interface.
-
- Compression can be done in a single step if the buffers are large
- enough (for example if an input file is mmap'ed), or can be done by
- repeated calls of the compression function. In the latter case, the
- application must provide more input and/or consume the output
- (providing more output space) before each call.
-
- The library also supports reading and writing files in gzip (.gz) format
- with an interface similar to that of stdio.
-
- The library does not install any signal handler. The decoder checks
- the consistency of the compressed data, so the library should never
- crash even in case of corrupted input.
-*/
-
-typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size));
-typedef void (*free_func) OF((voidpf opaque, voidpf address));
-
-struct internal_state;
-
-typedef struct z_stream_s {
- Bytef *next_in; /* next input byte */
- uInt avail_in; /* number of bytes available at next_in */
- uLong total_in; /* total nb of input bytes read so far */
-
- Bytef *next_out; /* next output byte should be put there */
- uInt avail_out; /* remaining free space at next_out */
- uLong total_out; /* total nb of bytes output so far */
-
- char *msg; /* last error message, NULL if no error */
- struct internal_state FAR *state; /* not visible by applications */
-
- alloc_func zalloc; /* used to allocate the internal state */
- free_func zfree; /* used to free the internal state */
- voidpf opaque; /* private data object passed to zalloc and zfree */
-
- int data_type; /* best guess about the data type: ascii or binary */
- uLong adler; /* adler32 value of the uncompressed data */
- uLong reserved; /* reserved for future use */
-} z_stream;
-
-typedef z_stream FAR *z_streamp;
-
-/*
- The application must update next_in and avail_in when avail_in has
- dropped to zero. It must update next_out and avail_out when avail_out
- has dropped to zero. The application must initialize zalloc, zfree and
- opaque before calling the init function. All other fields are set by the
- compression library and must not be updated by the application.
-
- The opaque value provided by the application will be passed as the first
- parameter for calls of zalloc and zfree. This can be useful for custom
- memory management. The compression library attaches no meaning to the
- opaque value.
-
- zalloc must return Z_NULL if there is not enough memory for the object.
- If zlib is used in a multi-threaded application, zalloc and zfree must be
- thread safe.
-
- On 16-bit systems, the functions zalloc and zfree must be able to allocate
- exactly 65536 bytes, but will not be required to allocate more than this
- if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS,
- pointers returned by zalloc for objects of exactly 65536 bytes *must*
- have their offset normalized to zero. The default allocation function
- provided by this library ensures this (see zutil.c). To reduce memory
- requirements and avoid any allocation of 64K objects, at the expense of
- compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h).
-
- The fields total_in and total_out can be used for statistics or
- progress reports. After compression, total_in holds the total size of
- the uncompressed data and may be saved for use in the decompressor
- (particularly if the decompressor wants to decompress everything in
- a single step).
-*/
-
- /* constants */
-
-#define Z_NO_FLUSH 0
-#define Z_PARTIAL_FLUSH 1 /* will be removed, use Z_SYNC_FLUSH instead */
-#define Z_SYNC_FLUSH 2
-#define Z_FULL_FLUSH 3
-#define Z_FINISH 4
-/* Allowed flush values; see deflate() below for details */
-
-#define Z_OK 0
-#define Z_STREAM_END 1
-#define Z_NEED_DICT 2
-#define Z_ERRNO (-1)
-#define Z_STREAM_ERROR (-2)
-#define Z_DATA_ERROR (-3)
-#define Z_MEM_ERROR (-4)
-#define Z_BUF_ERROR (-5)
-#define Z_VERSION_ERROR (-6)
-/* Return codes for the compression/decompression functions. Negative
- * values are errors, positive values are used for special but normal events.
- */
-
-#define Z_NO_COMPRESSION 0
-#define Z_BEST_SPEED 1
-#define Z_BEST_COMPRESSION 9
-#define Z_DEFAULT_COMPRESSION (-1)
-/* compression levels */
-
-#define Z_FILTERED 1
-#define Z_HUFFMAN_ONLY 2
-#define Z_DEFAULT_STRATEGY 0
-/* compression strategy; see deflateInit2() below for details */
-
-#define Z_BINARY 0
-#define Z_ASCII 1
-#define Z_UNKNOWN 2
-/* Possible values of the data_type field */
-
-#define Z_DEFLATED 8
-/* The deflate compression method (the only one supported in this version) */
-
-#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */
-
-#define zlib_version zlibVersion()
-/* for compatibility with versions < 1.0.2 */
-
- /* basic functions */
-
-ZEXTERN const char * ZEXPORT zlibVersion OF((void));
-/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
- If the first character differs, the library code actually used is
- not compatible with the zlib.h header file used by the application.
- This check is automatically made by deflateInit and inflateInit.
- */
-
-/*
-ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level));
-
- Initializes the internal stream state for compression. The fields
- zalloc, zfree and opaque must be initialized before by the caller.
- If zalloc and zfree are set to Z_NULL, deflateInit updates them to
- use default allocation functions.
-
- The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
- 1 gives best speed, 9 gives best compression, 0 gives no compression at
- all (the input data is simply copied a block at a time).
- Z_DEFAULT_COMPRESSION requests a default compromise between speed and
- compression (currently equivalent to level 6).
-
- deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_STREAM_ERROR if level is not a valid compression level,
- Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible
- with the version assumed by the caller (ZLIB_VERSION).
- msg is set to null if there is no error message. deflateInit does not
- perform any compression: this will be done by deflate().
-*/
-
-
-ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush));
-/*
- deflate compresses as much data as possible, and stops when the input
- buffer becomes empty or the output buffer becomes full. It may introduce some
- output latency (reading input without producing any output) except when
- forced to flush.
-
- The detailed semantics are as follows. deflate performs one or both of the
- following actions:
-
- - Compress more input starting at next_in and update next_in and avail_in
- accordingly. If not all input can be processed (because there is not
- enough room in the output buffer), next_in and avail_in are updated and
- processing will resume at this point for the next call of deflate().
-
- - Provide more output starting at next_out and update next_out and avail_out
- accordingly. This action is forced if the parameter flush is non zero.
- Forcing flush frequently degrades the compression ratio, so this parameter
- should be set only when necessary (in interactive applications).
- Some output may be provided even if flush is not set.
-
- Before the call of deflate(), the application should ensure that at least
- one of the actions is possible, by providing more input and/or consuming
- more output, and updating avail_in or avail_out accordingly; avail_out
- should never be zero before the call. The application can consume the
- compressed output when it wants, for example when the output buffer is full
- (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK
- and with zero avail_out, it must be called again after making room in the
- output buffer because there might be more output pending.
-
- If the parameter flush is set to Z_SYNC_FLUSH, all pending output is
- flushed to the output buffer and the output is aligned on a byte boundary, so
- that the decompressor can get all input data available so far. (In particular
- avail_in is zero after the call if enough output space has been provided
- before the call.) Flushing may degrade compression for some compression
- algorithms and so it should be used only when necessary.
-
- If flush is set to Z_FULL_FLUSH, all output is flushed as with
- Z_SYNC_FLUSH, and the compression state is reset so that decompression can
- restart from this point if previous compressed data has been damaged or if
- random access is desired. Using Z_FULL_FLUSH too often can seriously degrade
- the compression.
-
- If deflate returns with avail_out == 0, this function must be called again
- with the same value of the flush parameter and more output space (updated
- avail_out), until the flush is complete (deflate returns with non-zero
- avail_out).
-
- If the parameter flush is set to Z_FINISH, pending input is processed,
- pending output is flushed and deflate returns with Z_STREAM_END if there
- was enough output space; if deflate returns with Z_OK, this function must be
- called again with Z_FINISH and more output space (updated avail_out) but no
- more input data, until it returns with Z_STREAM_END or an error. After
- deflate has returned Z_STREAM_END, the only possible operations on the
- stream are deflateReset or deflateEnd.
-
- Z_FINISH can be used immediately after deflateInit if all the compression
- is to be done in a single step. In this case, avail_out must be at least
- 0.1% larger than avail_in plus 12 bytes. If deflate does not return
- Z_STREAM_END, then it must be called again as described above.
-
- deflate() sets strm->adler to the adler32 checksum of all input read
- so far (that is, total_in bytes).
-
- deflate() may update data_type if it can make a good guess about
- the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered
- binary. This field is only for information purposes and does not affect
- the compression algorithm in any manner.
-
- deflate() returns Z_OK if some progress has been made (more input
- processed or more output produced), Z_STREAM_END if all input has been
- consumed and all output has been produced (only when flush is set to
- Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
- if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible
- (for example avail_in or avail_out was zero).
-*/
-
-
-ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm));
-/*
- All dynamically allocated data structures for this stream are freed.
- This function discards any unprocessed input and does not flush any
- pending output.
-
- deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
- stream state was inconsistent, Z_DATA_ERROR if the stream was freed
- prematurely (some input or output was discarded). In the error case,
- msg may be set but then points to a static string (which must not be
- deallocated).
-*/
-
-
-/*
-ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm));
-
- Initializes the internal stream state for decompression. The fields
- next_in, avail_in, zalloc, zfree and opaque must be initialized before by
- the caller. If next_in is not Z_NULL and avail_in is large enough (the exact
- value depends on the compression method), inflateInit determines the
- compression method from the zlib header and allocates all data structures
- accordingly; otherwise the allocation will be deferred to the first call of
- inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to
- use default allocation functions.
-
- inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
- memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
- version assumed by the caller. msg is set to null if there is no error
- message. inflateInit does not perform any decompression apart from reading
- the zlib header if present: this will be done by inflate(). (So next_in and
- avail_in may be modified, but next_out and avail_out are unchanged.)
-*/
-
-
-ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush));
-/*
- inflate decompresses as much data as possible, and stops when the input
- buffer becomes empty or the output buffer becomes full. It may some
- introduce some output latency (reading input without producing any output)
- except when forced to flush.
-
- The detailed semantics are as follows. inflate performs one or both of the
- following actions:
-
- - Decompress more input starting at next_in and update next_in and avail_in
- accordingly. If not all input can be processed (because there is not
- enough room in the output buffer), next_in is updated and processing
- will resume at this point for the next call of inflate().
-
- - Provide more output starting at next_out and update next_out and avail_out
- accordingly. inflate() provides as much output as possible, until there
- is no more input data or no more space in the output buffer (see below
- about the flush parameter).
-
- Before the call of inflate(), the application should ensure that at least
- one of the actions is possible, by providing more input and/or consuming
- more output, and updating the next_* and avail_* values accordingly.
- The application can consume the uncompressed output when it wants, for
- example when the output buffer is full (avail_out == 0), or after each
- call of inflate(). If inflate returns Z_OK and with zero avail_out, it
- must be called again after making room in the output buffer because there
- might be more output pending.
-
- If the parameter flush is set to Z_SYNC_FLUSH, inflate flushes as much
- output as possible to the output buffer. The flushing behavior of inflate is
- not specified for values of the flush parameter other than Z_SYNC_FLUSH
- and Z_FINISH, but the current implementation actually flushes as much output
- as possible anyway.
-
- inflate() should normally be called until it returns Z_STREAM_END or an
- error. However if all decompression is to be performed in a single step
- (a single call of inflate), the parameter flush should be set to
- Z_FINISH. In this case all pending input is processed and all pending
- output is flushed; avail_out must be large enough to hold all the
- uncompressed data. (The size of the uncompressed data may have been saved
- by the compressor for this purpose.) The next operation on this stream must
- be inflateEnd to deallocate the decompression state. The use of Z_FINISH
- is never required, but can be used to inform inflate that a faster routine
- may be used for the single inflate() call.
-
- If a preset dictionary is needed at this point (see inflateSetDictionary
- below), inflate sets strm-adler to the adler32 checksum of the
- dictionary chosen by the compressor and returns Z_NEED_DICT; otherwise
- it sets strm->adler to the adler32 checksum of all output produced
- so far (that is, total_out bytes) and returns Z_OK, Z_STREAM_END or
- an error code as described below. At the end of the stream, inflate()
- checks that its computed adler32 checksum is equal to that saved by the
- compressor and returns Z_STREAM_END only if the checksum is correct.
-
- inflate() returns Z_OK if some progress has been made (more input processed
- or more output produced), Z_STREAM_END if the end of the compressed data has
- been reached and all uncompressed output has been produced, Z_NEED_DICT if a
- preset dictionary is needed at this point, Z_DATA_ERROR if the input data was
- corrupted (input stream not conforming to the zlib format or incorrect
- adler32 checksum), Z_STREAM_ERROR if the stream structure was inconsistent
- (for example if next_in or next_out was NULL), Z_MEM_ERROR if there was not
- enough memory, Z_BUF_ERROR if no progress is possible or if there was not
- enough room in the output buffer when Z_FINISH is used. In the Z_DATA_ERROR
- case, the application may then call inflateSync to look for a good
- compression block.
-*/
-
-
-ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm));
-/*
- All dynamically allocated data structures for this stream are freed.
- This function discards any unprocessed input and does not flush any
- pending output.
-
- inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state
- was inconsistent. In the error case, msg may be set but then points to a
- static string (which must not be deallocated).
-*/
-
- /* Advanced functions */
-
-/*
- The following functions are needed only in some special applications.
-*/
-
-/*
-ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm,
- int level,
- int method,
- int windowBits,
- int memLevel,
- int strategy));
-
- This is another version of deflateInit with more compression options. The
- fields next_in, zalloc, zfree and opaque must be initialized before by
- the caller.
-
- The method parameter is the compression method. It must be Z_DEFLATED in
- this version of the library.
-
- The windowBits parameter is the base two logarithm of the window size
- (the size of the history buffer). It should be in the range 8..15 for this
- version of the library. Larger values of this parameter result in better
- compression at the expense of memory usage. The default value is 15 if
- deflateInit is used instead.
-
- The memLevel parameter specifies how much memory should be allocated
- for the internal compression state. memLevel=1 uses minimum memory but
- is slow and reduces compression ratio; memLevel=9 uses maximum memory
- for optimal speed. The default value is 8. See zconf.h for total memory
- usage as a function of windowBits and memLevel.
-
- The strategy parameter is used to tune the compression algorithm. Use the
- value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a
- filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman encoding only (no
- string match). Filtered data consists mostly of small values with a
- somewhat random distribution. In this case, the compression algorithm is
- tuned to compress them better. The effect of Z_FILTERED is to force more
- Huffman coding and less string matching; it is somewhat intermediate
- between Z_DEFAULT and Z_HUFFMAN_ONLY. The strategy parameter only affects
- the compression ratio but not the correctness of the compressed output even
- if it is not set appropriately.
-
- deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
- memory, Z_STREAM_ERROR if a parameter is invalid (such as an invalid
- method). msg is set to null if there is no error message. deflateInit2 does
- not perform any compression: this will be done by deflate().
-*/
-
-ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength));
-/*
- Initializes the compression dictionary from the given byte sequence
- without producing any compressed output. This function must be called
- immediately after deflateInit, deflateInit2 or deflateReset, before any
- call of deflate. The compressor and decompressor must use exactly the same
- dictionary (see inflateSetDictionary).
-
- The dictionary should consist of strings (byte sequences) that are likely
- to be encountered later in the data to be compressed, with the most commonly
- used strings preferably put towards the end of the dictionary. Using a
- dictionary is most useful when the data to be compressed is short and can be
- predicted with good accuracy; the data can then be compressed better than
- with the default empty dictionary.
-
- Depending on the size of the compression data structures selected by
- deflateInit or deflateInit2, a part of the dictionary may in effect be
- discarded, for example if the dictionary is larger than the window size in
- deflate or deflate2. Thus the strings most likely to be useful should be
- put at the end of the dictionary, not at the front.
-
- Upon return of this function, strm->adler is set to the Adler32 value
- of the dictionary; the decompressor may later use this value to determine
- which dictionary has been used by the compressor. (The Adler32 value
- applies to the whole dictionary even if only a subset of the dictionary is
- actually used by the compressor.)
-
- deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a
- parameter is invalid (such as NULL dictionary) or the stream state is
- inconsistent (for example if deflate has already been called for this stream
- or if the compression method is bsort). deflateSetDictionary does not
- perform any compression: this will be done by deflate().
-*/
-
-ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest,
- z_streamp source));
-/*
- Sets the destination stream as a complete copy of the source stream.
-
- This function can be useful when several compression strategies will be
- tried, for example when there are several ways of pre-processing the input
- data with a filter. The streams that will be discarded should then be freed
- by calling deflateEnd. Note that deflateCopy duplicates the internal
- compression state which can be quite large, so this strategy is slow and
- can consume lots of memory.
-
- deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
- (such as zalloc being NULL). msg is left unchanged in both source and
- destination.
-*/
-
-ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm));
-/*
- This function is equivalent to deflateEnd followed by deflateInit,
- but does not free and reallocate all the internal compression state.
- The stream will keep the same compression level and any other attributes
- that may have been set by deflateInit2.
-
- deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
- stream state was inconsistent (such as zalloc or state being NULL).
-*/
-
-ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm,
- int level,
- int strategy));
-/*
- Dynamically update the compression level and compression strategy. The
- interpretation of level and strategy is as in deflateInit2. This can be
- used to switch between compression and straight copy of the input data, or
- to switch to a different kind of input data requiring a different
- strategy. If the compression level is changed, the input available so far
- is compressed with the old level (and may be flushed); the new level will
- take effect only at the next call of deflate().
-
- Before the call of deflateParams, the stream state must be set as for
- a call of deflate(), since the currently available input may have to
- be compressed and flushed. In particular, strm->avail_out must be non-zero.
-
- deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source
- stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR
- if strm->avail_out was zero.
-*/
-
-/*
-ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm,
- int windowBits));
-
- This is another version of inflateInit with an extra parameter. The
- fields next_in, avail_in, zalloc, zfree and opaque must be initialized
- before by the caller.
-
- The windowBits parameter is the base two logarithm of the maximum window
- size (the size of the history buffer). It should be in the range 8..15 for
- this version of the library. The default value is 15 if inflateInit is used
- instead. If a compressed stream with a larger window size is given as
- input, inflate() will return with the error code Z_DATA_ERROR instead of
- trying to allocate a larger window.
-
- inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
- memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative
- memLevel). msg is set to null if there is no error message. inflateInit2
- does not perform any decompression apart from reading the zlib header if
- present: this will be done by inflate(). (So next_in and avail_in may be
- modified, but next_out and avail_out are unchanged.)
-*/
-
-ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm,
- const Bytef *dictionary,
- uInt dictLength));
-/*
- Initializes the decompression dictionary from the given uncompressed byte
- sequence. This function must be called immediately after a call of inflate
- if this call returned Z_NEED_DICT. The dictionary chosen by the compressor
- can be determined from the Adler32 value returned by this call of
- inflate. The compressor and decompressor must use exactly the same
- dictionary (see deflateSetDictionary).
-
- inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a
- parameter is invalid (such as NULL dictionary) or the stream state is
- inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the
- expected one (incorrect Adler32 value). inflateSetDictionary does not
- perform any decompression: this will be done by subsequent calls of
- inflate().
-*/
-
-ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm));
-/*
- Skips invalid compressed data until a full flush point (see above the
- description of deflate with Z_FULL_FLUSH) can be found, or until all
- available input is skipped. No output is provided.
-
- inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR
- if no more input was provided, Z_DATA_ERROR if no flush point has been found,
- or Z_STREAM_ERROR if the stream structure was inconsistent. In the success
- case, the application may save the current current value of total_in which
- indicates where valid compressed data was found. In the error case, the
- application may repeatedly call inflateSync, providing more input each time,
- until success or end of the input data.
-*/
-
-ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm));
-/*
- This function is equivalent to inflateEnd followed by inflateInit,
- but does not free and reallocate all the internal decompression state.
- The stream will keep attributes that may have been set by inflateInit2.
-
- inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
- stream state was inconsistent (such as zalloc or state being NULL).
-*/
-
-
- /* utility functions */
-
-/*
- The following utility functions are implemented on top of the
- basic stream-oriented functions. To simplify the interface, some
- default options are assumed (compression level and memory usage,
- standard memory allocation functions). The source code of these
- utility functions can easily be modified if you need special options.
-*/
-
-ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen));
-/*
- Compresses the source buffer into the destination buffer. sourceLen is
- the byte length of the source buffer. Upon entry, destLen is the total
- size of the destination buffer, which must be at least 0.1% larger than
- sourceLen plus 12 bytes. Upon exit, destLen is the actual size of the
- compressed buffer.
- This function can be used to compress a whole file at once if the
- input file is mmap'ed.
- compress returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_BUF_ERROR if there was not enough room in the output
- buffer.
-*/
-
-ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen,
- int level));
-/*
- Compresses the source buffer into the destination buffer. The level
- parameter has the same meaning as in deflateInit. sourceLen is the byte
- length of the source buffer. Upon entry, destLen is the total size of the
- destination buffer, which must be at least 0.1% larger than sourceLen plus
- 12 bytes. Upon exit, destLen is the actual size of the compressed buffer.
-
- compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
- memory, Z_BUF_ERROR if there was not enough room in the output buffer,
- Z_STREAM_ERROR if the level parameter is invalid.
-*/
-
-ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen,
- const Bytef *source, uLong sourceLen));
-/*
- Decompresses the source buffer into the destination buffer. sourceLen is
- the byte length of the source buffer. Upon entry, destLen is the total
- size of the destination buffer, which must be large enough to hold the
- entire uncompressed data. (The size of the uncompressed data must have
- been saved previously by the compressor and transmitted to the decompressor
- by some mechanism outside the scope of this compression library.)
- Upon exit, destLen is the actual size of the compressed buffer.
- This function can be used to decompress a whole file at once if the
- input file is mmap'ed.
-
- uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_BUF_ERROR if there was not enough room in the output
- buffer, or Z_DATA_ERROR if the input data was corrupted.
-*/
-
-
-typedef voidp gzFile;
-
-ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode));
-/*
- Opens a gzip (.gz) file for reading or writing. The mode parameter
- is as in fopen ("rb" or "wb") but can also include a compression level
- ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for
- Huffman only compression as in "wb1h". (See the description
- of deflateInit2 for more information about the strategy parameter.)
-
- gzopen can be used to read a file which is not in gzip format; in this
- case gzread will directly read from the file without decompression.
-
- gzopen returns NULL if the file could not be opened or if there was
- insufficient memory to allocate the (de)compression state; errno
- can be checked to distinguish the two cases (if errno is zero, the
- zlib error is Z_MEM_ERROR). */
-
-ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode));
-/*
- gzdopen() associates a gzFile with the file descriptor fd. File
- descriptors are obtained from calls like open, dup, creat, pipe or
- fileno (in the file has been previously opened with fopen).
- The mode parameter is as in gzopen.
- The next call of gzclose on the returned gzFile will also close the
- file descriptor fd, just like fclose(fdopen(fd), mode) closes the file
- descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode).
- gzdopen returns NULL if there was insufficient memory to allocate
- the (de)compression state.
-*/
-
-ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy));
-/*
- Dynamically update the compression level or strategy. See the description
- of deflateInit2 for the meaning of these parameters.
- gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not
- opened for writing.
-*/
-
-ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len));
-/*
- Reads the given number of uncompressed bytes from the compressed file.
- If the input file was not in gzip format, gzread copies the given number
- of bytes into the buffer.
- gzread returns the number of uncompressed bytes actually read (0 for
- end of file, -1 for error). */
-
-ZEXTERN int ZEXPORT gzwrite OF((gzFile file,
- const voidp buf, unsigned len));
-/*
- Writes the given number of uncompressed bytes into the compressed file.
- gzwrite returns the number of uncompressed bytes actually written
- (0 in case of error).
-*/
-
-ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...));
-/*
- Converts, formats, and writes the args to the compressed file under
- control of the format string, as in fprintf. gzprintf returns the number of
- uncompressed bytes actually written (0 in case of error).
-*/
-
-ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s));
-/*
- Writes the given null-terminated string to the compressed file, excluding
- the terminating null character.
- gzputs returns the number of characters written, or -1 in case of error.
-*/
-
-ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len));
-/*
- Reads bytes from the compressed file until len-1 characters are read, or
- a newline character is read and transferred to buf, or an end-of-file
- condition is encountered. The string is then terminated with a null
- character.
- gzgets returns buf, or Z_NULL in case of error.
-*/
-
-ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c));
-/*
- Writes c, converted to an unsigned char, into the compressed file.
- gzputc returns the value that was written, or -1 in case of error.
-*/
-
-ZEXTERN int ZEXPORT gzgetc OF((gzFile file));
-/*
- Reads one byte from the compressed file. gzgetc returns this byte
- or -1 in case of end of file or error.
-*/
-
-ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush));
-/*
- Flushes all pending output into the compressed file. The parameter
- flush is as in the deflate() function. The return value is the zlib
- error number (see function gzerror below). gzflush returns Z_OK if
- the flush parameter is Z_FINISH and all output could be flushed.
- gzflush should be called only when strictly necessary because it can
- degrade compression.
-*/
-
-ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file,
- z_off_t offset, int whence));
-/*
- Sets the starting position for the next gzread or gzwrite on the
- given compressed file. The offset represents a number of bytes in the
- uncompressed data stream. The whence parameter is defined as in lseek(2);
- the value SEEK_END is not supported.
- If the file is opened for reading, this function is emulated but can be
- extremely slow. If the file is opened for writing, only forward seeks are
- supported; gzseek then compresses a sequence of zeroes up to the new
- starting position.
-
- gzseek returns the resulting offset location as measured in bytes from
- the beginning of the uncompressed stream, or -1 in case of error, in
- particular if the file is opened for writing and the new starting position
- would be before the current position.
-*/
-
-ZEXTERN int ZEXPORT gzrewind OF((gzFile file));
-/*
- Rewinds the given file. This function is supported only for reading.
-
- gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET)
-*/
-
-ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file));
-/*
- Returns the starting position for the next gzread or gzwrite on the
- given compressed file. This position represents a number of bytes in the
- uncompressed data stream.
-
- gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR)
-*/
-
-ZEXTERN int ZEXPORT gzeof OF((gzFile file));
-/*
- Returns 1 when EOF has previously been detected reading the given
- input stream, otherwise zero.
-*/
-
-ZEXTERN int ZEXPORT gzclose OF((gzFile file));
-/*
- Flushes all pending output if necessary, closes the compressed file
- and deallocates all the (de)compression state. The return value is the zlib
- error number (see function gzerror below).
-*/
-
-ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum));
-/*
- Returns the error message for the last error which occurred on the
- given compressed file. errnum is set to zlib error number. If an
- error occurred in the file system and not in the compression library,
- errnum is set to Z_ERRNO and the application may consult errno
- to get the exact error code.
-*/
-
- /* checksum functions */
-
-/*
- These functions are not related to compression but are exported
- anyway because they might be useful in applications using the
- compression library.
-*/
-
-ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len));
-
-/*
- Update a running Adler-32 checksum with the bytes buf[0..len-1] and
- return the updated checksum. If buf is NULL, this function returns
- the required initial value for the checksum.
- An Adler-32 checksum is almost as reliable as a CRC32 but can be computed
- much faster. Usage example:
-
- uLong adler = adler32(0L, Z_NULL, 0);
-
- while (read_buffer(buffer, length) != EOF) {
- adler = adler32(adler, buffer, length);
- }
- if (adler != original_adler) error();
-*/
-
-ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len));
-/*
- Update a running crc with the bytes buf[0..len-1] and return the updated
- crc. If buf is NULL, this function returns the required initial value
- for the crc. Pre- and post-conditioning (one's complement) is performed
- within this function so it shouldn't be done by the application.
- Usage example:
-
- uLong crc = crc32(0L, Z_NULL, 0);
-
- while (read_buffer(buffer, length) != EOF) {
- crc = crc32(crc, buffer, length);
- }
- if (crc != original_crc) error();
-*/
-
-
- /* various hacks, don't look :) */
-
-/* deflateInit and inflateInit are macros to allow checking the zlib version
- * and the compiler's view of z_stream:
- */
-ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level,
- const char *version, int stream_size));
-ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm,
- const char *version, int stream_size));
-ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method,
- int windowBits, int memLevel,
- int strategy, const char *version,
- int stream_size));
-ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits,
- const char *version, int stream_size));
-#define deflateInit(strm, level) \
- deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream))
-#define inflateInit(strm) \
- inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream))
-#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
- deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\
- (strategy), ZLIB_VERSION, sizeof(z_stream))
-#define inflateInit2(strm, windowBits) \
- inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream))
-
-
-#if !defined(_Z_UTIL_H) && !defined(NO_DUMMY_DECL)
- struct internal_state {int dummy;}; /* hack for buggy compilers */
-#endif
-
-ZEXTERN const char * ZEXPORT zError OF((int err));
-ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z));
-ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _ZLIB_H */
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* zutil.c -- target dependent utility functions for the compression library
- * Copyright (C) 1995-1998 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* @(#) $Id: zutil.c,v 1.1.1.1 2001/05/18 23:14:03 mb Exp $ */
-
-#include "zutil.h"
-
-struct internal_state {int dummy;}; /* for buggy compilers */
-
-#ifndef STDC
-extern void exit OF((int));
-#endif
-
-const char *z_errmsg[10] = {
-"need dictionary", /* Z_NEED_DICT 2 */
-"stream end", /* Z_STREAM_END 1 */
-"", /* Z_OK 0 */
-"file error", /* Z_ERRNO (-1) */
-"stream error", /* Z_STREAM_ERROR (-2) */
-"data error", /* Z_DATA_ERROR (-3) */
-"insufficient memory", /* Z_MEM_ERROR (-4) */
-"buffer error", /* Z_BUF_ERROR (-5) */
-"incompatible version",/* Z_VERSION_ERROR (-6) */
-""};
-
-
-const char * ZEXPORT zlibVersion()
-{
- return ZLIB_VERSION;
-}
-
-#ifdef DEBUG
-
-# ifndef verbose
-# define verbose 0
-# endif
-int z_verbose = verbose;
-
-void z_error (m)
- char *m;
-{
- fprintf(stderr, "%s\n", m);
- exit(1);
-}
-#endif
-
-/* exported to allow conversion of error code to string for compress() and
- * uncompress()
- */
-const char * ZEXPORT zError(err)
- int err;
-{
- return ERR_MSG(err);
-}
-
-
-#ifndef HAVE_MEMCPY
-
-void zmemcpy(dest, source, len)
- Bytef* dest;
- const Bytef* source;
- uInt len;
-{
- if (len == 0) return;
- do {
- *dest++ = *source++; /* ??? to be unrolled */
- } while (--len != 0);
-}
-
-int zmemcmp(s1, s2, len)
- const Bytef* s1;
- const Bytef* s2;
- uInt len;
-{
- uInt j;
-
- for (j = 0; j < len; j++) {
- if (s1[j] != s2[j]) return 2*(s1[j] > s2[j])-1;
- }
- return 0;
-}
-
-void zmemzero(dest, len)
- Bytef* dest;
- uInt len;
-{
- if (len == 0) return;
- do {
- *dest++ = 0; /* ??? to be unrolled */
- } while (--len != 0);
-}
-#endif
-
-#ifdef __TURBOC__
-#if (defined( __BORLANDC__) || !defined(SMALL_MEDIUM)) && !defined(__32BIT__)
-/* Small and medium model in Turbo C are for now limited to near allocation
- * with reduced MAX_WBITS and MAX_MEM_LEVEL
- */
-# define MY_ZCALLOC
-
-/* Turbo C malloc() does not allow dynamic allocation of 64K bytes
- * and farmalloc(64K) returns a pointer with an offset of 8, so we
- * must fix the pointer. Warning: the pointer must be put back to its
- * original form in order to free it, use zcfree().
- */
-
-#define MAX_PTR 10
-/* 10*64K = 640K */
-
-local int next_ptr = 0;
-
-typedef struct ptr_table_s {
- voidpf org_ptr;
- voidpf new_ptr;
-} ptr_table;
-
-local ptr_table table[MAX_PTR];
-/* This table is used to remember the original form of pointers
- * to large buffers (64K). Such pointers are normalized with a zero offset.
- * Since MSDOS is not a preemptive multitasking OS, this table is not
- * protected from concurrent access. This hack doesn't work anyway on
- * a protected system like OS/2. Use Microsoft C instead.
- */
-
-voidpf zcalloc (voidpf opaque, unsigned items, unsigned size)
-{
- voidpf buf = opaque; /* just to make some compilers happy */
- ulg bsize = (ulg)items*size;
-
- /* If we allocate less than 65520 bytes, we assume that farmalloc
- * will return a usable pointer which doesn't have to be normalized.
- */
- if (bsize < 65520L) {
- buf = farmalloc(bsize);
- if (*(ush*)&buf != 0) return buf;
- } else {
- buf = farmalloc(bsize + 16L);
- }
- if (buf == NULL || next_ptr >= MAX_PTR) return NULL;
- table[next_ptr].org_ptr = buf;
-
- /* Normalize the pointer to seg:0 */
- *((ush*)&buf+1) += ((ush)((uch*)buf-0) + 15) >> 4;
- *(ush*)&buf = 0;
- table[next_ptr++].new_ptr = buf;
- return buf;
-}
-
-void zcfree (voidpf opaque, voidpf ptr)
-{
- int n;
- if (*(ush*)&ptr != 0) { /* object < 64K */
- farfree(ptr);
- return;
- }
- /* Find the original pointer */
- for (n = 0; n < next_ptr; n++) {
- if (ptr != table[n].new_ptr) continue;
-
- farfree(table[n].org_ptr);
- while (++n < next_ptr) {
- table[n-1] = table[n];
- }
- next_ptr--;
- return;
- }
- ptr = opaque; /* just to make some compilers happy */
- Assert(0, "zcfree: ptr not found");
-}
-#endif
-#endif /* __TURBOC__ */
-
-
-#if defined(M_I86) && !defined(__32BIT__)
-/* Microsoft C in 16-bit mode */
-
-# define MY_ZCALLOC
-
-#if (!defined(_MSC_VER) || (_MSC_VER <= 600))
-# define _halloc halloc
-# define _hfree hfree
-#endif
-
-voidpf zcalloc (voidpf opaque, unsigned items, unsigned size)
-{
- if (opaque) opaque = 0; /* to make compiler happy */
- return _halloc((long)items, size);
-}
-
-void zcfree (voidpf opaque, voidpf ptr)
-{
- if (opaque) opaque = 0; /* to make compiler happy */
- _hfree(ptr);
-}
-
-#endif /* MSC */
-
-
-#ifndef MY_ZCALLOC /* Any system without a special alloc function */
-
-#ifndef STDC
-extern voidp calloc OF((uInt items, uInt size));
-extern void free OF((voidpf ptr));
-#endif
-
-voidpf zcalloc (opaque, items, size)
- voidpf opaque;
- unsigned items;
- unsigned size;
-{
- if (opaque) items += size - size; /* make compiler happy */
- return (voidpf)calloc(items, size);
-}
-
-void zcfree (opaque, ptr)
- voidpf opaque;
- voidpf ptr;
-{
- free(ptr);
- if (opaque) return; /* make compiler happy */
-}
-
-#endif /* MY_ZCALLOC */
+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/* zutil.h -- internal interface and configuration of the compression library
- * Copyright (C) 1995-1998 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-/* @(#) $Id: zutil.h,v 1.1.1.1 2001/05/18 23:14:03 mb Exp $ */
-
-#ifndef _Z_UTIL_H
-#define _Z_UTIL_H
-
-#include "zlib.h"
-
-#ifdef STDC
-# include <stddef.h>
-# include <string.h>
-# include <stdlib.h>
-#endif
-#ifdef NO_ERRNO_H
- extern int errno;
-#else
-# include <errno.h>
-#endif
-
-#ifndef local
-# define local static
-#endif
-/* compile with -Dlocal if your debugger can't find static symbols */
-
-typedef unsigned char uch;
-typedef uch FAR uchf;
-typedef unsigned short ush;
-typedef ush FAR ushf;
-typedef unsigned long ulg;
-
-extern const char *z_errmsg[10]; /* indexed by 2-zlib_error */
-/* (size given to avoid silly warnings with Visual C++) */
-
-#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)]
-
-#define ERR_RETURN(strm,err) \
- return (strm->msg = (char*)ERR_MSG(err), (err))
-/* To be used only when the state is known to be valid */
-
- /* common constants */
-
-#ifndef DEF_WBITS
-# define DEF_WBITS MAX_WBITS
-#endif
-/* default windowBits for decompression. MAX_WBITS is for compression only */
-
-#if MAX_MEM_LEVEL >= 8
-# define DEF_MEM_LEVEL 8
-#else
-# define DEF_MEM_LEVEL MAX_MEM_LEVEL
-#endif
-/* default memLevel */
-
-#define STORED_BLOCK 0
-#define STATIC_TREES 1
-#define DYN_TREES 2
-/* The three kinds of block type */
-
-#define MIN_MATCH 3
-#define MAX_MATCH 258
-/* The minimum and maximum match lengths */
-
-#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */
-
- /* target dependencies */
-
-#ifdef MSDOS
-# define OS_CODE 0x00
-# if defined(__TURBOC__) || defined(__BORLANDC__)
-# if(__STDC__ == 1) && (defined(__LARGE__) || defined(__COMPACT__))
- /* Allow compilation with ANSI keywords only enabled */
- void _Cdecl farfree( void *block );
- void *_Cdecl farmalloc( unsigned long nbytes );
-# else
-# include <alloc.h>
-# endif
-# else /* MSC or DJGPP */
-# include <malloc.h>
-# endif
-#endif
-
-#ifdef OS2
-# define OS_CODE 0x06
-#endif
-
-#ifdef WIN32 /* Window 95 & Windows NT */
-# define OS_CODE 0x0b
-#endif
-
-#if defined(VAXC) || defined(VMS)
-# define OS_CODE 0x02
-# define F_OPEN(name, mode) \
- fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
-#endif
-
-#ifdef AMIGA
-# define OS_CODE 0x01
-#endif
-
-#if defined(ATARI) || defined(atarist)
-# define OS_CODE 0x05
-#endif
-
-#if defined(MACOS) || defined(TARGET_OS_MAC)
-# define OS_CODE 0x07
-# if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os
-# include <unix.h> /* for fdopen */
-# else
-# ifndef fdopen
-# define fdopen(fd,mode) NULL /* No fdopen() */
-# endif
-# endif
-#endif
-
-#ifdef __50SERIES /* Prime/PRIMOS */
-# define OS_CODE 0x0F
-#endif
-
-#ifdef TOPS20
-# define OS_CODE 0x0a
-#endif
-
-#if defined(_BEOS_) || defined(RISCOS)
-# define fdopen(fd,mode) NULL /* No fdopen() */
-#endif
-
-#if (defined(_MSC_VER) && (_MSC_VER > 600))
-# define fdopen(fd,type) _fdopen(fd,type)
-#endif
-
-
- /* Common defaults */
-
-#ifndef OS_CODE
-# define OS_CODE 0x03 /* assume Unix */
-#endif
-
-#ifndef F_OPEN
-# define F_OPEN(name, mode) fopen((name), (mode))
-#endif
-
- /* functions */
-
-#ifdef HAVE_STRERROR
- extern char *strerror OF((int));
-# define zstrerror(errnum) strerror(errnum)
-#else
-# define zstrerror(errnum) ""
-#endif
-
-#if defined(pyr)
-# define NO_MEMCPY
-#endif
-#if defined(SMALL_MEDIUM) && !defined(_MSC_VER) && !defined(__SC__)
- /* Use our own functions for small and medium model with MSC <= 5.0.
- * You may have to use the same strategy for Borland C (untested).
- * The __SC__ check is for Symantec.
- */
-# define NO_MEMCPY
-#endif
-#if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY)
-# define HAVE_MEMCPY
-#endif
-#ifdef HAVE_MEMCPY
-# ifdef SMALL_MEDIUM /* MSDOS small or medium model */
-# define zmemcpy _fmemcpy
-# define zmemcmp _fmemcmp
-# define zmemzero(dest, len) _fmemset(dest, 0, len)
-# else
-# define zmemcpy memcpy
-# define zmemcmp memcmp
-# define zmemzero(dest, len) memset(dest, 0, len)
-# endif
-#else
- extern void zmemcpy OF((Bytef* dest, const Bytef* source, uInt len));
- extern int zmemcmp OF((const Bytef* s1, const Bytef* s2, uInt len));
- extern void zmemzero OF((Bytef* dest, uInt len));
-#endif
-
-/* Diagnostic functions */
-#ifdef DEBUG
-# include <stdio.h>
- extern int z_verbose;
- extern void z_error OF((char *m));
-# define Assert(cond,msg) {if(!(cond)) z_error(msg);}
-# define Trace(x) {if (z_verbose>=0) fprintf x ;}
-# define Tracev(x) {if (z_verbose>0) fprintf x ;}
-# define Tracevv(x) {if (z_verbose>1) fprintf x ;}
-# define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
-# define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
-#else
-# define Assert(cond,msg)
-# define Trace(x)
-# define Tracev(x)
-# define Tracevv(x)
-# define Tracec(c,x)
-# define Tracecv(c,x)
-#endif
-
-
-typedef uLong (ZEXPORT *check_func) OF((uLong check, const Bytef *buf,
- uInt len));
-voidpf zcalloc OF((voidpf opaque, unsigned items, unsigned size));
-void zcfree OF((voidpf opaque, voidpf ptr));
-
-#define ZALLOC(strm, items, size) \
- (*((strm)->zalloc))((strm)->opaque, (items), (size))
-#define ZFREE(strm, addr) (*((strm)->zfree))((strm)->opaque, (voidpf)(addr))
-#define TRY_FREE(s, p) {if (p) ZFREE(s, p);}
-
-#endif /* _Z_UTIL_H */
#
# Makefile to build MIG-generated sources and headers
#
-SRC = $(SYMROOT)/derived_src
-HDR = $(SYMROOT)/include
+XSRCROOT:=$(shell cd $(SRCROOT) >/dev/null; pwd)
+TARGET:=$(shell cd $(BUILT_PRODUCTS_DIR) >/dev/null; pwd)
+SRC:=$(TARGET)/derived_src
+HDR:=$(TARGET)/include
build: $(SRC)/.mig.ucsp $(SRC)/.mig.secagent
rm -f $(SRC)/.mig.ucsp $(SRC)/.mig.secagent \
$(SRC)/ucsp*.cpp $(SRC)/secagent*.cpp $(HDR)/ucsp.h $(HDR)/secagent.h
-$(SRC)/.mig.ucsp: SecurityServer/ucsp.defs SecurityServer/ucsp_types.h
+$(SRC)/.mig.ucsp: SecurityServer/ucsp.defs SecurityServer/ucspNotify.defs SecurityServer/ucsp_types.h
mkdir -p $(SRC)
mkdir -p $(HDR)
cd /tmp; mig -server $(SRC)/ucspServer.cpp -user $(SRC)/ucspUser.cpp \
- -header $(HDR)/ucsp.h $(SRCROOT)/SecurityServer/ucsp.defs
+ -header $(HDR)/ucsp.h $(XSRCROOT)/SecurityServer/ucsp.defs
+ cd /tmp; mig -server $(SRC)/ucspNotifyReceiver.cpp -user $(SRC)/ucspNotifySender.cpp \
+ -header $(HDR)/ucspNotify.h $(XSRCROOT)/SecurityServer/ucspNotify.defs
touch $(SRC)/.mig.ucsp
$(SRC)/.mig.secagent: SecurityServer/secagent.defs SecurityServer/secagent_types.h
mkdir -p $(SRC)
mkdir -p $(HDR)
cd /tmp; mig -server $(SRC)/secagentServer.cpp -user $(SRC)/secagentUser.cpp \
- -header $(HDR)/secagent.h $(SRCROOT)/SecurityServer/secagent.defs
+ -header $(HDR)/secagent.h $(XSRCROOT)/SecurityServer/secagent.defs
touch $(SRC)/.mig.secagent
#include <sys/wait.h>
#include <sys/syslimits.h>
#include <time.h>
+#include <signal.h>
+#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
// @@@ Should be in <time.h> but it isn't as of Puma5F22
extern "C" int nanosleep(const struct timespec *rqtp, struct timespec *rmtp);
using namespace MachPlusPlus;
+// pass structured arguments in/out of IPC calls. See "data walkers" for details
+#define COPY(copy) copy, copy.length(), copy
+#define COPY_OUT(copy) ©, ©##Length, ©##Base
+#define COPY_OUT_DECL(type,name) type *name, *name##Base; mach_msg_type_number_t name##Length
+
+
//
// Encode a requestor
//
//
// Initialize our CSSM interface
//
-Client::Client() : mActive(false), mKeepAlive(false), stage(mainStage)
+Client::Client() : mActive(false), mUsePBS(true), mKeepAlive(false), stage(mainStage)
{
}
+/*
+ * The new, preferred way to activate the Security Agent. The Security
+ * Server will take advantage of this interface; the old constructor is
+ * kept around for compatibility with the only other client, DiskCopy.
+ * DiskCopy needs to be fixed to use the Security Server itself rather
+ * than this library.
+ */
+Client::Client(uid_t clientUID, Bootstrap clientBootstrap) :
+ mActive(false), desktopUid(clientUID), mUsePBS(false),
+ mClientBootstrap(clientBootstrap), mKeepAlive(false), stage(mainStage)
+{
+ setClientGroupID();
+ debug("SAclnt", "Desktop: uid %d, gid %d", desktopUid, desktopGid);
+}
+
Client::~Client()
{
terminate();
//
void Client::establishServer(const char *name)
{
- locateDesktop();
+ /*
+ * Once we wean ourselves off PBS we can eliminate "bootstrap" and use
+ * mClientBootstrap directly.
+ */
+ if (mUsePBS)
+ locateDesktop();
+ else
+ pbsBootstrap = mClientBootstrap;
// If the userids don't match, that means you can't do user interaction
+ // @@@ Check session so we don't pop up UI in a non-UI context
// @@@ Expose this to caller so it can implement its own idea of getuid()!
if (desktopUid != getuid() && getuid() != 0)
CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
-
+
// if the server is already running, we're done
Bootstrap bootstrap(pbsBootstrap);
if (mServerPort = bootstrap.lookupOptional(name))
- return;
-
+ return;
+
#if defined(AGENTNAME) && defined(AGENTPATH)
// switch the bootstrap port to that of the logged-in user
StBootstrap bootSaver(pbsBootstrap);
// to call seteuid(0) successfully.
setuid(desktopUid); // switch to login-user uid
+ // close down any files that might have been open at this point
+ int maxDescriptors = getdtablesize ();
+ int i;
+
+ for (i = 3; i < maxDescriptors; ++i)
+ {
+ close (i);
+ }
+
// construct path to SecurityAgent
char agentExecutable[PATH_MAX + 1];
const char *path = getenv("SECURITYAGENT");
// This is used by the keychain-style ACL subject type (only).
//
void Client::queryKeychainAccess(const OSXCode *requestor, pid_t requestPid,
- const char *database, const char *itemName, AclAuthorization action,
- Client::KeychainChoice &choice)
+ const char *database, const char *itemName, AclAuthorization action,
+ bool needPassphrase, KeychainChoice &choice)
{
Requestor req(requestor);
#if defined(NOSA)
if (getenv("NOSA")) {
- char answer[10];
- getNoSA(answer, sizeof(answer), "Allow [someone] to do %d on %s in %s? ",
+ char answer[maxPassphraseLength+10];
+ getNoSA(answer, sizeof(answer), "Allow [someone] to do %d on %s in %s? [yn][g]%s ",
int(action), (itemName ? itemName : "[NULL item]"),
- (database ? database : "[NULL database]"));
+ (database ? database : "[NULL database]"),
+ needPassphrase ? ":passphrase" : "");
+ // turn passphrase (no ':') into y:passphrase
+ if (needPassphrase && !strchr(answer, ':')) {
+ memmove(answer+2, answer, strlen(answer)+1);
+ memcpy(answer, "y:", 2);
+ }
choice.allowAccess = answer[0] == 'y';
choice.continueGrantingToCaller = answer[1] == 'g';
+ if (const char *colon = strchr(answer, ':'))
+ strncpy(choice.passphrase, colon+1, maxPassphraseLength);
+ else
+ choice.passphrase[0] = '\0';
return;
}
#endif
activate();
check(secagent_client_queryKeychainAccess(mServerPort, mClientPort,
- &status, req, requestPid, (database ? database : ""), itemName, action, &choice));
+ &status, req, requestPid, (database ? database : ""), itemName, action,
+ needPassphrase, &choice));
terminate();
}
return status == noErr;
}
+//
+// invokeMechanism old style
+//
+bool Client::invokeMechanism(const string &inPluginId, const string &inMechanismId, const AuthorizationValueVector *inArguments, const AuthorizationItemSet *inHints, const AuthorizationItemSet *inContext, AuthorizationResult *outResult, AuthorizationItemSet *&outHintsPtr, AuthorizationItemSet *&outContextPtr)
+{
+ Copier<AuthorizationValueVector> inArgumentVector(inArguments);
+ Copier<AuthorizationItemSet> inHintsSet(inHints);
+ Copier<AuthorizationItemSet> inContextSet(inContext);
+
+ COPY_OUT_DECL(AuthorizationItemSet, outHintsSet);
+ COPY_OUT_DECL(AuthorizationItemSet, outContextSet);
+
+ activate();
+
+ // either noErr (user cancel, allow) or throws authInternal
+ check(secagent_client_invokeMechanism(mServerPort, mClientPort,
+ &status, &mStagePort.port(),
+ inPluginId.c_str(),
+ inMechanismId.c_str(),
+ COPY(inArgumentVector),
+ COPY(inHintsSet),
+ COPY(inContextSet),
+ outResult,
+ COPY_OUT(outHintsSet),
+ COPY_OUT(outContextSet)));
+
+ if (status != errAuthorizationDenied)
+ {
+ relocate(outHintsSet, outHintsSetBase);
+ Copier<AuthorizationItemSet> copyHints(outHintsSet);
+ // the auth engine releases this when done
+ outHintsPtr = copyHints.keep();
+ relocate(outContextSet, outContextSetBase);
+ Copier<AuthorizationItemSet> copyContext(outContextSet);
+ // the auth engine releases this when done
+ outContextPtr = copyContext.keep();
+ }
+
+ return (status == noErr);
+}
+
+
+void Client::terminateAgent()
+{
+ if (mUsePBS)
+ // find the right place to look
+ locateDesktop();
+
+ // make sure we're doing this for the right user
+ // @@@ Check session as well!
+ if (desktopUid != getuid() && getuid() != 0)
+ CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
+
+ // if the server is already running, it's time to kill it
+ bool agentRunning = false;
+ if (mUsePBS)
+ {
+ Bootstrap bootstrap(pbsBootstrap);
+ if (mServerPort = bootstrap.lookupOptional("SecurityAgent"))
+ agentRunning = true;
+ }
+ else
+ {
+ if (mServerPort = mClientBootstrap.lookupOptional("SecurityAgent"))
+ agentRunning = true;
+ }
+ if (agentRunning)
+ {
+ activate();
+ check(secagent_client_terminate(mServerPort, mClientPort));
+ }
+}
+
+#include <sys/types.h>
+#include <grp.h>
+
+void Client::setClientGroupID(const char *grpName)
+{
+ /*
+ * desktopGid is unsigned so the compiler warns about the conversion
+ * of -2.
+ */
+ struct group *grent = getgrnam(grpName ? grpName : "nobody");
+ desktopGid = grent ? grent->gr_gid : -2;
+}
//
// Locate and identify the current desktop.
#include <Security/osxsigning.h>
#include <Security/cssmacl.h>
#include <Security/cssm.h>
+#include <Security/Authorization.h>
+#include <Security/AuthorizationPlugin.h>
+#include <Security/AuthorizationWalkers.h>
namespace Security {
using MachPlusPlus::Port;
+ using MachPlusPlus::Bootstrap;
using CodeSigning::OSXCode;
static const unsigned int maxPassphraseLength = 1024;
static const unsigned int maxUsernameLength = 80;
-
//
// Unified reason codes transmitted to SecurityAgent (and internationalized there)
//
class Client {
public:
Client();
+ Client(uid_t clientUID, Bootstrap clientBootstrap);
virtual ~Client();
-
- void activate(const char *bootstrapName = NULL);
- void terminate();
-
+
+ virtual void activate(const char *bootstrapName = NULL);
+ virtual void terminate();
+ bool isActive() const { return mActive; }
+
bool keepAlive() const { return mKeepAlive; }
void keepAlive(bool ka) { mKeepAlive = ka; }
// ask permission to use an item in a database
struct KeychainChoice {
- bool allowAccess;
- bool continueGrantingToCaller;
+ bool allowAccess; // user said "yes"
+ bool continueGrantingToCaller; // user wants calling App added to ACL
+ char passphrase[maxPassphraseLength]; // only if requested
};
void queryKeychainAccess(const OSXCode *requestor, pid_t requestPid,
const char *database, const char *itemName, AclAuthorization action,
- KeychainChoice &choice);
+ bool needPassphrase, KeychainChoice &choice);
// generic old passphrase query
void queryOldGenericPassphrase(const OSXCode *requestor, pid_t requestPid,
char username[maxUsernameLength], char passphrase[maxPassphraseLength]);
bool retryAuthorizationAuthenticate(Reason reason,
char username[maxUsernameLength], char passphrase[maxPassphraseLength]);
-
+
+ bool invokeMechanism(const string &inPluginId, const string &inMechanismId, const AuthorizationValueVector *inArguments, const AuthorizationItemSet *inHints, const AuthorizationItemSet *inContext, AuthorizationResult *outResult, AuthorizationItemSet *&outHintsPtr, AuthorizationItemSet *&outContextPtr);
+
+ void terminateAgent();
+
// Cancel a pending client call in another thread by sending a cancel message.
// This call (only) may be made from another thread.
void cancel();
bool mActive;
uid_t desktopUid;
gid_t desktopGid;
+ bool mUsePBS;
+ Bootstrap mClientBootstrap;
mach_port_t pbsBootstrap;
bool mKeepAlive;
newPassphraseStage, // in get-new-passphrase sub-protocol
newGenericPassphraseStage, // in get-new-generic-passphrase sub-protocol
oldGenericPassphraseStage, // in get-old-generic-passphrase sub-protocol
- authorizeStage // in authorize-by-group-membership sub-protocol
+ authorizeStage, // in authorize-by-group-membership sub-protocol
+ invokeMechanismStage // in invoke mechanism sub-protocol
} stage;
Port mStagePort;
- void locateDesktop();
+ void setClientGroupID(const char *grpName = NULL);
+ void locateDesktop();
void establishServer(const char *name);
void check(kern_return_t error);
void unstage();
+++ /dev/null
-// !$*UTF8*$!
-{
- archiveVersion = 1;
- classes = {
- };
- objectVersion = 31;
- objects = {
- 00C958F7FF092883D0A17CE7 = {
- children = (
- 6CC434E1FF09B18B11CD283A,
- 00C958F9FF092883D0A17CE7,
- 00C958FDFF092883D0A17CE7,
- 00C958F8FF092883D0A17CE7,
- 00C958FAFF092883D0A17CE7,
- 00C958FBFF092883D0A17CE7,
- 00C958FCFF092883D0A17CE7,
- );
- isa = PBXGroup;
- name = MacYarrow;
- path = "";
- refType = 4;
- };
- 00C958F8FF092883D0A17CE7 = {
- children = (
- 01005F97FF092E82D0A17CE7,
- 01005F98FF092E82D0A17CE7,
- 01005F99FF092E82D0A17CE7,
- 01005F9AFF092E82D0A17CE7,
- 01005F9BFF092E82D0A17CE7,
- 01005F9CFF092E82D0A17CE7,
- 01005F9DFF092E82D0A17CE7,
- 01005F9EFF092E82D0A17CE7,
- 01005F9FFF092E82D0A17CE7,
- 01005FA2FF092E82D0A17CE7,
- 01005FA3FF092E82D0A17CE7,
- );
- isa = PBXGroup;
- name = YarrowServer;
- refType = 4;
- };
- 00C958F9FF092883D0A17CE7 = {
- children = (
- 01005F91FF092DE1D0A17CE7,
- 01005F92FF092DE1D0A17CE7,
- 01005F93FF092DE1D0A17CE7,
- );
- isa = PBXGroup;
- name = "MIG RPC";
- refType = 4;
- };
- 00C958FAFF092883D0A17CE7 = {
- children = (
- 01005FB4FF092EFBD0A17CE7,
- 01005FB5FF092EFBD0A17CE7,
- 01005FB6FF092EFBD0A17CE7,
- 01005FB7FF092EFBD0A17CE7,
- 01005FB8FF092EFBD0A17CE7,
- 01005FB9FF092EFBD0A17CE7,
- 01005FBAFF092EFBD0A17CE7,
- 01005FBBFF092EFBD0A17CE7,
- 01005FBCFF092EFBD0A17CE7,
- 01005FBDFF092EFBD0A17CE7,
- 01005FBEFF092EFBD0A17CE7,
- 01005FBFFF092EFBD0A17CE7,
- 01005FC0FF092EFBD0A17CE7,
- 01005FC1FF092EFBD0A17CE7,
- 01005FC2FF092EFBD0A17CE7,
- 01005FC4FF092EFBD0A17CE7,
- 01005FC5FF092EFBD0A17CE7,
- 01005FC6FF092EFBD0A17CE7,
- 01005FC7FF092EFBD0A17CE7,
- );
- isa = PBXGroup;
- name = YarrowCoreLib;
- path = "";
- refType = 4;
- };
- 00C958FBFF092883D0A17CE7 = {
- children = (
- 01005FDCFF092F71D0A17CE7,
- 01005FDDFF092F71D0A17CE7,
- 01005FDEFF092F71D0A17CE7,
- 01005FDFFF092F71D0A17CE7,
- 01005FE0FF092F71D0A17CE7,
- 01005FE1FF092F71D0A17CE7,
- 01005FE2FF092F71D0A17CE7,
- 01005FE3FF092F71D0A17CE7,
- 01005FE4FF092F71D0A17CE7,
- );
- isa = PBXGroup;
- name = zlib;
- path = "";
- refType = 4;
- };
- 00C958FCFF092883D0A17CE7 = {
- children = (
- 01005FEEFF092FB8D0A17CE7,
- 01005FEFFF092FB8D0A17CE7,
- 01005FF3FF0930C3D0A17CE7,
- );
- isa = PBXGroup;
- name = "Test Harness";
- path = "";
- refType = 4;
- };
- 00C958FDFF092883D0A17CE7 = {
- children = (
- 03D6E7BAFF16DF7511CD283A,
- 01005F94FF092E82D0A17CE7,
- 01005F95FF092E82D0A17CE7,
- );
- isa = PBXGroup;
- name = YarrowClient;
- path = "";
- refType = 4;
- };
- 00C95903FF092949D0A17CE7 = {
- buildPhases = (
- 00C95904FF092949D0A17CE7,
- 00C95905FF092949D0A17CE7,
- 00C95906FF092949D0A17CE7,
- 00C95907FF092949D0A17CE7,
- 00C95908FF092949D0A17CE7,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- FRAMEWORK_VERSION = A;
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SYMROOT)/include\"";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "-lstdc++ -prebind -seg_addr_table $(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRINCIPAL_CLASS = "";
- PRODUCT_NAME = SecurityYarrowClient;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = framework;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 01005FF2FF093014D0A17CE7,
- );
- isa = PBXFrameworkTarget;
- name = YarrowClient;
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- productName = SecurityYarrowClient;
- productReference = 011B80E0FF140C9311CD283A;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict/>
-</plist>
-";
- shouldUseHeadermap = 0;
- };
- 00C95904FF092949D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 01005FA4FF092E82D0A17CE7,
- 03D6E7BBFF16DF7511CD283A,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 00C95905FF092949D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 00C95906FF092949D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 01005FA5FF092E82D0A17CE7,
- 01005FF4FF0930C3D0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 00C95907FF092949D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 0140AD53FFA8EB2311CD296C,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 00C95908FF092949D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 00C9590CFF0929F1D0A17CE7 = {
- buildPhases = (
- 00C9590DFF0929F1D0A17CE7,
- 00C9590EFF0929F1D0A17CE7,
- 00C9590FFF0929F1D0A17CE7,
- 00C95910FF0929F1D0A17CE7,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Headers/CIncludes\" \"$(SRCROOT)/MacYarrow\" \"$(SRCROOT)/MacYarrow/YarrowCoreLib/include\" \"$(SYMROOT)\" \"$(SYMROOT)/include\"";
- LIBRARY_SEARCH_PATHS = "";
- LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "-L$(SYMROOT) -lYarrowCore";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = libYarrowServer.a;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 01621B24FF09323DD0A17CE7,
- 01621B25FF09323DD0A17CE7,
- );
- isa = PBXLibraryTarget;
- name = YarrowServer;
- productName = libYarrowServer.a;
- productReference = 011B80E1FF140C9311CD283A;
- shouldUseHeadermap = 0;
- };
- 00C9590DFF0929F1D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 01005FA7FF092E82D0A17CE7,
- 01005FA8FF092E82D0A17CE7,
- 01005FA9FF092E82D0A17CE7,
- 01005FAAFF092E82D0A17CE7,
- 01005FABFF092E82D0A17CE7,
- 01005FADFF092E82D0A17CE7,
- 6CC434E2FF09B18C11CD283A,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 00C9590EFF0929F1D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 01005FAEFF092E82D0A17CE7,
- 01005FAFFF092E82D0A17CE7,
- 01005FB0FF092E82D0A17CE7,
- 01005FB1FF092E82D0A17CE7,
- 01005FB3FF092E82D0A17CE7,
- 01621B2BFF09328ED0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 00C9590FFF0929F1D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 00C95910FF0929F1D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 00C95911FF0929F1D0A17CE7 = {
- buildPhases = (
- 00C95912FF0929F1D0A17CE7,
- 00C95913FF0929F1D0A17CE7,
- 00C95914FF0929F1D0A17CE7,
- 00C95915FF0929F1D0A17CE7,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\" \"$(SRCROOT)/MacYarrow\"";
- INSTALL_PATH = /usr/local/lib;
- LIBRARY_SEARCH_PATHS = "\"$(SYMROOT)\"";
- LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "-lzlibcomp";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = libYarrowCore.a;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 01621B23FF093182D0A17CE7,
- );
- isa = PBXLibraryTarget;
- name = YarrowCore;
- productInstallPath = /usr/local/lib;
- productName = libYarrowCore.a;
- productReference = 011B80E3FF140C9311CD283A;
- shouldUseHeadermap = 0;
- };
- 00C95912FF0929F1D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 01005FC8FF092EFBD0A17CE7,
- 01005FC9FF092EFBD0A17CE7,
- 01005FCAFF092EFBD0A17CE7,
- 01005FCBFF092EFBD0A17CE7,
- 01005FCCFF092EFBD0A17CE7,
- 01005FCDFF092EFBD0A17CE7,
- 01005FCEFF092EFBD0A17CE7,
- 01005FCFFF092EFBD0A17CE7,
- 01005FD0FF092EFBD0A17CE7,
- 01005FD1FF092EFBD0A17CE7,
- 01005FD2FF092EFBD0A17CE7,
- 01005FD3FF092EFBD0A17CE7,
- 01005FD4FF092EFBD0A17CE7,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 00C95913FF0929F1D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 01005FD5FF092EFBD0A17CE7,
- 01005FD6FF092EFBD0A17CE7,
- 01005FD7FF092EFBD0A17CE7,
- 01005FD8FF092EFBD0A17CE7,
- 01005FDAFF092EFBD0A17CE7,
- 01005FDBFF092EFBD0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 00C95914FF0929F1D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 00C95915FF0929F1D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 00C95916FF0929F1D0A17CE7 = {
- buildPhases = (
- 00C95917FF0929F1D0A17CE7,
- 00C95918FF0929F1D0A17CE7,
- 00C95919FF0929F1D0A17CE7,
- 00C9591AFF0929F1D0A17CE7,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "";
- LIBRARY_SEARCH_PATHS = "";
- LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = libzlibcomp.a;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXLibraryTarget;
- name = "zlib compress";
- productName = libzlibcomp.a;
- productReference = 011B80E2FF140C9311CD283A;
- shouldUseHeadermap = 0;
- };
- 00C95917FF0929F1D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 01005FE5FF092F71D0A17CE7,
- 01005FE6FF092F71D0A17CE7,
- 01005FE7FF092F71D0A17CE7,
- 01005FE8FF092F71D0A17CE7,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 00C95918FF0929F1D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 01005FE9FF092F71D0A17CE7,
- 01005FEAFF092F71D0A17CE7,
- 01005FEBFF092F71D0A17CE7,
- 01005FECFF092F71D0A17CE7,
- 01005FEDFF092F71D0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 00C95919FF0929F1D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 00C9591AFF0929F1D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 00C9591DFF092AA8D0A17CE7 = {
- buildArgumentsString = "-f MakefileYarrow $ACTION \"SYMROOT=$(SYMROOT)\" \"SRCROOT=$(SRCROOT)\" ";
- buildPhases = (
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "";
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = "Yarrow MIG RPC";
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "";
- };
- buildToolPath = /usr/bin/gnumake;
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXLegacyTarget;
- name = "Yarrow MIG RPC";
- productName = "Yarrow MIG RPC";
- settingsToExpand = 6;
- settingsToPassInEnvironment = 1;
- settingsToPassOnCommandLine = 280;
- shouldUseHeadermap = 0;
- };
- 00C9591EFF092AA8D0A17CE7 = {
- buildPhases = (
- 00C9591FFF092AA8D0A17CE7,
- 00C95920FF092AA8D0A17CE7,
- 00C95921FF092AA8D0A17CE7,
- 00C95922FF092AA8D0A17CE7,
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)/MacYarrow\"";
- INSTALL_PATH = /usr/local/bin;
- LIBRARY_SEARCH_PATHS = "\"$(SYMROOT)\"";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "-lYarrowServer";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = yarrowTestServer;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 01621B2FFF0933F4D0A17CE7,
- );
- isa = PBXToolTarget;
- name = yarrowTestServer;
- productInstallPath = /usr/local/bin;
- productName = yarrowTestServer;
- productReference = 011B80DCFF140C9311CD283A;
- shouldUseHeadermap = 0;
- };
- 00C9591FFF092AA8D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 00C95920FF092AA8D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 01005FF0FF092FB8D0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 00C95921FF092AA8D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 0140AD55FFA8EB2311CD296C,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 00C95922FF092AA8D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 00C95923FF092AA8D0A17CE7 = {
- buildPhases = (
- 00C95924FF092AA8D0A17CE7,
- 00C95925FF092AA8D0A17CE7,
- 00C95926FF092AA8D0A17CE7,
- 00C95927FF092AA8D0A17CE7,
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\"";
- HEADER_SEARCH_PATHS = "";
- INSTALL_PATH = /usr/local/bin;
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = yarrowTestClient;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 01621B33FF09351FD0A17CE7,
- );
- isa = PBXToolTarget;
- name = yarrowTestClient;
- productInstallPath = /usr/local/bin;
- productName = yarrowTestClient;
- productReference = 011B80DEFF140C9311CD283A;
- shouldUseHeadermap = 0;
- };
- 00C95924FF092AA8D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 00C95925FF092AA8D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 01005FF1FF092FB8D0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 00C95926FF092AA8D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- 01C17CFCFF16DA6211CD283A,
- 0140AD56FFA8EB2311CD296C,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 00C95927FF092AA8D0A17CE7 = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 00DFB0D2FEB79FB211CD296C = {
- isa = PBXFileReference;
- path = acls.h;
- refType = 4;
- };
- 00DFB0D3FEB79FB211CD296C = {
- isa = PBXFileReference;
- path = acls.cpp;
- refType = 4;
- };
- 00DFB0D4FEB79FB211CD296C = {
- fileRef = 00DFB0D2FEB79FB211CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00DFB0D5FEB79FB211CD296C = {
- fileRef = 00DFB0D3FEB79FB211CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00EFF5BBFE93EA0D11CD296C = {
- isa = PBXFileReference;
- path = transition.cpp;
- refType = 4;
- };
- 00EFF5BCFE93EA0D11CD296C = {
- fileRef = 00EFF5BBFE93EA0D11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00EFF5EBFE95419011CD296C = {
- fileRef = 348D2E5AFE81B60B11CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00EFF5ECFE95419011CD296C = {
- fileRef = 0F409627FE746BD111CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00F9D6B9FEA504D511CD296C = {
- buildPhases = (
- 00F9D6BAFEA504D511CD296C,
- 00F9D6BDFEA504D511CD296C,
- 00F9D6BEFEA504D511CD296C,
- 00F9D6C1FEA504D511CD296C,
- 00F9D6C4FEA504D511CD296C,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- FRAMEWORK_VERSION = A;
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SYMROOT)/include\"";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "-Wno-unused -DSAFER";
- OTHER_LDFLAGS = "-lstdc++ -prebind -seg_addr_table $(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table";
- OTHER_REZFLAGS = "";
- PRINCIPAL_CLASS = "";
- PRODUCT_NAME = SecurityServerClient;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-unused -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = framework;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 00F9D6CBFEA5060511CD296C,
- );
- isa = PBXFrameworkTarget;
- name = "SecurityServer Client";
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- productName = SecurityServerClient;
- productReference = 011B80E4FF140C9311CD283A;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict/>
-</plist>
-";
- shouldUseHeadermap = 0;
- };
- 00F9D6BAFEA504D511CD296C = {
- buildActionMask = 2147483647;
- files = (
- 03D6E7B9FF16DE8A11CD283A,
- 00F9D6BBFEA504D511CD296C,
- 00F9D6BCFEA504D511CD296C,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 00F9D6BBFEA504D511CD296C = {
- fileRef = 111A0B82FE75AA7411CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00F9D6BCFEA504D511CD296C = {
- fileRef = 4D433F0DFE9CF5B811CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00F9D6BDFEA504D511CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 00F9D6BEFEA504D511CD296C = {
- buildActionMask = 2147483647;
- files = (
- 00F9D6BFFEA504D511CD296C,
- 00F9D6C0FEA504D511CD296C,
- 00F9D6C8FEA5056A11CD296C,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 00F9D6BFFEA504D511CD296C = {
- fileRef = 111A0B84FE75AAD211CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00F9D6C0FEA504D511CD296C = {
- fileRef = 4D433F0EFE9CF5B811CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00F9D6C1FEA504D511CD296C = {
- buildActionMask = 2147483647;
- files = (
- 00F9D6C3FEA504D511CD296C,
- 0140AD52FFA8EB2311CD296C,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 00F9D6C3FEA504D511CD296C = {
- fileRef = 0F409627FE746BD111CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00F9D6C4FEA504D511CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 00F9D6C8FEA5056A11CD296C = {
- fileRef = 111A0B73FE75A89D11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00F9D6CBFEA5060511CD296C = {
- isa = PBXTargetDependency;
- target = 5DF1AE65FE88150D11CD296C;
- };
- 00F9D6CDFEA5065511CD296C = {
- children = (
- 011B80DFFF140C9311CD283A,
- 014A688AFFE94D9411CD296C,
- 011B80E0FF140C9311CD283A,
- 011B80E1FF140C9311CD283A,
- 011B80E2FF140C9311CD283A,
- 011B80E3FF140C9311CD283A,
- 011B80E4FF140C9311CD283A,
- 1379BD96FF9BA26811CD283A,
- 0140AD5AFFA8EBF911CD296C,
- 0140AD72FFA9002E11CD296C,
- 011B80DDFF140C9311CD283A,
- 011B80DEFF140C9311CD283A,
- 011B80DCFF140C9311CD283A,
- 037D0ECFFFA115C911CD283A,
- 2BC07DF1FFE9A3DE11CD296C,
- );
- isa = PBXGroup;
- name = Products;
- path = "";
- refType = 3;
- };
- 00FDF003FEDF19F511CD296C = {
- isa = PBXFileReference;
- path = session.cpp;
- refType = 4;
- };
- 00FDF004FEDF19F511CD296C = {
- isa = PBXFileReference;
- path = session.h;
- refType = 4;
- };
- 00FDF005FEDF19F511CD296C = {
- fileRef = 00FDF004FEDF19F511CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 00FDF006FEDF19F511CD296C = {
- fileRef = 00FDF003FEDF19F511CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005F91FF092DE1D0A17CE7 = {
- isa = PBXFileReference;
- path = yarrowMigTypes.h;
- refType = 4;
- };
- 01005F92FF092DE1D0A17CE7 = {
- isa = PBXFileReference;
- path = yarrowServer.defs;
- refType = 4;
- };
- 01005F93FF092DE1D0A17CE7 = {
- isa = PBXFileReference;
- path = MakefileYarrow;
- refType = 4;
- };
- 01005F94FF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = YarrowClient.h;
- path = MacYarrow/YarrowClient/YarrowClient.h;
- refType = 4;
- };
- 01005F95FF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = YarrowClient_OSX.cpp;
- path = MacYarrow/YarrowClient/YarrowClient_OSX.cpp;
- refType = 4;
- };
- 01005F97FF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = debug.c;
- path = MacYarrow/YarrowServer/debug.c;
- refType = 4;
- };
- 01005F98FF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = debug.h;
- path = MacYarrow/YarrowServer/debug.h;
- refType = 4;
- };
- 01005F99FF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = entropyFile.h;
- path = MacYarrow/YarrowServer/entropyFile.h;
- refType = 4;
- };
- 01005F9AFF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = entropyFileUnix.c;
- path = MacYarrow/YarrowServer/entropyFileUnix.c;
- refType = 4;
- };
- 01005F9BFF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = kdebug_private.h;
- path = MacYarrow/YarrowServer/kdebug_private.h;
- refType = 4;
- };
- 01005F9CFF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = MacYarrow_OSX.cpp;
- path = MacYarrow/YarrowServer/MacYarrow_OSX.cpp;
- refType = 4;
- };
- 01005F9DFF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = MacYarrow_OSX.h;
- path = MacYarrow/YarrowServer/MacYarrow_OSX.h;
- refType = 4;
- };
- 01005F9EFF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = systemEntropy.c;
- path = MacYarrow/YarrowServer/systemEntropy.c;
- refType = 4;
- };
- 01005F9FFF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = systemEntropy.h;
- path = MacYarrow/YarrowServer/systemEntropy.h;
- refType = 4;
- };
- 01005FA2FF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = YarrowServer_OSX.cpp;
- path = MacYarrow/YarrowServer/YarrowServer_OSX.cpp;
- refType = 4;
- };
- 01005FA3FF092E82D0A17CE7 = {
- isa = PBXFileReference;
- name = YarrowServer_OSX.h;
- path = MacYarrow/YarrowServer/YarrowServer_OSX.h;
- refType = 4;
- };
- 01005FA4FF092E82D0A17CE7 = {
- fileRef = 01005F94FF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FA5FF092E82D0A17CE7 = {
- fileRef = 01005F95FF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FA7FF092E82D0A17CE7 = {
- fileRef = 01005F98FF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FA8FF092E82D0A17CE7 = {
- fileRef = 01005F99FF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FA9FF092E82D0A17CE7 = {
- fileRef = 01005F9BFF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FAAFF092E82D0A17CE7 = {
- fileRef = 01005F9DFF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FABFF092E82D0A17CE7 = {
- fileRef = 01005F9FFF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FADFF092E82D0A17CE7 = {
- fileRef = 01005FA3FF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FAEFF092E82D0A17CE7 = {
- fileRef = 01005F97FF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FAFFF092E82D0A17CE7 = {
- fileRef = 01005F9AFF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FB0FF092E82D0A17CE7 = {
- fileRef = 01005F9CFF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FB1FF092E82D0A17CE7 = {
- fileRef = 01005F9EFF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FB3FF092E82D0A17CE7 = {
- fileRef = 01005FA2FF092E82D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FB4FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = WindowsTypesForMac.h;
- path = MacYarrow/YarrowCoreLib/include/WindowsTypesForMac.h;
- refType = 4;
- };
- 01005FB5FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = yarrow.h;
- path = MacYarrow/YarrowCoreLib/include/yarrow.h;
- refType = 4;
- };
- 01005FB6FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = yarrowUtils.h;
- path = MacYarrow/YarrowCoreLib/include/yarrowUtils.h;
- refType = 4;
- };
- 01005FB7FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = assertverify.h;
- path = MacYarrow/YarrowCoreLib/src/assertverify.h;
- refType = 4;
- };
- 01005FB8FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = comp.c;
- path = MacYarrow/YarrowCoreLib/src/comp.c;
- refType = 4;
- };
- 01005FB9FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = comp.h;
- path = MacYarrow/YarrowCoreLib/src/comp.h;
- refType = 4;
- };
- 01005FBAFF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = entropysources.h;
- path = MacYarrow/YarrowCoreLib/src/entropysources.h;
- refType = 4;
- };
- 01005FBBFF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = macOnly.h;
- path = MacYarrow/YarrowCoreLib/src/macOnly.h;
- refType = 4;
- };
- 01005FBCFF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = prng.c;
- path = MacYarrow/YarrowCoreLib/src/prng.c;
- refType = 4;
- };
- 01005FBDFF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = prng.h;
- path = MacYarrow/YarrowCoreLib/src/prng.h;
- refType = 4;
- };
- 01005FBEFF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = prngpriv.h;
- path = MacYarrow/YarrowCoreLib/src/prngpriv.h;
- refType = 4;
- };
- 01005FBFFF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = sha1mod.c;
- path = MacYarrow/YarrowCoreLib/src/sha1mod.c;
- refType = 4;
- };
- 01005FC0FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = sha1mod.h;
- path = MacYarrow/YarrowCoreLib/src/sha1mod.h;
- refType = 4;
- };
- 01005FC1FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = smf.cpp;
- path = MacYarrow/YarrowCoreLib/src/smf.cpp;
- refType = 4;
- };
- 01005FC2FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = smf.h;
- path = MacYarrow/YarrowCoreLib/src/smf.h;
- refType = 4;
- };
- 01005FC4FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = TBD.c;
- path = MacYarrow/YarrowCoreLib/src/TBD.c;
- refType = 4;
- };
- 01005FC5FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = userdefines.h;
- path = MacYarrow/YarrowCoreLib/src/userdefines.h;
- refType = 4;
- };
- 01005FC6FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = usersources.h;
- path = MacYarrow/YarrowCoreLib/src/usersources.h;
- refType = 4;
- };
- 01005FC7FF092EFBD0A17CE7 = {
- isa = PBXFileReference;
- name = yarrowUtils.c;
- path = MacYarrow/YarrowCoreLib/src/yarrowUtils.c;
- refType = 4;
- };
- 01005FC8FF092EFBD0A17CE7 = {
- fileRef = 01005FB4FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FC9FF092EFBD0A17CE7 = {
- fileRef = 01005FB5FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FCAFF092EFBD0A17CE7 = {
- fileRef = 01005FB6FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FCBFF092EFBD0A17CE7 = {
- fileRef = 01005FB7FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FCCFF092EFBD0A17CE7 = {
- fileRef = 01005FB9FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FCDFF092EFBD0A17CE7 = {
- fileRef = 01005FBAFF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FCEFF092EFBD0A17CE7 = {
- fileRef = 01005FBBFF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FCFFF092EFBD0A17CE7 = {
- fileRef = 01005FBDFF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FD0FF092EFBD0A17CE7 = {
- fileRef = 01005FBEFF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FD1FF092EFBD0A17CE7 = {
- fileRef = 01005FC0FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FD2FF092EFBD0A17CE7 = {
- fileRef = 01005FC2FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FD3FF092EFBD0A17CE7 = {
- fileRef = 01005FC5FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FD4FF092EFBD0A17CE7 = {
- fileRef = 01005FC6FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FD5FF092EFBD0A17CE7 = {
- fileRef = 01005FB8FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FD6FF092EFBD0A17CE7 = {
- fileRef = 01005FBCFF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FD7FF092EFBD0A17CE7 = {
- fileRef = 01005FBFFF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FD8FF092EFBD0A17CE7 = {
- fileRef = 01005FC1FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FDAFF092EFBD0A17CE7 = {
- fileRef = 01005FC4FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FDBFF092EFBD0A17CE7 = {
- fileRef = 01005FC7FF092EFBD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FDCFF092F71D0A17CE7 = {
- isa = PBXFileReference;
- name = adler32.c;
- path = MacYarrow/zlib/adler32.c;
- refType = 4;
- };
- 01005FDDFF092F71D0A17CE7 = {
- isa = PBXFileReference;
- name = compress.c;
- path = MacYarrow/zlib/compress.c;
- refType = 4;
- };
- 01005FDEFF092F71D0A17CE7 = {
- isa = PBXFileReference;
- name = deflate.c;
- path = MacYarrow/zlib/deflate.c;
- refType = 4;
- };
- 01005FDFFF092F71D0A17CE7 = {
- isa = PBXFileReference;
- name = deflate.h;
- path = MacYarrow/zlib/deflate.h;
- refType = 4;
- };
- 01005FE0FF092F71D0A17CE7 = {
- isa = PBXFileReference;
- name = trees.c;
- path = MacYarrow/zlib/trees.c;
- refType = 4;
- };
- 01005FE1FF092F71D0A17CE7 = {
- isa = PBXFileReference;
- name = trees.h;
- path = MacYarrow/zlib/trees.h;
- refType = 4;
- };
- 01005FE2FF092F71D0A17CE7 = {
- isa = PBXFileReference;
- name = zlib.h;
- path = MacYarrow/zlib/zlib.h;
- refType = 4;
- };
- 01005FE3FF092F71D0A17CE7 = {
- isa = PBXFileReference;
- name = zutil.c;
- path = MacYarrow/zlib/zutil.c;
- refType = 4;
- };
- 01005FE4FF092F71D0A17CE7 = {
- isa = PBXFileReference;
- name = zutil.h;
- path = MacYarrow/zlib/zutil.h;
- refType = 4;
- };
- 01005FE5FF092F71D0A17CE7 = {
- fileRef = 01005FDFFF092F71D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FE6FF092F71D0A17CE7 = {
- fileRef = 01005FE1FF092F71D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FE7FF092F71D0A17CE7 = {
- fileRef = 01005FE2FF092F71D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FE8FF092F71D0A17CE7 = {
- fileRef = 01005FE4FF092F71D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FE9FF092F71D0A17CE7 = {
- fileRef = 01005FDCFF092F71D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FEAFF092F71D0A17CE7 = {
- fileRef = 01005FDDFF092F71D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FEBFF092F71D0A17CE7 = {
- fileRef = 01005FDEFF092F71D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FECFF092F71D0A17CE7 = {
- fileRef = 01005FE0FF092F71D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FEDFF092F71D0A17CE7 = {
- fileRef = 01005FE3FF092F71D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FEEFF092FB8D0A17CE7 = {
- isa = PBXFileReference;
- name = clientTest.cpp;
- path = MacYarrow/testHarness/clientTest.cpp;
- refType = 4;
- };
- 01005FEFFF092FB8D0A17CE7 = {
- isa = PBXFileReference;
- name = serverDaemon.cpp;
- path = MacYarrow/testHarness/serverDaemon.cpp;
- refType = 4;
- };
- 01005FF0FF092FB8D0A17CE7 = {
- fileRef = 01005FEFFF092FB8D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FF1FF092FB8D0A17CE7 = {
- fileRef = 01005FEEFF092FB8D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01005FF2FF093014D0A17CE7 = {
- isa = PBXTargetDependency;
- target = 00C9591DFF092AA8D0A17CE7;
- };
- 01005FF3FF0930C3D0A17CE7 = {
- isa = PBXFileReference;
- name = yarrowMigUser.cpp;
- path = derived_src/yarrowMigUser.cpp;
- refType = 3;
- };
- 01005FF4FF0930C3D0A17CE7 = {
- fileRef = 01005FF3FF0930C3D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01101223FF0D0DE311CD296C = {
- children = (
- 01101224FF0D0DE311CD296C,
- 16732091FF32431411CD296C,
- );
- isa = PBXGroup;
- name = "Installation Files";
- path = "";
- refType = 4;
- };
- 01101224FF0D0DE311CD296C = {
- isa = PBXFileReference;
- path = Makefile.startup;
- refType = 4;
- };
- 01157F48FE7700BF11CD296C = {
- isa = PBXFileReference;
- path = ucsp.defs;
- refType = 4;
- };
- 011B80DCFF140C9311CD283A = {
- isa = PBXExecutableFileReference;
- path = yarrowTestServer;
- refType = 3;
- };
- 011B80DDFF140C9311CD283A = {
- isa = PBXExecutableFileReference;
- path = SSTester;
- refType = 3;
- };
- 011B80DEFF140C9311CD283A = {
- isa = PBXExecutableFileReference;
- path = yarrowTestClient;
- refType = 3;
- };
- 011B80DFFF140C9311CD283A = {
- isa = PBXExecutableFileReference;
- path = SecurityServer;
- refType = 3;
- };
- 011B80E0FF140C9311CD283A = {
- isa = PBXFrameworkReference;
- path = SecurityYarrowClient.framework;
- refType = 3;
- };
- 011B80E1FF140C9311CD283A = {
- isa = PBXLibraryReference;
- path = libYarrowServer.a;
- refType = 3;
- };
- 011B80E2FF140C9311CD283A = {
- isa = PBXLibraryReference;
- path = libzlibcomp.a;
- refType = 3;
- };
- 011B80E3FF140C9311CD283A = {
- isa = PBXLibraryReference;
- path = libYarrowCore.a;
- refType = 3;
- };
- 011B80E4FF140C9311CD283A = {
- isa = PBXFrameworkReference;
- path = SecurityServerClient.framework;
- refType = 3;
- };
- 0140AD51FFA8EA2311CD296C = {
- children = (
- 0140AD58FFA8EBF911CD296C,
- 0140AD59FFA8EBF911CD296C,
- );
- isa = PBXGroup;
- name = "SecurityAgent Client";
- refType = 4;
- };
- 0140AD52FFA8EB2311CD296C = {
- fileRef = 01621B35FF09357FD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD53FFA8EB2311CD296C = {
- fileRef = 01621B35FF09357FD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD54FFA8EB2311CD296C = {
- fileRef = 01621B35FF09357FD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD55FFA8EB2311CD296C = {
- fileRef = 01621B35FF09357FD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD56FFA8EB2311CD296C = {
- fileRef = 01621B35FF09357FD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD57FFA8EB2311CD296C = {
- fileRef = 01621B35FF09357FD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD58FFA8EBF911CD296C = {
- isa = PBXFileReference;
- path = SecurityAgentClient.cpp;
- refType = 4;
- };
- 0140AD59FFA8EBF911CD296C = {
- isa = PBXFileReference;
- path = SecurityAgentClient.h;
- refType = 4;
- };
- 0140AD5AFFA8EBF911CD296C = {
- isa = PBXFrameworkReference;
- path = SecurityAgentClient.framework;
- refType = 3;
- };
- 0140AD5BFFA8EBF911CD296C = {
- isa = PBXTargetDependency;
- target = 0140AD5CFFA8EBF911CD296C;
- };
- 0140AD5CFFA8EBF911CD296C = {
- buildPhases = (
- 0140AD5DFFA8EBF911CD296C,
- 0140AD5FFFA8EBF911CD296C,
- 0140AD60FFA8EBF911CD296C,
- 0140AD62FFA8EBF911CD296C,
- 0140AD63FFA8EBF911CD296C,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- FRAMEWORK_VERSION = A;
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SYMROOT)/include\"";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "-DNOSA -DAGENTBUNDLE=\\\\\\\"/System/Library/CoreServices/SecurityAgent.app\\\\\\\"";
- OTHER_LDFLAGS = "-lstdc++";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRINCIPAL_CLASS = "";
- PRODUCT_NAME = SecurityAgentClient;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = framework;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 1E3C053DFFA90CBA11CD283A,
- );
- isa = PBXFrameworkTarget;
- name = "SecurityAgent Client";
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- productName = SecurityAgentClient;
- productReference = 0140AD5AFFA8EBF911CD296C;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict>
- <key>CFBundleDevelopmentRegion</key>
- <string>English</string>
- <key>CFBundleExecutable</key>
- <string></string>
- <key>CFBundleGetInfoString</key>
- <string></string>
- <key>CFBundleIconFile</key>
- <string></string>
- <key>CFBundleIdentifier</key>
- <string></string>
- <key>CFBundleInfoDictionaryVersion</key>
- <string>6.0</string>
- <key>CFBundleName</key>
- <string></string>
- <key>CFBundlePackageType</key>
- <string>FMWK</string>
- <key>CFBundleShortVersionString</key>
- <string></string>
- <key>CFBundleSignature</key>
- <string>????</string>
- <key>CFBundleVersion</key>
- <string>0.0.1d1</string>
-</dict>
-</plist>
-";
- shouldUseHeadermap = 0;
- };
- 0140AD5DFFA8EBF911CD296C = {
- buildActionMask = 2147483647;
- files = (
- 0140AD5EFFA8EBF911CD296C,
- 0140AD6BFFA8EFFB11CD296C,
- 0140AD6CFFA8F8A411CD296C,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 0140AD5EFFA8EBF911CD296C = {
- fileRef = 0140AD59FFA8EBF911CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD5FFFA8EBF911CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 0140AD60FFA8EBF911CD296C = {
- buildActionMask = 2147483647;
- files = (
- 0140AD61FFA8EBF911CD296C,
- 0140AD6AFFA8EFBF11CD296C,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 0140AD61FFA8EBF911CD296C = {
- fileRef = 0140AD58FFA8EBF911CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD62FFA8EBF911CD296C = {
- buildActionMask = 2147483647;
- files = (
- 0140AD69FFA8EFAC11CD296C,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 0140AD63FFA8EBF911CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 0140AD64FFA8ECBF11CD296C = {
- isa = PBXFileReference;
- path = secagent.defs;
- refType = 4;
- };
- 0140AD65FFA8EE5711CD296C = {
- isa = PBXFileReference;
- path = secagent_types.h;
- refType = 4;
- };
- 0140AD66FFA8EEA811CD296C = {
- isa = PBXFileReference;
- path = secagentServer.cpp;
- refType = 4;
- };
- 0140AD67FFA8EEA811CD296C = {
- isa = PBXFileReference;
- path = secagentUser.cpp;
- refType = 4;
- };
- 0140AD68FFA8EEA811CD296C = {
- isa = PBXFileReference;
- path = secagent.h;
- refType = 4;
- };
- 0140AD69FFA8EFAC11CD296C = {
- fileRef = 01621B35FF09357FD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD6AFFA8EFBF11CD296C = {
- fileRef = 0140AD67FFA8EEA811CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD6BFFA8EFFB11CD296C = {
- fileRef = 0140AD68FFA8EEA811CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD6CFFA8F8A411CD296C = {
- fileRef = 0140AD65FFA8EE5711CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD6FFFA8FC4611CD296C = {
- isa = PBXTargetDependency;
- target = 0140AD5CFFA8EBF911CD296C;
- };
- 0140AD72FFA9002E11CD296C = {
- isa = PBXLibraryReference;
- path = libSecurityAgentServer.a;
- refType = 3;
- };
- 0140AD73FFA9002E11CD296C = {
- isa = PBXTargetDependency;
- target = 0140AD74FFA9002E11CD296C;
- };
- 0140AD74FFA9002E11CD296C = {
- buildPhases = (
- 0140AD76FFA9002E11CD296C,
- 0140AD77FFA9002E11CD296C,
- 0140AD79FFA9002E11CD296C,
- 0140AD7AFFA9002E11CD296C,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SYMROOT)/include\"";
- INSTALL_PATH = /usr/local/lib;
- LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = libSecurityAgentServer.a;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 0140AD75FFA9002E11CD296C,
- );
- isa = PBXLibraryTarget;
- name = "SecurityAgent Server";
- productInstallPath = /usr/local/lib;
- productName = libSecurityAgentServer.a;
- productReference = 0140AD72FFA9002E11CD296C;
- shouldUseHeadermap = 0;
- };
- 0140AD75FFA9002E11CD296C = {
- isa = PBXTargetDependency;
- target = 5DF1AE65FE88150D11CD296C;
- };
- 0140AD76FFA9002E11CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 0140AD77FFA9002E11CD296C = {
- buildActionMask = 2147483647;
- files = (
- 0140AD78FFA9002E11CD296C,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 0140AD78FFA9002E11CD296C = {
- fileRef = 0140AD66FFA8EEA811CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0140AD79FFA9002E11CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 0140AD7AFFA9002E11CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 014A6888FFE94D9411CD296C = {
- children = (
- 014A6889FFE94D9411CD296C,
- 014A6894FFE9508C11CD296C,
- 014A6898FFE9535811CD296C,
- );
- isa = PBXGroup;
- name = Trampoline;
- refType = 4;
- };
- 014A6889FFE94D9411CD296C = {
- isa = PBXFileReference;
- path = AuthorizationTrampoline.cpp;
- refType = 4;
- };
- 014A688AFFE94D9411CD296C = {
- isa = PBXExecutableFileReference;
- path = AuthorizationTrampoline;
- refType = 3;
- };
- 014A688BFFE94D9411CD296C = {
- buildPhases = (
- 014A688CFFE94D9411CD296C,
- 014A688DFFE94D9411CD296C,
- 014A688FFFE94D9411CD296C,
- 014A6890FFE94D9411CD296C,
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\"";
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\"";
- INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "-Wno-unused -DSAFER";
- OTHER_LDFLAGS = "-lstdc++";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = AuthorizationTrampoline;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 014A689BFFE981FA11CD296C,
- );
- isa = PBXToolTarget;
- name = AuthorizationTrampoline;
- productInstallPath = "$(SYSTEM_CORE_SERVICES_DIR)";
- productName = AuthorizationTrampoline;
- productReference = 014A688AFFE94D9411CD296C;
- shouldUseHeadermap = 0;
- };
- 014A688CFFE94D9411CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 014A688DFFE94D9411CD296C = {
- buildActionMask = 2147483647;
- files = (
- 014A688EFFE94D9411CD296C,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 014A688EFFE94D9411CD296C = {
- fileRef = 014A6889FFE94D9411CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 014A688FFFE94D9411CD296C = {
- buildActionMask = 2147483647;
- files = (
- 014A6892FFE94E8511CD296C,
- 014A6893FFE94E8511CD296C,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 014A6890FFE94D9411CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 014A6892FFE94E8511CD296C = {
- fileRef = 01621B35FF09357FD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 014A6893FFE94E8511CD296C = {
- fileRef = 1379BD96FF9BA26811CD283A;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 014A6894FFE9508C11CD296C = {
- isa = PBXFileReference;
- path = trampolineClient.cpp;
- refType = 4;
- };
- 014A6896FFE9508C11CD296C = {
- fileRef = 014A6894FFE9508C11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 014A6898FFE9535811CD296C = {
- isa = PBXFileReference;
- path = trampolineServer.cpp;
- refType = 4;
- };
- 014A6899FFE9535811CD296C = {
- fileRef = 014A6898FFE9535811CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 014A689AFFE981FA11CD296C = {
- isa = PBXTargetDependency;
- target = 014A688BFFE94D9411CD296C;
- };
- 014A689BFFE981FA11CD296C = {
- isa = PBXTargetDependency;
- target = 1379BD97FF9BA26811CD283A;
- };
- 0159DF1CFFBB405111CD296C = {
- children = (
- 5DF1AEB3FE88242A11CD296C,
- 5DF1AEB4FE88242A11CD296C,
- 0159DF1DFFBB405111CD296C,
- 0159DF1EFFBB405111CD296C,
- 00FDF004FEDF19F511CD296C,
- 00FDF003FEDF19F511CD296C,
- );
- isa = PBXGroup;
- name = "Client State";
- refType = 4;
- };
- 0159DF1DFFBB405111CD296C = {
- isa = PBXFileReference;
- path = process.h;
- refType = 4;
- };
- 0159DF1EFFBB405111CD296C = {
- isa = PBXFileReference;
- path = process.cpp;
- refType = 4;
- };
- 0159DF1FFFBB405111CD296C = {
- fileRef = 0159DF1DFFBB405111CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0159DF20FFBB405111CD296C = {
- fileRef = 0159DF1EFFBB405111CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01621B23FF093182D0A17CE7 = {
- isa = PBXTargetDependency;
- target = 00C95916FF0929F1D0A17CE7;
- };
- 01621B24FF09323DD0A17CE7 = {
- isa = PBXTargetDependency;
- target = 00C9591DFF092AA8D0A17CE7;
- };
- 01621B25FF09323DD0A17CE7 = {
- isa = PBXTargetDependency;
- target = 00C95911FF0929F1D0A17CE7;
- };
- 01621B2AFF09328ED0A17CE7 = {
- isa = PBXFileReference;
- path = yarrowMigServer.cpp;
- refType = 4;
- };
- 01621B2BFF09328ED0A17CE7 = {
- fileRef = 01621B2AFF09328ED0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01621B2FFF0933F4D0A17CE7 = {
- isa = PBXTargetDependency;
- target = 00C9590CFF0929F1D0A17CE7;
- };
- 01621B33FF09351FD0A17CE7 = {
- isa = PBXTargetDependency;
- target = 00C95903FF092949D0A17CE7;
- };
- 01621B35FF09357FD0A17CE7 = {
- isa = PBXFrameworkReference;
- path = cdsa_utilities.framework;
- refType = 3;
- };
- 01692084FF9CE78611CD296C = {
- fileRef = 01621B35FF09357FD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01692085FF9CE78611CD296C = {
- fileRef = 011B80E4FF140C9311CD283A;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01692086FF9CE7A811CD296C = {
- isa = PBXTargetDependency;
- target = 00F9D6B9FEA504D511CD296C;
- };
- 01692087FF9CF5BB11CD296C = {
- isa = PBXTargetDependency;
- target = 1379BD97FF9BA26811CD283A;
- };
- 01C17CFBFF16D9FF11CD283A = {
- fileRef = 011B80E4FF140C9311CD283A;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01C17CFCFF16DA6211CD283A = {
- fileRef = 011B80E0FF140C9311CD283A;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 01CAFEA1FF0BDAF611CD296C = {
- isa = PBXTargetDependency;
- target = 01CAFEA2FF0BDAF611CD296C;
- };
- 01CAFEA2FF0BDAF611CD296C = {
- buildArgumentsString = "-f Makefile.startup $ALL_SETTINGS $ACTION";
- buildPhases = (
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "";
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = "Install Startup Arrangements";
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "";
- };
- buildToolPath = /usr/bin/gnumake;
- conditionalBuildSettings = {
- };
- dependencies = (
- 3382A64DFFEAABFA11CD296C,
- );
- isa = PBXLegacyTarget;
- name = "Install Startup Arrangements";
- productName = "Install Startup Arrangements";
- settingsToExpand = 6;
- settingsToPassInEnvironment = 1;
- settingsToPassOnCommandLine = 280;
- shouldUseHeadermap = 0;
- };
- 01CAFEA3FF0BDDF111CD296C = {
- isa = PBXFrameworkReference;
- path = SecurityAgentClient.framework;
- refType = 4;
- };
- 01CAFEA4FF0BDDF111CD296C = {
- fileRef = 01CAFEA3FF0BDDF111CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0259BC03FFA694BE11CD283A = {
- children = (
- 03904DA9FF9E3F6B11CD283A,
- 03904DAAFF9E3F6B11CD283A,
- );
- isa = PBXGroup;
- name = Support;
- refType = 4;
- };
- 0259BC04FFA694BE11CD283A = {
- fileRef = 03904DAAFF9E3F6B11CD283A;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0259BC05FFA694BE11CD283A = {
- fileRef = 03904DA9FF9E3F6B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0259BC06FFA694D511CD283A = {
- fileRef = 01621B35FF09357FD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0259BC07FFA694E211CD283A = {
- fileRef = 03904DAAFF9E3F6B11CD283A;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0259BC08FFA694E211CD283A = {
- fileRef = 03904DA9FF9E3F6B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 034B3474FFAF7F4A11CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- };
- isa = PBXBuildStyle;
- name = Development;
- };
- 034B3475FFAF7F4A11CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = YES;
- };
- isa = PBXBuildStyle;
- name = Deployment;
- };
- 037D0ECDFFA115C911CD283A = {
- children = (
- 037D0ECEFFA115C911CD283A,
- 2BC07DF8FFE9A42411CD296C,
- );
- isa = PBXGroup;
- name = Test;
- path = "";
- refType = 2;
- };
- 037D0ECEFFA115C911CD283A = {
- isa = PBXFileReference;
- name = AZNTest.cpp;
- path = tests/AZNTest.cpp;
- refType = 4;
- };
- 037D0ECFFFA115C911CD283A = {
- isa = PBXExecutableFileReference;
- path = AZNTest;
- refType = 3;
- };
- 037D0ED2FFA115C911CD283A = {
- buildPhases = (
- 037D0ED3FFA115C911CD283A,
- 037D0ED4FFA115C911CD283A,
- 037D0ED5FFA115C911CD283A,
- 037D0ED6FFA115C911CD283A,
- );
- buildSettings = {
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\"";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "-lstdc++";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = AZNTest;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXToolTarget;
- name = AZNTest;
- productName = AZNTest;
- productReference = 037D0ECFFFA115C911CD283A;
- shouldUseHeadermap = 0;
- };
- 037D0ED3FFA115C911CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0259BC04FFA694BE11CD283A,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 037D0ED4FFA115C911CD283A = {
- buildActionMask = 2147483647;
- files = (
- 037D0ED9FFA1166911CD283A,
- 0259BC05FFA694BE11CD283A,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 037D0ED5FFA115C911CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0259BC06FFA694D511CD283A,
- 18FB4D97FFA7B7D311CD283A,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 037D0ED6FFA115C911CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 037D0ED9FFA1166911CD283A = {
- fileRef = 037D0ECEFFA115C911CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 03904DA9FF9E3F6B11CD283A = {
- isa = PBXFileReference;
- path = AuthorizationEngine.cpp;
- refType = 4;
- };
- 03904DAAFF9E3F6B11CD283A = {
- isa = PBXFileReference;
- path = AuthorizationEngine.h;
- refType = 4;
- };
- 03A49624FEC1F50311CD283A = {
- isa = PBXFileReference;
- path = Makefile;
- refType = 4;
- };
- 03A49625FEC1F5B611CD283A = {
- isa = PBXTargetDependency;
- target = 00F9D6B9FEA504D511CD296C;
- };
- 03D6E7B8FF16DE8A11CD283A = {
- isa = PBXFileReference;
- path = SecurityServerClient.h;
- refType = 4;
- };
- 03D6E7B9FF16DE8A11CD283A = {
- fileRef = 03D6E7B8FF16DE8A11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 03D6E7BAFF16DF7511CD283A = {
- isa = PBXFileReference;
- name = SecurityYarrowClient.h;
- path = MacYarrow/YarrowClient/SecurityYarrowClient.h;
- refType = 4;
- };
- 03D6E7BBFF16DF7511CD283A = {
- fileRef = 03D6E7BAFF16DF7511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 03F9A9EFFF0D135811CD296C = {
- isa = PBXTargetDependency;
- target = 111A0B05FE757C9E11CD296C;
- };
- 03F9B681FF3B345D11CD296C = {
- isa = PBXFrameworkReference;
- name = AppKit.framework;
- path = /System/Library/Frameworks/AppKit.framework;
- refType = 0;
- };
- 03F9B682FF3B345D11CD296C = {
- isa = PBXFrameworkReference;
- name = Foundation.framework;
- path = /System/Library/Frameworks/Foundation.framework;
- refType = 0;
- };
- 04E61BF8FFC0C70811CD296C = {
- isa = PBXFileReference;
- path = testclient.h;
- refType = 4;
- };
- 04E61BF9FFC0C70811CD296C = {
- isa = PBXFileReference;
- path = testclient.cpp;
- refType = 4;
- };
- 04E61BFAFFC0C70811CD296C = {
- isa = PBXFileReference;
- path = testacls.cpp;
- refType = 4;
- };
- 04E61BFBFFC0C70811CD296C = {
- isa = PBXFileReference;
- path = testauth.cpp;
- refType = 4;
- };
- 04E61BFCFFC0C70811CD296C = {
- isa = PBXFileReference;
- path = testblobs.cpp;
- refType = 4;
- };
- 04E61BFDFFC0C70811CD296C = {
- isa = PBXFileReference;
- path = testcrypto.cpp;
- refType = 4;
- };
- 04E61BFEFFC0C70811CD296C = {
- isa = PBXFileReference;
- path = testutils.h;
- refType = 4;
- };
- 04E61BFFFFC0C70811CD296C = {
- isa = PBXFileReference;
- path = testutils.cpp;
- refType = 4;
- };
- 04E61C00FFC0C70811CD296C = {
- fileRef = 04E61BF8FFC0C70811CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E61C01FFC0C70811CD296C = {
- fileRef = 04E61BFEFFC0C70811CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E61C02FFC0C70811CD296C = {
- fileRef = 04E61BFAFFC0C70811CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E61C03FFC0C70811CD296C = {
- fileRef = 04E61BFBFFC0C70811CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E61C04FFC0C70811CD296C = {
- fileRef = 04E61BFCFFC0C70811CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E61C05FFC0C70811CD296C = {
- fileRef = 04E61BF9FFC0C70811CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E61C06FFC0C70811CD296C = {
- fileRef = 04E61BFDFFC0C70811CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 04E61C07FFC0C70811CD296C = {
- fileRef = 04E61BFFFFC0C70811CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0658E17AFE796F8C11CD296C = {
- isa = PBXFileReference;
- path = server.h;
- refType = 4;
- };
- 0658E17BFE796F8C11CD296C = {
- fileRef = 0658E17AFE796F8C11CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0658E17CFE796FE311CD296C = {
- isa = PBXFileReference;
- path = server.cpp;
- refType = 4;
- };
- 0658E17DFE796FE311CD296C = {
- fileRef = 0658E17CFE796FE311CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 074E9B2AFF25311211CD296C = {
- children = (
- 074E9B2BFF2531C011CD296C,
- 074E9B2CFF2531C011CD296C,
- );
- isa = PBXGroup;
- name = "Temporary Crap";
- refType = 4;
- };
- 074E9B2BFF2531C011CD296C = {
- isa = PBXFileReference;
- path = cfnotifier.h;
- refType = 4;
- };
- 074E9B2CFF2531C011CD296C = {
- isa = PBXFileReference;
- path = cfnotifier.cpp;
- refType = 4;
- };
- 074E9B2DFF2531C011CD296C = {
- fileRef = 074E9B2BFF2531C011CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 074E9B2EFF2531C011CD296C = {
- fileRef = 074E9B2CFF2531C011CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0B5432CFFFB3A6347F000001 = {
- isa = PBXFileReference;
- path = agentquery.cpp;
- refType = 4;
- };
- 0B5432D0FFB3A6347F000001 = {
- isa = PBXFileReference;
- path = agentquery.h;
- refType = 4;
- };
- 0B5432D1FFB3A6347F000001 = {
- fileRef = 0B5432D0FFB3A6347F000001;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0B5432D2FFB3A6347F000001 = {
- fileRef = 0B5432CFFFB3A6347F000001;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0F409611FE746BD111CD296C = {
- buildStyles = (
- 034B3474FFAF7F4A11CD296C,
- 034B3475FFAF7F4A11CD296C,
- );
- isa = PBXProject;
- mainGroup = 0F409612FE746BD111CD296C;
- projectDirPath = .;
- targets = (
- 111A0B05FE757C9E11CD296C,
- 0F409629FE746BD111CD296C,
- 00F9D6B9FEA504D511CD296C,
- 1379BD97FF9BA26811CD283A,
- 014A688BFFE94D9411CD296C,
- 0140AD5CFFA8EBF911CD296C,
- 0140AD74FFA9002E11CD296C,
- 5DF1AE65FE88150D11CD296C,
- 00C95903FF092949D0A17CE7,
- 00C9590CFF0929F1D0A17CE7,
- 00C95911FF0929F1D0A17CE7,
- 00C9591DFF092AA8D0A17CE7,
- 00C9591EFF092AA8D0A17CE7,
- 00C95923FF092AA8D0A17CE7,
- 01CAFEA2FF0BDAF611CD296C,
- 00C95916FF0929F1D0A17CE7,
- 111A0B65FE75A7A511CD296C,
- 037D0ED2FFA115C911CD283A,
- 2BC07DF2FFE9A3DE11CD296C,
- );
- };
- 0F409612FE746BD111CD296C = {
- children = (
- 111A0B70FE75A89D11CD296C,
- 111A0B71FE75A89D11CD296C,
- 1379BD9DFF9BA29E11CD283A,
- 0140AD51FFA8EA2311CD296C,
- 111A0AE4FE75767411CD296C,
- 00C958F7FF092883D0A17CE7,
- 111A0B72FE75A89D11CD296C,
- 01101223FF0D0DE311CD296C,
- 0F409625FE746BD111CD296C,
- 00F9D6CDFEA5065511CD296C,
- );
- isa = PBXGroup;
- name = SecurityServer;
- refType = 4;
- };
- 0F409625FE746BD111CD296C = {
- children = (
- 01621B35FF09357FD0A17CE7,
- 0F409627FE746BD111CD296C,
- 348D2E5AFE81B60B11CD296C,
- 01CAFEA3FF0BDDF111CD296C,
- 03F9B681FF3B345D11CD296C,
- 03F9B682FF3B345D11CD296C,
- );
- isa = PBXGroup;
- name = Frameworks;
- path = "";
- refType = 3;
- };
- 0F409627FE746BD111CD296C = {
- isa = PBXFrameworkReference;
- path = cdsa.framework;
- refType = 4;
- };
- 0F409629FE746BD111CD296C = {
- buildPhases = (
- 0F40962AFE746BD111CD296C,
- 0F409633FE746BD111CD296C,
- 0F40963CFE746BD111CD296C,
- 0F409640FE746BD111CD296C,
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\"";
- INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)";
- LIBRARY_SEARCH_PATHS = "\"$(SYMROOT)\"";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "-Wno-unused -DSAFER -DDEBUGDUMP -DDatabase=XDatabase";
- OTHER_LDFLAGS = "-lstdc++ -lYarrowServer";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = SecurityServer;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-unused -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 03A49625FEC1F5B611CD283A,
- 0140AD5BFFA8EBF911CD296C,
- 51C703C7FF1E685211CD283A,
- 6CC434E0FF09B06111CD283A,
- );
- isa = PBXToolTarget;
- name = SecurityServer;
- productInstallPath = "$(SYSTEM_CORE_SERVICES_DIR)";
- productName = SecurityServer;
- productReference = 011B80DFFF140C9311CD283A;
- shouldUseHeadermap = 0;
- };
- 0F40962AFE746BD111CD296C = {
- buildActionMask = 2147483647;
- files = (
- 5DF1AEBBFE88284211CD296C,
- 0F409646FE746C5811CD296C,
- 111A0B28FE758EB611CD296C,
- 0658E17BFE796F8C11CD296C,
- 5DF1AEB5FE88242A11CD296C,
- 5DF1AECBFE8853E711CD296C,
- 1FBB80EEFE90442611CD296C,
- 271A278DFEAE7AB511CD296C,
- 00DFB0D4FEB79FB211CD296C,
- 00FDF005FEDF19F511CD296C,
- 1EA3AEBEFEEEFDE011CD296C,
- 074E9B2DFF2531C011CD296C,
- 128BEC68FF26113211CD296C,
- 0259BC07FFA694E211CD283A,
- 1F41CF42FFA695FC11CD296C,
- 0B5432D1FFB3A6347F000001,
- 0159DF1FFFBB405111CD296C,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 0F409633FE746BD111CD296C = {
- buildActionMask = 2147483647;
- files = (
- 128BEC69FF26113211CD296C,
- 111A0B3FFE75909811CD296C,
- 0658E17DFE796FE311CD296C,
- 348D2F39FE87F27111CD296C,
- 5DF1AEB6FE88242A11CD296C,
- 5DF1AEBDFE88284211CD296C,
- 5DF1AECCFE8853E711CD296C,
- 00EFF5BCFE93EA0D11CD296C,
- 271A278EFEAE7AB511CD296C,
- 00DFB0D5FEB79FB211CD296C,
- 00FDF006FEDF19F511CD296C,
- 1EA3AEBFFEEEFDE011CD296C,
- 074E9B2EFF2531C011CD296C,
- 0259BC08FFA694E211CD283A,
- 1F41CF43FFA695FC11CD296C,
- 0B5432D2FFB3A6347F000001,
- 0159DF20FFBB405111CD296C,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 0F40963CFE746BD111CD296C = {
- buildActionMask = 2147483647;
- files = (
- 348D2E5BFE81B60B11CD296C,
- 0F40963EFE746BD111CD296C,
- 01CAFEA4FF0BDDF111CD296C,
- 3054CB26FF1D38CA11CD296C,
- 0140AD54FFA8EB2311CD296C,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 0F40963EFE746BD111CD296C = {
- fileRef = 0F409627FE746BD111CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 0F409640FE746BD111CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 0F409645FE746C5811CD296C = {
- isa = PBXFileReference;
- path = securityserver.h;
- refType = 4;
- };
- 0F409646FE746C5811CD296C = {
- fileRef = 0F409645FE746C5811CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 111A0AE4FE75767411CD296C = {
- children = (
- 01157F48FE7700BF11CD296C,
- 1FBB80EDFE90442611CD296C,
- 0140AD64FFA8ECBF11CD296C,
- 0140AD65FFA8EE5711CD296C,
- 5DF1AE7AFE881A5C11CD296C,
- 1C12ABCCFEC8E61B11CD296C,
- 03A49624FEC1F50311CD283A,
- );
- isa = PBXGroup;
- name = MIG;
- path = "";
- refType = 4;
- };
- 111A0B05FE757C9E11CD296C = {
- buildPhases = (
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\"";
- INSTALL_PATH = /;
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = All;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 01692087FF9CF5BB11CD296C,
- 014A689AFFE981FA11CD296C,
- 0140AD6FFFA8FC4611CD296C,
- 0140AD73FFA9002E11CD296C,
- 111A0BDDFE75C06B11CD296C,
- 01CAFEA1FF0BDAF611CD296C,
- );
- isa = PBXAggregateTarget;
- name = All;
- productInstallPath = /;
- productName = All;
- shouldUseHeadermap = 0;
- };
- 111A0B25FE758EB611CD296C = {
- isa = PBXFileReference;
- path = ucsp.h;
- refType = 4;
- };
- 111A0B28FE758EB611CD296C = {
- fileRef = 111A0B25FE758EB611CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 111A0B3EFE75909811CD296C = {
- isa = PBXFileReference;
- path = ucspServer.cpp;
- refType = 4;
- };
- 111A0B3FFE75909811CD296C = {
- fileRef = 111A0B3EFE75909811CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 111A0B65FE75A7A511CD296C = {
- buildPhases = (
- 111A0B67FE75A7A511CD296C,
- 111A0B68FE75A7A511CD296C,
- 111A0B6AFE75A7A511CD296C,
- 111A0B6BFE75A7A511CD296C,
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\"";
- LIBRARY_SEARCH_PATHS = "\"$(SYMROOT)\"";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "-UTARGET_CARBON -DSAFER";
- OTHER_LDFLAGS = "-lstdc++";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = SSTester;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-unused -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 03F9A9EFFF0D135811CD296C,
- );
- isa = PBXToolTarget;
- name = SSTester;
- productName = SSTester;
- productReference = 011B80DDFF140C9311CD283A;
- shouldUseHeadermap = 0;
- };
- 111A0B67FE75A7A511CD296C = {
- buildActionMask = 2147483647;
- files = (
- 04E61C00FFC0C70811CD296C,
- 04E61C01FFC0C70811CD296C,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 111A0B68FE75A7A511CD296C = {
- buildActionMask = 2147483647;
- files = (
- 04E61C02FFC0C70811CD296C,
- 04E61C03FFC0C70811CD296C,
- 04E61C04FFC0C70811CD296C,
- 04E61C05FFC0C70811CD296C,
- 04E61C06FFC0C70811CD296C,
- 04E61C07FFC0C70811CD296C,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 111A0B6AFE75A7A511CD296C = {
- buildActionMask = 2147483647;
- files = (
- 00EFF5EBFE95419011CD296C,
- 00EFF5ECFE95419011CD296C,
- 01C17CFBFF16D9FF11CD283A,
- 0140AD57FFA8EB2311CD296C,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 111A0B6BFE75A7A511CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 111A0B70FE75A89D11CD296C = {
- children = (
- 348D2F38FE87F27111CD296C,
- 0F409645FE746C5811CD296C,
- 00EFF5BBFE93EA0D11CD296C,
- 0159DF1CFFBB405111CD296C,
- 0658E17AFE796F8C11CD296C,
- 0658E17CFE796FE311CD296C,
- 5DF1AEB7FE88284211CD296C,
- 5DF1AEB8FE88284211CD296C,
- 5DF1AEC9FE8853E711CD296C,
- 5DF1AECAFE8853E711CD296C,
- 00DFB0D2FEB79FB211CD296C,
- 00DFB0D3FEB79FB211CD296C,
- 1F41CF3FFFA695FC11CD296C,
- 1F41CF3EFFA695FC11CD296C,
- 271A278CFEAE7AB511CD296C,
- 271A278BFEAE7AB511CD296C,
- 0B5432D0FFB3A6347F000001,
- 0B5432CFFFB3A6347F000001,
- 128BEC67FF26113211CD296C,
- 128BEC66FF26113211CD296C,
- 1EA3AEBBFEEEFDE011CD296C,
- 074E9B2AFF25311211CD296C,
- );
- isa = PBXGroup;
- name = SecurityServer;
- path = "";
- refType = 4;
- };
- 111A0B71FE75A89D11CD296C = {
- children = (
- 03D6E7B8FF16DE8A11CD283A,
- 111A0B82FE75AA7411CD296C,
- 111A0B84FE75AAD211CD296C,
- 4D433F0DFE9CF5B811CD296C,
- 4D433F0EFE9CF5B811CD296C,
- );
- isa = PBXGroup;
- name = "SecurityServer Client";
- path = "";
- refType = 4;
- };
- 111A0B72FE75A89D11CD296C = {
- children = (
- 04E61BF8FFC0C70811CD296C,
- 04E61BF9FFC0C70811CD296C,
- 04E61BFAFFC0C70811CD296C,
- 04E61BFBFFC0C70811CD296C,
- 04E61BFCFFC0C70811CD296C,
- 04E61BFDFFC0C70811CD296C,
- 04E61BFEFFC0C70811CD296C,
- 04E61BFFFFC0C70811CD296C,
- );
- isa = PBXGroup;
- name = SSTester;
- path = tests;
- refType = 2;
- };
- 111A0B73FE75A89D11CD296C = {
- isa = PBXFileReference;
- path = ucspUser.cpp;
- refType = 4;
- };
- 111A0B82FE75AA7411CD296C = {
- isa = PBXFileReference;
- path = ssclient.h;
- refType = 4;
- };
- 111A0B84FE75AAD211CD296C = {
- isa = PBXFileReference;
- path = ssclient.cpp;
- refType = 4;
- };
- 111A0BDDFE75C06B11CD296C = {
- isa = PBXTargetDependency;
- target = 0F409629FE746BD111CD296C;
- };
- 128BEC66FF26113211CD296C = {
- isa = PBXFileReference;
- path = dbcrypto.cpp;
- refType = 4;
- };
- 128BEC67FF26113211CD296C = {
- isa = PBXFileReference;
- path = dbcrypto.h;
- refType = 4;
- };
- 128BEC68FF26113211CD296C = {
- fileRef = 128BEC67FF26113211CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 128BEC69FF26113211CD296C = {
- fileRef = 128BEC66FF26113211CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 1379BD96FF9BA26811CD283A = {
- isa = PBXFrameworkReference;
- path = Authorization.framework;
- refType = 3;
- };
- 1379BD97FF9BA26811CD283A = {
- buildPhases = (
- 1379BD98FF9BA26811CD283A,
- 1379BD99FF9BA26811CD283A,
- 1379BD9AFF9BA26811CD283A,
- 1379BD9BFF9BA26811CD283A,
- 1379BD9CFF9BA26811CD283A,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- FRAMEWORK_VERSION = A;
- HEADER_SEARCH_PATHS = "\"$(SYMROOT)/include\"";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "-DTRAMPOLINE=\\\\\\\"$(SYSTEM_CORE_SERVICES_DIR)/AuthorizationTrampoline\\\\\\\"";
- OTHER_LDFLAGS = "-lstdc++";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRINCIPAL_CLASS = "";
- PRODUCT_NAME = Authorization;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = framework;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 1E3C053CFFA90CBA11CD283A,
- 01692086FF9CE7A811CD296C,
- );
- isa = PBXFrameworkTarget;
- name = Authorization;
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- productName = Authorization;
- productReference = 1379BD96FF9BA26811CD283A;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict>
- <key>CFBundleDevelopmentRegion</key>
- <string>English</string>
- <key>CFBundleExecutable</key>
- <string></string>
- <key>CFBundleGetInfoString</key>
- <string></string>
- <key>CFBundleIconFile</key>
- <string></string>
- <key>CFBundleIdentifier</key>
- <string></string>
- <key>CFBundleInfoDictionaryVersion</key>
- <string>6.0</string>
- <key>CFBundleName</key>
- <string></string>
- <key>CFBundlePackageType</key>
- <string>FMWK</string>
- <key>CFBundleShortVersionString</key>
- <string></string>
- <key>CFBundleSignature</key>
- <string>????</string>
- <key>CFBundleVersion</key>
- <string>0.0.1d1</string>
-</dict>
-</plist>
-";
- shouldUseHeadermap = 0;
- };
- 1379BD98FF9BA26811CD283A = {
- buildActionMask = 2147483647;
- files = (
- 1379BDA0FF9BA29E11CD283A,
- 1379BDA3FF9BA30D11CD283A,
- 144210EDFF9BD62E11CD283A,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 1379BD99FF9BA26811CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 1379BD9AFF9BA26811CD283A = {
- buildActionMask = 2147483647;
- files = (
- 1379BDA1FF9BA29E11CD283A,
- 014A6896FFE9508C11CD296C,
- 014A6899FFE9535811CD296C,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 1379BD9BFF9BA26811CD283A = {
- buildActionMask = 2147483647;
- files = (
- 01692084FF9CE78611CD296C,
- 01692085FF9CE78611CD296C,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 1379BD9CFF9BA26811CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 1379BD9DFF9BA29E11CD283A = {
- children = (
- 1379BD9EFF9BA29E11CD283A,
- 1379BD9FFF9BA29E11CD283A,
- 144210ECFF9BD62E11CD283A,
- 1379BDA2FF9BA30D11CD283A,
- 014A6888FFE94D9411CD296C,
- 0259BC03FFA694BE11CD283A,
- 037D0ECDFFA115C911CD283A,
- );
- isa = PBXGroup;
- path = Authorization;
- refType = 4;
- };
- 1379BD9EFF9BA29E11CD283A = {
- isa = PBXFileReference;
- path = Authorization.cpp;
- refType = 4;
- };
- 1379BD9FFF9BA29E11CD283A = {
- isa = PBXFileReference;
- path = Authorization.h;
- refType = 4;
- };
- 1379BDA0FF9BA29E11CD283A = {
- fileRef = 1379BD9FFF9BA29E11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 1379BDA1FF9BA29E11CD283A = {
- fileRef = 1379BD9EFF9BA29E11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 1379BDA2FF9BA30D11CD283A = {
- isa = PBXFileReference;
- path = AuthorizationWalkers.h;
- refType = 4;
- };
- 1379BDA3FF9BA30D11CD283A = {
- fileRef = 1379BDA2FF9BA30D11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Private,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 144210ECFF9BD62E11CD283A = {
- isa = PBXFileReference;
- path = AuthorizationTags.h;
- refType = 4;
- };
- 144210EDFF9BD62E11CD283A = {
- fileRef = 144210ECFF9BD62E11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 16732091FF32431411CD296C = {
- children = (
- 16732092FF32431411CD296C,
- 16732093FF32431411CD296C,
- );
- isa = PBXGroup;
- name = "Startup Files";
- path = StartupItems;
- refType = 2;
- };
- 16732092FF32431411CD296C = {
- isa = PBXFileReference;
- path = SecurityServer;
- refType = 4;
- };
- 16732093FF32431411CD296C = {
- isa = PBXFileReference;
- path = StartupParameters.plist;
- refType = 4;
- };
- 18FB4D97FFA7B7D311CD283A = {
- fileRef = 01CAFEA3FF0BDDF111CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 1C12ABCCFEC8E61B11CD296C = {
- children = (
- 111A0B25FE758EB611CD296C,
- 0140AD68FFA8EEA811CD296C,
- );
- isa = PBXGroup;
- name = "Generated Includes";
- path = include;
- refType = 3;
- };
- 1E3C053CFFA90CBA11CD283A = {
- isa = PBXTargetDependency;
- target = 0140AD5CFFA8EBF911CD296C;
- };
- 1E3C053DFFA90CBA11CD283A = {
- isa = PBXTargetDependency;
- target = 5DF1AE65FE88150D11CD296C;
- };
- 1EA3AEBBFEEEFDE011CD296C = {
- children = (
- 1EA3AEBDFEEEFDE011CD296C,
- 1EA3AEBCFEEEFDE011CD296C,
- );
- isa = PBXGroup;
- name = "Acl Subjects";
- refType = 4;
- };
- 1EA3AEBCFEEEFDE011CD296C = {
- isa = PBXFileReference;
- path = acl_keychain.cpp;
- refType = 4;
- };
- 1EA3AEBDFEEEFDE011CD296C = {
- isa = PBXFileReference;
- path = acl_keychain.h;
- refType = 4;
- };
- 1EA3AEBEFEEEFDE011CD296C = {
- fileRef = 1EA3AEBDFEEEFDE011CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 1EA3AEBFFEEEFDE011CD296C = {
- fileRef = 1EA3AEBCFEEEFDE011CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 1F41CF3EFFA695FC11CD296C = {
- isa = PBXFileReference;
- path = authority.cpp;
- refType = 4;
- };
- 1F41CF3FFFA695FC11CD296C = {
- isa = PBXFileReference;
- path = authority.h;
- refType = 4;
- };
- 1F41CF42FFA695FC11CD296C = {
- fileRef = 1F41CF3FFFA695FC11CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 1F41CF43FFA695FC11CD296C = {
- fileRef = 1F41CF3EFFA695FC11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 1FBB80EDFE90442611CD296C = {
- isa = PBXFileReference;
- path = ucsp_types.h;
- refType = 4;
- };
- 1FBB80EEFE90442611CD296C = {
- fileRef = 1FBB80EDFE90442611CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 271A278BFEAE7AB511CD296C = {
- isa = PBXFileReference;
- path = ssblob.cpp;
- refType = 4;
- };
- 271A278CFEAE7AB511CD296C = {
- isa = PBXFileReference;
- path = ssblob.h;
- refType = 4;
- };
- 271A278DFEAE7AB511CD296C = {
- fileRef = 271A278CFEAE7AB511CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 271A278EFEAE7AB511CD296C = {
- fileRef = 271A278BFEAE7AB511CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 2BC07DF1FFE9A3DE11CD296C = {
- isa = PBXExecutableFileReference;
- path = ExecTest;
- refType = 3;
- };
- 2BC07DF2FFE9A3DE11CD296C = {
- buildPhases = (
- 2BC07DF3FFE9A3DE11CD296C,
- 2BC07DF4FFE9A3DE11CD296C,
- 2BC07DF5FFE9A3DE11CD296C,
- 2BC07DF6FFE9A3DE11CD296C,
- );
- buildSettings = {
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = ExecTest;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 2BC07DFCFFE9A4AE11CD296C,
- 2BC07DFAFFE9A48411CD296C,
- 2BC07DFBFFE9A48411CD296C,
- );
- isa = PBXToolTarget;
- name = ExecTest;
- productInstallPath = /usr/local/bin;
- productName = ExecTest;
- productReference = 2BC07DF1FFE9A3DE11CD296C;
- shouldUseHeadermap = 0;
- };
- 2BC07DF3FFE9A3DE11CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 2BC07DF4FFE9A3DE11CD296C = {
- buildActionMask = 2147483647;
- files = (
- 2BC07DF9FFE9A42411CD296C,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 2BC07DF5FFE9A3DE11CD296C = {
- buildActionMask = 2147483647;
- files = (
- 2BC07DFDFFE9A4AE11CD296C,
- 2BC07DFEFFE9A4AE11CD296C,
- 2BC07DFFFFE9A4AE11CD296C,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 2BC07DF6FFE9A3DE11CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 2BC07DF8FFE9A42411CD296C = {
- isa = PBXFileReference;
- name = exectest.cpp;
- path = tests/exectest.cpp;
- refType = 4;
- };
- 2BC07DF9FFE9A42411CD296C = {
- fileRef = 2BC07DF8FFE9A42411CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 2BC07DFAFFE9A48411CD296C = {
- isa = PBXTargetDependency;
- target = 1379BD97FF9BA26811CD283A;
- };
- 2BC07DFBFFE9A48411CD296C = {
- isa = PBXTargetDependency;
- target = 014A688BFFE94D9411CD296C;
- };
- 2BC07DFCFFE9A4AE11CD296C = {
- isa = PBXTargetDependency;
- target = 0F409629FE746BD111CD296C;
- };
- 2BC07DFDFFE9A4AE11CD296C = {
- fileRef = 1379BD96FF9BA26811CD283A;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 2BC07DFEFFE9A4AE11CD296C = {
- fileRef = 01621B35FF09357FD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 2BC07DFFFFE9A4AE11CD296C = {
- fileRef = 011B80E4FF140C9311CD283A;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 3054CB26FF1D38CA11CD296C = {
- fileRef = 011B80E0FF140C9311CD283A;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 3382A64DFFEAABFA11CD296C = {
- isa = PBXTargetDependency;
- target = 014A688BFFE94D9411CD296C;
- };
- 348D2E5AFE81B60B11CD296C = {
- isa = PBXFrameworkReference;
- path = cdsa_client.framework;
- refType = 4;
- };
- 348D2E5BFE81B60B11CD296C = {
- fileRef = 348D2E5AFE81B60B11CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 348D2F38FE87F27111CD296C = {
- isa = PBXFileReference;
- path = main.cpp;
- refType = 4;
- };
- 348D2F39FE87F27111CD296C = {
- fileRef = 348D2F38FE87F27111CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 4D433F0DFE9CF5B811CD296C = {
- isa = PBXFileReference;
- path = sstransit.h;
- refType = 4;
- };
- 4D433F0EFE9CF5B811CD296C = {
- isa = PBXFileReference;
- path = sstransit.cpp;
- refType = 4;
- };
- 51C703C7FF1E685211CD283A = {
- isa = PBXTargetDependency;
- target = 00C95903FF092949D0A17CE7;
- };
- 5DF1AE65FE88150D11CD296C = {
- buildArgumentsString = "-f Makefile $ACTION \"SYMROOT=$(SYMROOT)\" \"SRCROOT=$(SRCROOT)\"";
- buildPhases = (
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "";
- INSTALL_PATH = /;
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = "MIG RPC";
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "";
- };
- buildToolPath = /usr/bin/gnumake;
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXLegacyTarget;
- name = "MIG RPC";
- productInstallPath = /;
- productName = "MIG RPC";
- settingsToExpand = 6;
- settingsToPassInEnvironment = 1;
- settingsToPassOnCommandLine = 280;
- shouldUseHeadermap = 0;
- };
- 5DF1AE7AFE881A5C11CD296C = {
- children = (
- 111A0B3EFE75909811CD296C,
- 111A0B73FE75A89D11CD296C,
- 0140AD66FFA8EEA811CD296C,
- 0140AD67FFA8EEA811CD296C,
- 01621B2AFF09328ED0A17CE7,
- );
- isa = PBXGroup;
- name = "Generated Sources";
- path = derived_src;
- refType = 3;
- };
- 5DF1AEB3FE88242A11CD296C = {
- isa = PBXFileReference;
- path = connection.h;
- refType = 4;
- };
- 5DF1AEB4FE88242A11CD296C = {
- isa = PBXFileReference;
- path = connection.cpp;
- refType = 4;
- };
- 5DF1AEB5FE88242A11CD296C = {
- fileRef = 5DF1AEB3FE88242A11CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 5DF1AEB6FE88242A11CD296C = {
- fileRef = 5DF1AEB4FE88242A11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 5DF1AEB7FE88284211CD296C = {
- isa = PBXFileReference;
- path = database.h;
- refType = 4;
- };
- 5DF1AEB8FE88284211CD296C = {
- isa = PBXFileReference;
- path = database.cpp;
- refType = 4;
- };
- 5DF1AEBBFE88284211CD296C = {
- fileRef = 5DF1AEB7FE88284211CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 5DF1AEBDFE88284211CD296C = {
- fileRef = 5DF1AEB8FE88284211CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 5DF1AEC9FE8853E711CD296C = {
- isa = PBXFileReference;
- path = key.h;
- refType = 4;
- };
- 5DF1AECAFE8853E711CD296C = {
- isa = PBXFileReference;
- path = key.cpp;
- refType = 4;
- };
- 5DF1AECBFE8853E711CD296C = {
- fileRef = 5DF1AEC9FE8853E711CD296C;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 5DF1AECCFE8853E711CD296C = {
- fileRef = 5DF1AECAFE8853E711CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- 6CC434E0FF09B06111CD283A = {
- isa = PBXTargetDependency;
- target = 00C9590CFF0929F1D0A17CE7;
- };
- 6CC434E1FF09B18B11CD283A = {
- isa = PBXFileReference;
- path = yarrowMigTypes.h;
- refType = 4;
- };
- 6CC434E2FF09B18C11CD283A = {
- fileRef = 6CC434E1FF09B18B11CD283A;
- isa = PBXBuildFile;
- settings = {
- INCLUDED_OSS = (
- MACOS,
- WINDOWS,
- PDOUNIX,
- );
- };
- };
- };
- rootObject = 0F409611FE746BD111CD296C;
-}
if [ "$SECURITYSERVER" != "-NO-" ]; then
ConsoleMessage "Starting SecurityServer"
export DEBUGDEST=LOG_AUTHPRIV
- /System/Library/CoreServices/SecurityServer
+ /System/Library/CoreServices/SecurityServer -X
else
ConsoleMessage "SecurityServer disabled"
fi
// acl_keychain - a subject type for the protected-path
// keychain prompt interaction model.
//
-// Arguments in list form:
-// list[1] = CssmData: Descriptive String (presented to user in protected dialogs)
+// Arguments in CSSM_LIST form:
+// list[1] = CssmData: CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR structure
+// list[2] = CssmData: Descriptive String (presented to user in protected dialogs)
+// For legacy compatibility, we accept a single-entry form
+// list[1] = CssmData: Descriptive String
+// which defaults to a particular CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR structure value.
+// This is never produced by current code, and is considered purely a legacy feature.
+//
+// On-disk (flattened) representation:
+// In order to accommodate legacy formats nicely, we use the binary-versioning feature
+// of the ACL machinery. Version 0 is the legacy format (storing only the description
+// string), while Version 1 contains both selector and description. To allow for
+// maximum backward compatibility, legacy-compatible forms are written out as version 0.
+// See isLegacyCompatible().
//
// Some notes on Acl Update Triggers:
// When the user checks the "don't ask me again" checkbox in the access confirmation
// dialog, we respond by returning the informational error code
// CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT, and setting a count-down trigger
// in the connection. The caller is entitled to bypass our dialog (it succeeds
-// automatically) within the next few (Connection::aclUpdateTriggerLimit == 2)
+// automatically) within the next few (Connection::aclUpdateTriggerLimit == 3)
// requests, in order to update the object's ACL as requested. It must then retry
// the original access operation (which will presumably pass because of that edit).
// These are the rules: for the trigger to apply, the access must be to the same
-// object, from the same connection, and within the next two accesses.
-// (Currently, these are for a "get acl" and the "change acl" calls.)
+// object, from the same connection, and within the next aclUpdateTriggerLimit accesses.
+// (Currently, these are for a "get acl", "get owner", and the "change acl" calls.)
// Damage Control Department: The worst this mechanism could do, if subverted, is
// to bypass our confirmation dialog (making it appear to succeed to the ACL validation).
// But that is exactly what the "don't ask me again" checkbox is meant to do, so any
// The user can always examine the resulting ACL (in Keychain Access or elsewhere), and
// edit it to suit her needs.
//
-#ifdef __MWERKS__
-#define _CPP_ACL_KEYCHAIN
-#endif
-
#include "acl_keychain.h"
#include "agentquery.h"
#include "acls.h"
#include <algorithm>
+#define ACCEPT_LEGACY_FORM 1
+#define FECKLESS_KEYCHAIN_ACCESS_EXCEPTION 1
+
+
+//
+// The default for the selector structure.
+//
+CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR KeychainPromptAclSubject::defaultSelector = {
+ CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION, // version
+ 0 // flags
+};
+
+
//
// Validate a credential set against this subject.
//
bool KeychainPromptAclSubject::validate(const AclValidationContext &context,
const TypedList &sample) const
{
- SecurityServerEnvironment *env = context.environment<SecurityServerEnvironment>();
- if (env) {
+ if (SecurityServerEnvironment *env = context.environment<SecurityServerEnvironment>()) {
// check for special ACL-update override
if (context.authorization() == CSSM_ACL_AUTHORIZATION_CHANGE_ACL
&& Server::connection().aclWasSetForUpdateTrigger(env->acl)) {
&env->acl, description.c_str());
return true;
}
+
+ // does the user need to type in the passphrase?
+ const Database *db = env->database();
+ bool needPassphrase = db && (selector.flags & CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE);
+ debug("adhoc", "prompt acl db=%p needPassphrase=%d", db, needPassphrase);
// ask the user
- QueryKeychainUse query;
- const Database *db = env->database();
+ Process &cltProc = Server::active().connection().process;
+ debug("kcacl", "Keychain query from process %d (UID %d)", cltProc.pid(), cltProc.uid());
+#if FECKLESS_KEYCHAIN_ACCESS_EXCEPTION
+ if (cltProc.clientCode())
+ needPassphrase |=
+ cltProc.clientCode()->canonicalPath() == "/Applications/Utilities/Keychain Access.app";
+#endif
+ QueryKeychainUse query(cltProc.uid(), cltProc.session, needPassphrase);
query((db ? db->dbName() : NULL), description.c_str(), context.authorization());
+
+ // verify keychain passphrase if required
+ if (needPassphrase && !env->database()->validatePassphrase(StringData(query.passphrase)))
+ return false; // needed passphrase, passphrase is wrong
+
+ // process "always allow..." response
if (query.continueGrantingToCaller) {
// mark for special ACL-update override (really soon) later
Server::connection().setAclUpdateTrigger(env->acl);
// fail with prejudice (caller will retry)
CssmError::throwMe(CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT);
}
+
+ // finally, return the actual user response
return query.allowAccess;
}
return false; // default to deny without prejudice
//
CssmList KeychainPromptAclSubject::toList(CssmAllocator &alloc) const
{
+ // always issue new (non-legacy) form
return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT,
+ new(alloc) ListElement(alloc, CssmData::wrap(selector)),
new(alloc) ListElement(alloc, description));
}
//
-// Create a PasswordAclSubject
+// Create a KeychainPromptAclSubject
//
KeychainPromptAclSubject *KeychainPromptAclSubject::Maker::make(const TypedList &list) const
{
- ListElement *params[1];
- crack(list, 1, params, CSSM_LIST_ELEMENT_DATUM);
- return new KeychainPromptAclSubject(*params[0]);
+ switch (list.length()) {
+#if ACCEPT_LEGACY_FORM
+ case 2: // legacy case: just description
+ {
+ ListElement *params[1];
+ crack(list, 1, params, CSSM_LIST_ELEMENT_DATUM);
+ return new KeychainPromptAclSubject(*params[0], defaultSelector);
+ }
+#endif //ACCEPT_LEGACY_FORM
+ case 3: // standard case: selector + description
+ {
+ ListElement *params[2];
+ crack(list, 2, params, CSSM_LIST_ELEMENT_DATUM, CSSM_LIST_ELEMENT_DATUM);
+ return new KeychainPromptAclSubject(*params[1],
+ *CssmData(*params[0]).interpretedAs<CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR>());
+ }
+ default:
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
+ }
}
-KeychainPromptAclSubject *KeychainPromptAclSubject::Maker::make(Reader &pub, Reader &) const
+KeychainPromptAclSubject *KeychainPromptAclSubject::Maker::make(Version version,
+ Reader &pub, Reader &) const
{
- const char *description; pub(description);
- return new KeychainPromptAclSubject(description);
+ CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR selector;
+ const char *description;
+ switch (version) {
+ case pumaVersion:
+ selector = defaultSelector;
+ pub(description);
+ break;
+ case jaguarVersion:
+ pub(selector);
+ pub(description);
+ break;
+ }
+ return new KeychainPromptAclSubject(description, selector);
}
-KeychainPromptAclSubject::KeychainPromptAclSubject(string descr)
-: SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT),
- description(descr)
+KeychainPromptAclSubject::KeychainPromptAclSubject(string descr,
+ const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &sel)
+ : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT),
+ selector(sel), description(descr)
{
+ // check selector version
+ if (selector.version != CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_SUBJECT_VALUE);
+
+ // determine binary compatibility version
+ if (selector.flags == 0) // compatible with old form
+ version(pumaVersion);
+ else
+ version(jaguarVersion);
}
//
void KeychainPromptAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
{
+ if (version() != 0)
+ pub(selector);
pub.insert(description.size() + 1);
}
void KeychainPromptAclSubject::exportBlob(Writer &pub, Writer &priv)
{
+ if (version() != 0)
+ pub(selector);
pub(description.c_str());
}
+//
+// Determine whether this ACL subject is in "legacy compatible" form.
+// Legacy (<10.2) form contained no selector.
+//
+bool KeychainPromptAclSubject::isLegacyCompatible() const
+{
+ return selector.flags == 0;
+}
+
+
#ifdef DEBUGDUMP
void KeychainPromptAclSubject::debugDump() const
{
- Debug::dump("KeychainPrompt:%s", description.c_str());
+ Debug::dump("KeychainPrompt:%s(%s)",
+ description.c_str(),
+ (selector.flags & CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE) ? "passphrase" : "standard");
}
#endif //DEBUGDUMP
//
// acl_keychain - a subject type for the protected-path
-// keychain prompt interaction model.
+// keychain prompt interaction model.
//
#ifndef _ACL_KEYCHAIN
#define _ACL_KEYCHAIN
#include "SecurityAgentClient.h"
#include <string>
-#ifdef _CPP_ACL_KEYCHAIN
-#pragma export on
-#endif
-
//
// This is the actual subject implementation class
//
class KeychainPromptAclSubject : public SimpleAclSubject {
+ static const Version pumaVersion = 0; // 10.0, 10.1 -> default selector (not stored)
+ static const Version jaguarVersion = 1; // 10.2 et al -> first version selector
public:
bool validate(const AclValidationContext &baseCtx, const TypedList &sample) const;
CssmList toList(CssmAllocator &alloc) const;
- KeychainPromptAclSubject(string description);
+ KeychainPromptAclSubject(string description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &selector);
void exportBlob(Writer::Counter &pub, Writer::Counter &priv);
void exportBlob(Writer &pub, Writer &priv);
class Maker : public AclSubject::Maker {
public:
- Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT) { }
+ Maker(CSSM_ACL_SUBJECT_TYPE type = CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT)
+ : AclSubject::Maker(type) { }
KeychainPromptAclSubject *make(const TypedList &list) const;
- KeychainPromptAclSubject *make(Reader &pub, Reader &priv) const;
+ KeychainPromptAclSubject *make(Version version, Reader &pub, Reader &priv) const;
};
private:
- string description;
+ CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR selector; // selector structure
+ string description; // description blob (string)
+
+private:
+ static CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR defaultSelector;
+
+ typedef uint32 VersionMarker;
+ static const VersionMarker currentVersion = 0x3BD5910D;
+
+ bool isLegacyCompatible() const;
};
-#ifdef _CPP_ACL_KEYCHAIN
-#pragma export off
-#endif
-
-
#endif //_ACL_KEYCHAIN
// passphrases - canonical code to obtain passphrases
//
#include "agentquery.h"
+#include "authority.h"
#include "server.h"
+#include "session.h"
using namespace SecurityAgent;
//
// Construct a query object
//
-SecurityAgentQuery::SecurityAgentQuery()
+SecurityAgentQuery::SecurityAgentQuery(uid_t clientUID,
+ Session &clientSession) :
+ SecurityAgent::Client(clientUID, clientSession.bootstrapPort()),
+ mClientSession(clientSession)
{
+}
+
+SecurityAgentQuery::~SecurityAgentQuery()
+{
+ // SecurityAgent::Client::~SecurityAgent already calls terminate().
+}
+
+void
+SecurityAgentQuery::activate(const char *bootstrapName = NULL)
+{
+ if (isActive())
+ return;
+
+ // Before popping up an agent: is UI session allowed?
+ if (!(mClientSession.attributes() & sessionHasGraphicAccess))
+ CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
+
// this may take a while
Server::active().longTermActivity();
Server::connection().useAgent(this);
+
+ SecurityAgent::Client::activate(bootstrapName);
}
-SecurityAgentQuery::~SecurityAgentQuery()
+void
+SecurityAgentQuery::terminate()
{
+ if (!isActive())
+ return;
+
Server::connection(true).useAgent(NULL);
+ SecurityAgent::Client::terminate();
}
{
queryKeychainAccess(Server::connection().process.clientCode(),
Server::connection().process.pid(),
- database, description, action, *this);
+ database, description, action, needPassphrase, *this);
}
//
// Authorize by group membership
//
+QueryAuthorizeByGroup::QueryAuthorizeByGroup(uid_t clientUID, const AuthorizationToken &auth) :
+ SecurityAgentQuery(clientUID, auth.session),
+ authorization(auth), mActive(false) { }
+
+
void QueryAuthorizeByGroup::cancel(Reason reason)
{
if (mActive) {
if (mActive) {
return retryAuthorizationAuthenticate(reason, username, passphrase);
} else {
- bool result = authorizationAuthenticate(Server::connection().process.clientCode(),
+ bool result = authorizationAuthenticate(authorization.creatorCode(),
Server::connection().process.pid(), group, candidateUser, username, passphrase);
mActive = true;
return result;
}
}
+
+QueryInvokeMechanism::QueryInvokeMechanism(uid_t clientUID, const AuthorizationToken &auth) :
+ SecurityAgentQuery(clientUID, auth.session) {}
+
+bool QueryInvokeMechanism::operator () (const string &inPluginId, const string &inMechanismId, const AuthorizationValueVector *inArguments, const AuthItemSet &inHints, const AuthItemSet &inContext, AuthorizationResult *outResult, AuthorizationItemSet *&outHintsPtr, AuthorizationItemSet *&outContextPtr)
+{
+ bool result = invokeMechanism(inPluginId, inMechanismId, inArguments, inHints, inContext, outResult, outHintsPtr, outContextPtr);
+ return result;
+}
+
+QueryTerminateAgent::QueryTerminateAgent(uid_t clientUID, const AuthorizationToken &auth) :
+ SecurityAgentQuery(clientUID, auth.session) {}
+
+void QueryTerminateAgent::operator () ()
+{
+ terminateAgent();
+}
+
//
// passphrases - canonical code to obtain passphrases
//
-#ifndef _H_PASSPHRASES
-#define _H_PASSPHRASES
+#ifndef _H_AGENTQUERY
+#define _H_AGENTQUERY
#include "securityserver.h"
#include "xdatabase.h"
#include <Security/utilities.h>
#include "SecurityAgentClient.h"
+#include "AuthorizationData.h"
+using Authorization::AuthItemSet;
//
// The common machinery of retryable SecurityAgent queries
//
+class Session;
+
class SecurityAgentQuery : protected SecurityAgent::Client {
+public:
typedef SecurityAgent::Reason Reason;
-public:
- SecurityAgentQuery();
+
+ SecurityAgentQuery(uid_t clientUID, Session &clientSession);
virtual ~SecurityAgentQuery();
+
+ virtual void activate(const char *bootstrapName = NULL);
+ virtual void terminate();
+
+private:
+ Session &mClientSession;
};
//
class QueryKeychainUse : public SecurityAgent::Client::KeychainChoice, public SecurityAgentQuery {
public:
- void operator () (const char *database, const char *description, AclAuthorization action);
+ QueryKeychainUse(uid_t clientUID, Session &clientSession,
+ bool needPass) :
+ SecurityAgentQuery(clientUID, clientSession),
+ needPassphrase(needPass) { }
+ void operator () (const char *database, const char *description, AclAuthorization action);
+
+ const bool needPassphrase;
};
//
class QueryPassphrase : public SecurityAgentQuery {
protected:
- QueryPassphrase(unsigned int maxTries) : maxRetries(maxTries) { }
+ QueryPassphrase(uid_t clientUID, Session &clientSession,
+ unsigned int maxTries) :
+ SecurityAgentQuery(clientUID, clientSession),
+ maxRetries(maxTries) { }
void query(const AccessCredentials *cred, CSSM_SAMPLE_TYPE relevantSampleType);
virtual void queryInteractive(CssmOwnedData &passphrase) = 0;
class QueryUnlock : public QueryPassphrase {
static const int maxTries = 3;
public:
- QueryUnlock(Database &db) : QueryPassphrase(maxTries), database(db) { }
+ QueryUnlock(uid_t clientUID, Session &clientSession,
+ Database &db) :
+ QueryPassphrase(clientUID, clientSession, maxTries),
+ database(db) { }
Database &database;
class QueryNewPassphrase : public QueryPassphrase {
static const int maxTries = 7;
public:
- QueryNewPassphrase(Database::Common &common, Reason reason)
- : QueryPassphrase(maxTries), dbCommon(common), initialReason(reason),
- mPassphrase(CssmAllocator::standard(CssmAllocator::sensitive)),
- mPassphraseValid(false) { }
-
+ QueryNewPassphrase(uid_t clientUID, Session &clientSession,
+ Database::Common &common, Reason reason) :
+ QueryPassphrase(clientUID, clientSession, maxTries),
+ dbCommon(common), initialReason(reason),
+ mPassphrase(CssmAllocator::standard(CssmAllocator::sensitive)),
+ mPassphraseValid(false) { }
+
Database::Common &dbCommon;
void operator () (const AccessCredentials *cred, CssmOwnedData &passphrase);
// This class is not self-contained, since the AuthorizationEngine wants
// to micro-manage the retry process.
//
+class AuthorizationToken;
+
class QueryAuthorizeByGroup : public SecurityAgentQuery {
public:
- QueryAuthorizeByGroup() : mActive(false) { }
- bool operator () (const char *group, const char *candidateUser,
- char username[SecurityAgent::maxUsernameLength],
- char passphrase[SecurityAgent::maxPassphraseLength],
- Reason reason = SecurityAgent::userNotInGroup);
+ QueryAuthorizeByGroup(uid_t clientUID, const AuthorizationToken &auth);
+
+ bool operator () (const char *group, const char *candidateUser, char username[SecurityAgent::maxUsernameLength], char passphrase[SecurityAgent::maxPassphraseLength], Reason reason = SecurityAgent::userNotInGroup);
void cancel(Reason reason);
void done();
uid_t uid();
+
+ const AuthorizationToken &authorization;
private:
bool mActive;
};
+class QueryInvokeMechanism : public SecurityAgentQuery {
+public:
+ QueryInvokeMechanism(uid_t clientUID, const AuthorizationToken &auth);
+ bool operator () (const string &inPluginId, const string &inMechanismId, const AuthorizationValueVector *inArguments, const AuthItemSet &inHints, const AuthItemSet &inContext, AuthorizationResult *outResult, AuthorizationItemSet *&outHintsPtr, AuthorizationItemSet *&outContextPtr);
+};
+
+class QueryTerminateAgent : public SecurityAgentQuery {
+public:
+ QueryTerminateAgent(uid_t clientUID, const AuthorizationToken &auth);
+ void operator () ();
+};
+
+
-#endif //_H_PASSPHRASES
+#endif //_H_AGENTQUERY
#include "session.h"
#include "process.h"
+#include "AuthorizationWalkers.h"
+
+using Authorization::Right;
//
// The global dictionary of extant AuthorizationTokens
// Create an authorization token.
//
AuthorizationToken::AuthorizationToken(Session &ssn, const CredentialSet &base)
- : session(ssn), mBaseCreds(base), mTransferCount(INT_MAX),
- mCreatorUid(Server::connection().process.uid())
+ : session(ssn), mBaseCreds(base), mTransferCount(INT_MAX),
+ mCreatorUid(Server::connection().process.uid()),
+ mCreatorCode(Server::connection().process.clientCode()), mInfoSet(NULL)
{
// generate our (random) handle
Server::active().random(mHandle);
session.addAuthorization(this);
// all ready
- debug("SSauth", "Authorization %p created using %d credentials",
- this, int(mBaseCreds.size()));
+ IFDEBUG(debug("SSauth", "Authorization %p created using %d credentials; owner=%s",
+ this, int(mBaseCreds.size()),
+ mCreatorCode ? mCreatorCode->encode().c_str() : "unknown"));
}
AuthorizationToken::~AuthorizationToken()
// deregister from parent session
if (session.removeAuthorization(this))
delete &session;
+
+ // remove stored context
+ if (mInfoSet)
+ {
+ debug("SSauth", "Authorization %p destroying context @%p", this, mInfoSet);
+ CssmAllocator::standard().free(mInfoSet); // @@@ switch to sensitive allocator
+ }
debug("SSauth", "Authorization %p destroyed", this);
}
//
// Given a set of credentials, add it to our private credentials and return the result
//
+// must hold Session::mCredsLock
CredentialSet AuthorizationToken::effectiveCreds() const
{
- CredentialSet result = session.authCredentials();
+ IFDEBUG(debug("SSauth", "Authorization %p grabbing session %p creds %p", this, &session, &session.authCredentials()));
+ CredentialSet result = session.authCredentials();
for (CredentialSet::const_iterator it = mBaseCreds.begin(); it != mBaseCreds.end(); it++)
if (!(*it)->isShared())
result.insert(*it);
//
// Add more credential dependencies to an authorization
//
+// must hold Session::mCredsLock
void AuthorizationToken::mergeCredentials(const CredentialSet &add)
{
+ debug("SSauth", "Authorization %p merge creds %p", this, &add);
for (CredentialSet::const_iterator it = add.begin(); it != add.end(); it++) {
mBaseCreds.erase(*it);
mBaseCreds.insert(*it);
return false;
}
-uid_t
-AuthorizationToken::creatorUid() const
+AuthorizationItemSet &
+AuthorizationToken::infoSet()
{
- return mCreatorUid;
+ StLock<Mutex> _(mLock); // consider a separate lock
+ MutableRightSet tempInfoSet(mInfoSet); // turn no info into empty set
+
+ AuthorizationItemSet *returnSet = Copier<AuthorizationItemSet>(tempInfoSet, CssmAllocator::standard()).keep();
+ debug("SSauth", "Authorization %p returning context %p", this, returnSet);
+ return *returnSet;
}
-//
-// Call the underlying authorize() in a critical region.
-// The engine code is not thread safe.
-//
+void
+AuthorizationToken::setInfoSet(AuthorizationItemSet &newInfoSet)
+{
+ StLock<Mutex> _(mLock); // consider a separate lock
+ if (mInfoSet)
+ CssmAllocator::standard().free(mInfoSet); // @@@ move to sensitive allocator
+ debug("SSauth", "Authorization %p context %p -> %p", this, mInfoSet, &newInfoSet);
+ mInfoSet = &newInfoSet;
+}
-OSStatus Authority::authorize(const RightSet &inRights,
- const AuthorizationEnvironment *environment,
- AuthorizationFlags flags, const CredentialSet *inCredentials, CredentialSet *outCredentials,
- MutableRightSet *outRights, const AuthorizationToken &auth)
+// This is destructive (non-merging)
+void
+AuthorizationToken::setCredentialInfo(const Credential &inCred)
{
- StLock<Mutex> _(mLock);
- return Authorization::Engine::authorize(inRights, environment,
- flags, inCredentials, outCredentials, outRights, auth);
+ StLock<Mutex> _(mLock);
+
+ MutableRightSet dstInfoSet;
+ char uid_string[16]; // fit a uid_t(u_int32_t)
+
+ if (snprintf(uid_string, sizeof(uid_string), "%u", inCred->uid()) >=
+ sizeof(uid_string))
+ uid_string[0] = '\0';
+ Right uidHint("uid", uid_string ? strlen(uid_string) + 1 : 0, uid_string );
+ dstInfoSet.push_back(uidHint);
+
+ const char *user = inCred->username().c_str();
+ Right userHint("username", user ? strlen(user) + 1 : 0, user );
+ dstInfoSet.push_back(userHint);
+
+ AuthorizationItemSet *newInfoSet = Copier<AuthorizationItemSet>(dstInfoSet, CssmAllocator::standard()).keep();
+ CssmAllocator::standard().free(mInfoSet); // @@@ move to sensitive allocator
+ mInfoSet = newInfoSet;
}
#include "securityserver.h"
#include "AuthorizationEngine.h"
-
+using Authorization::Credential;
using Authorization::CredentialSet;
using Authorization::RightSet;
using Authorization::MutableRightSet;
-
+using Authorization::AuthItemSet;
class Process;
class Session;
bool mayExternalize(Process &proc) const;
bool mayInternalize(Process &proc, bool countIt = true);
- uid_t creatorUid() const;
+ uid_t creatorUid() const { return mCreatorUid; }
+ CodeSigning::OSXCode *creatorCode() const { return mCreatorCode; }
+
+ AuthorizationItemSet &infoSet();
+ void setInfoSet(AuthorizationItemSet &newInfoSet);
+ void setCredentialInfo(const Credential &inCred);
+
public:
static AuthorizationToken &find(const AuthorizationBlob &blob);
ProcessSet mUsingProcesses; // set of process objects using this token
uid_t mCreatorUid; // Uid of proccess that created this authorization
+ RefPointer<OSXCode> mCreatorCode; // code id of creator
+
+ AuthorizationItemSet *mInfoSet; // Side band info gathered from evaluations in this session
private:
typedef map<AuthorizationBlob, AuthorizationToken *> AuthMap;
class Authority : public Authorization::Engine {
public:
Authority(const char *configFile);
- virtual ~Authority();
-
- OSStatus authorize(const RightSet &inRights, const AuthorizationEnvironment *environment,
- AuthorizationFlags flags, const CredentialSet *inCredentials, CredentialSet *outCredentials,
- MutableRightSet *outRights, const AuthorizationToken &auth);
-
-private:
- Mutex mLock; // force-single-thread lock for authorize()
+ ~Authority();
};
// cfnotifier - quick & dirty code to send keychain lock notification
//
#include "cfnotifier.h"
+#include <Security/cfutilities.h>
#include <Security/debugging.h>
-#include <CoreFoundation/CoreFoundation.h>
#include "session.h"
#define notificationName CFSTR("com.apple.securitycore.kcevent")
#define eventTypeKey CFSTR("type")
+#define pidKey CFSTR("pid")
#define keychainKey CFSTR("keychain")
#define itekey CFSTR("item")
#define keyGUID CFSTR("GUID")
}
+//
+// Key inquiries
+//
+CSSM_KEY_SIZE Connection::queryKeySize(Key &key)
+{
+ CssmClient::Key theKey(Server::csp(), key);
+ return theKey.sizeInBits();
+}
+
+
//
// Signatures and MACs
//
void Connection::generateSignature(const Context &context, Key &key,
- const CssmData &data, CssmData &signature)
+ CSSM_ALGORITHMS signOnlyAlgorithm, const CssmData &data, CssmData &signature)
{
context.replace(CSSM_ATTRIBUTE_KEY, (CSSM_KEY &)key);
key.validate(CSSM_ACL_AUTHORIZATION_SIGN, context);
- CssmClient::Sign signer(Server::csp(), context.algorithm());
+ CssmClient::Sign signer(Server::csp(), context.algorithm(), signOnlyAlgorithm);
signer.override(context);
signer.sign(data, signature);
}
void Connection::verifySignature(const Context &context, Key &key,
- const CssmData &data, const CssmData &signature)
+ CSSM_ALGORITHMS verifyOnlyAlgorithm, const CssmData &data, const CssmData &signature)
{
context.replace(CSSM_ATTRIBUTE_KEY, (CSSM_KEY &)key);
- CssmClient::Verify verifier(Server::csp(), context.algorithm());
+ CssmClient::Verify verifier(Server::csp(), context.algorithm(), verifyOnlyAlgorithm);
verifier.override(context);
verifier.verify(data, signature);
}
//
-// Key generation.
+// Key generation and derivation.
// Currently, we consider symmetric key generation to be fast, but
// asymmetric key generation to be (potentially) slow.
//
// generate key
// @@@ turn "none" return into reference if permanent (only)
CssmKey key;
- generate(key, CssmClient::KeySpec(usage, attrs & ~Key::managedAttributes));
+ generate(key, Key::KeySpec(usage, attrs));
// register and return the generated key
newKey = new Key(db, key, attrs & Key::managedAttributes, owner);
// generate keys
// @@@ turn "none" return into reference if permanent (only)
CssmKey pubKey, privKey;
- generate(pubKey, CssmClient::KeySpec(pubUsage, pubAttrs & ~Key::managedAttributes),
- privKey, CssmClient::KeySpec(privUsage, privAttrs & ~Key::managedAttributes));
+ generate(pubKey, Key::KeySpec(pubUsage, pubAttrs),
+ privKey, Key::KeySpec(privUsage, privAttrs));
// register and return the generated keys
publicKey = new Key(db, pubKey, pubAttrs & Key::managedAttributes, owner);
privateKey = new Key(db, privKey, privAttrs & Key::managedAttributes, owner);
}
+Key &Connection::deriveKey(Database *db, const Context &context, Key *baseKey,
+ const AccessCredentials *cred, const AclEntryPrototype *owner,
+ CssmData *param, uint32 usage, uint32 attrs)
+{
+ // prepare a key-derivation context
+ if (baseKey) {
+ baseKey->validate(CSSM_ACL_AUTHORIZATION_DERIVE, cred);
+ context.replace(CSSM_ATTRIBUTE_KEY, (CSSM_KEY &)*baseKey);
+ }
+ CssmClient::DeriveKey derive(Server::csp(), context.algorithm(), CSSM_ALGID_NONE);
+ derive.override(context);
+
+ // derive key
+ // @@@ turn "none" return into reference if permanent (only)
+ CssmKey key;
+ derive(param, Key::KeySpec(usage, attrs), key);
+
+ // register and return the generated key
+ return *new Key(db, key, attrs & Key::managedAttributes, owner);
+}
+
//
// Key wrapping and unwrapping.
}
// @@@ Invoking conversion operator to CssmKey & on *publicKey and take the address of the result.
- unwrap(wrappedKey, CssmClient::KeySpec(usage, attrs), unwrappedKey,
+ unwrap(wrappedKey, Key::KeySpec(usage, attrs), unwrappedKey,
descriptiveData, publicKey ? &static_cast<CssmKey &>(*publicKey) : NULL);
return *new Key(db, unwrappedKey, attrs & Key::managedAttributes, owner);
}
+
+
+//
+// Miscellaneous CSSM functions
+//
+uint32 Connection::getOutputSize(const Context &context, Key &key, uint32 inputSize, bool encrypt)
+{
+ // We're fudging here somewhat, since the context can be any type.
+ // ctx.override will fix the type, and no-one's the wiser.
+ context.replace(CSSM_ATTRIBUTE_KEY, (CSSM_KEY &)key);
+ CssmClient::Digest ctx(Server::csp(), context.algorithm());
+ ctx.override(context);
+ return ctx.getOutputSize(inputSize, encrypt);
+}
+
public:
void releaseKey(KeyHandle key);
+ CSSM_KEY_SIZE queryKeySize(Key &key);
// service calls
- void generateSignature(const Context &context, Key &key,
+ void generateSignature(const Context &context, Key &key, CSSM_ALGORITHMS signOnlyAlgorithm,
const CssmData &data, CssmData &signature);
- void verifySignature(const Context &context, Key &key,
+ void verifySignature(const Context &context, Key &key, CSSM_ALGORITHMS verifyOnlyAlgorithm,
const CssmData &data, const CssmData &signature);
void generateMac(const Context &context, Key &key,
const CssmData &data, CssmData &mac);
const AccessCredentials *cred, const AclEntryPrototype *owner,
uint32 pubUsage, uint32 pubAttrs, uint32 privUsage, uint32 privAttrs,
Key * &publicKey, Key * &privateKey);
+ Key &deriveKey(Database *db, const Context &context, Key *key,
+ const AccessCredentials *cred, const AclEntryPrototype *owner,
+ CssmData *param, uint32 usage, uint32 attrs);
void wrapKey(const Context &context, Key *key,
Key &keyToBeWrapped, const AccessCredentials *cred,
const AccessCredentials *cred, const AclEntryPrototype *owner,
uint32 usage, uint32 attrs, const CssmKey wrappedKey,
Key *publicKey, CssmData *descriptiveData);
+
+ uint32 getOutputSize(const Context &context, Key &key, uint32 inputSize, bool encrypt = true);
private:
// peer state: established during connection startup; fixed thereafter
// see KeychainPromptAclSubject in acl_keychain.cpp for more information on this
const SecurityServerAcl *aclUpdateTrigger; // update trigger set for this (NULL if none)
uint8 aclUpdateTriggerCount; // number of back-to-back requests honored
- static const uint8 aclUpdateTriggerLimit = 2; // two subsequent calls (getAcl + changeAcl)
+ static const uint8 aclUpdateTriggerLimit = 3; // 3 calls (getAcl+getOwner+changeAcl)
};
// create a random 20 byte HMAC1/SHA1 signing "key"
GenerateKey signGenerator(Server::csp(), CSSM_ALGID_SHA1HMAC,
- sizeof(DbBlob::PrivateBlob::signingKey) * 8);
+ sizeof(DbBlob::PrivateBlob::SigningKey) * 8);
signingKey = signGenerator(KeySpec(CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY,
CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE));
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// EntropyManager - manage entropy on the system.
+//
+// Here is our mission:
+// (1) On startup, read the entropy file and seed it into the RNG for initial use
+// (2) Periodically, collect entropy from the system and seed it into the RNG
+// (3) Once in a while, take entropy from the RNG and write it to the entropy file
+// for use across reboots.
+//
+// This class will fail to operate if the process has (and retains) root privileges.
+// We re-open the entropy file on each use so that we don't work with a "phantom"
+// file that some fool administrator removed yesterday.
+//
+#include "entropy.h"
+#include <sys/sysctl.h>
+#include <mach/clock_types.h>
+#include <errno.h>
+#include <Security/logging.h>
+#include <sys/sysctl.h>
+#include <Security/debugging.h>
+
+/* when true, action() called every 15 seconds */
+#define ENTROPY_QUICK_UPDATE 0
+#if ENTROPY_QUICK_UPDATE
+#define COLLECT_INTERVAL 15
+#else
+#define COLLECT_INTERVAL collectInterval
+#endif ENTROPY_QUICK_UPDATE
+
+using namespace UnixPlusPlus;
+
+
+//
+// During construction, we perform initial entropy file recovery.
+//
+EntropyManager::EntropyManager(MachPlusPlus::MachServer &srv, const char *entropyFile)
+ : DevRandomGenerator(true), server(srv),
+ mEntropyFilePath(entropyFile), mNextUpdate(Time::now())
+{
+ // Read the entropy file and seed the RNG. It is not an error if we can't find one.
+ try {
+ AutoFileDesc oldEntropyFile(entropyFile, O_RDONLY);
+ char buffer[entropyFileSize];
+ if (size_t size = oldEntropyFile.read(buffer))
+ addEntropy(buffer, size);
+ } catch (...) { }
+
+ // go through a collect/update/reschedule cycle immediately
+ action();
+}
+
+
+//
+// Timer action
+//
+void EntropyManager::action()
+{
+ collectEntropy();
+ updateEntropyFile();
+
+ server.setTimer(this, Time::Interval(COLLECT_INTERVAL)); // drifting reschedule (desired)
+}
+
+
+//
+// Collect system timings and seed into the RNG.
+// Note that the sysctl will block until the buffer is full or the timeout expires.
+// We currently use a 1ms timeout, which almost always fills the buffer and
+// does not provide enough of a delay to worry about it. If we ever get worried,
+// we could call longTermActivity on the server object to get another thread going.
+//
+void EntropyManager::collectEntropy()
+{
+ int mib[4];
+ mib[0] = CTL_KERN;
+ mib[1] = KERN_KDEBUG;
+ mib[2] = KERN_KDGETENTROPY;
+ mib[3] = 1; // milliseconds maximum delay
+ mach_timespec_t timings[timingsToCollect];
+ size_t size = sizeof(timings);
+ int ret = sysctl(mib, 4, timings, &size, NULL, 0);
+ if (ret == -1) {
+ Syslog::alert("entropy collection failed (errno=%d)", errno);
+ return;
+ }
+ char buffer[timingsToCollect];
+ for (unsigned n = 0; n < size; n++)
+ buffer[n] = timings[n].tv_nsec; // truncating to LSB
+ debug("entropy", "Entropy size %d: %02x %02x %02x %02x %02x %02x %02x %02x...",
+ (int)size,
+ (unsigned char)buffer[0], (unsigned char)buffer[1], (unsigned char)buffer[2],
+ (unsigned char)buffer[3], (unsigned char)buffer[4], (unsigned char)buffer[5],
+ (unsigned char)buffer[6], (unsigned char)buffer[7]);
+ addEntropy(buffer, size);
+}
+
+
+//
+// (Re)write the entropy file with random data pulled from the RNG
+//
+void EntropyManager::updateEntropyFile()
+{
+ if (Time::now() >= mNextUpdate) {
+ char buffer[entropyFileSize];
+ try {
+ debug("entropy", "updating %s", mEntropyFilePath.c_str());
+ random(buffer, entropyFileSize);
+ AutoFileDesc entropyFile(mEntropyFilePath.c_str(), O_WRONLY | O_TRUNC | O_CREAT, 0600);
+ if (entropyFile.write(buffer) != entropyFileSize)
+ Syslog::warning("short write on entropy file %s", mEntropyFilePath.c_str());
+ mNextUpdate += updateInterval;
+ } catch (...) {
+ Syslog::warning("error writing entropy file %s", mEntropyFilePath.c_str());
+ }
+ }
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// yarrowseed - periodical to collect and seed entropy into /dev/random
+//
+#ifndef _H_ENTROPY
+#define _H_ENTROPY
+
+#include <Security/machserver.h>
+#include <Security/timeflow.h>
+#include <Security/devrandom.h>
+
+using namespace Security;
+using MachPlusPlus::MachServer;
+
+
+//
+// A (one-off) timer object that manages system entropy
+//
+class EntropyManager : public MachServer::Timer, private DevRandomGenerator {
+ // all the parameters you ever (should) want to change :-)
+ static const int collectInterval = 600; // collect every 10 minutes
+ static const int updateInterval = 3600; // update file every hour
+ static const int timingsToCollect = 40; // how many timings?
+
+public:
+ EntropyManager(MachPlusPlus::MachServer &srv, const char *entropyFile);
+
+ void action();
+
+ MachPlusPlus::MachServer &server; // to which we do setTimer()
+
+private:
+ string mEntropyFilePath; // absolute path to entropy file
+ Time::Absolute mNextUpdate; // next time for entropy file update
+
+ void collectEntropy(); // collect system timings and seed RNG
+ void updateEntropyFile(); // update entropy file from RNG if it's time
+
+ static const size_t entropyFileSize = 20; // bytes (effectively one SHA-1 worth)
+};
+
+#endif //_H_ENTROPY
mValidUID = false;
setup(newKey, moreAttributes);
- // establish initial ACL
- if (owner)
- cssmSetInitial(*owner);
+ // establish initial ACL; reinterpret empty (null-list) owner as NULL for resilence's sake
+ if (owner && !owner->subject().empty())
+ cssmSetInitial(*owner); // specified
else
- cssmSetInitial(new AnyAclSubject());
- debug("SSkey", "%p created from key alg=%ld use=0x%lx attr=0x%lx",
- this, mKey.algorithm(), mKey.usage(), mAttributes);
+ cssmSetInitial(new AnyAclSubject()); // defaulted
+ debug("SSkey", "%p created from key alg=%ld use=0x%lx attr=0x%lx db=%p",
+ this, mKey.algorithm(), mKey.usage(), mAttributes, db);
}
// verify internal/external attribute separation
assert(!(header.attributes() & managedAttributes));
- // copy key data field @@@ crud - replace after MM reorg
- mKey.KeyData = CssmData(memcpy(malloc(newKey.length()), newKey.data(), newKey.length()), newKey.length());
+ // copy key data field, using the CSP's allocator (so the release operation works later)
+ mKey.KeyData = CssmAutoData(Server::csp().allocator(), newKey).release();
}
}
+//
+// Form a KeySpec with checking and masking
+//
+Key::KeySpec::KeySpec(uint32 usage, uint32 attrs)
+ : CssmClient::KeySpec(usage, attrs & ~managedAttributes)
+{
+ if (attrs & generatedAttributes)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+}
+
+Key::KeySpec::KeySpec(uint32 usage, uint32 attrs, const CssmData &label)
+ : CssmClient::KeySpec(usage, attrs & ~managedAttributes, label)
+{
+ if (attrs & generatedAttributes)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+}
+
+
//
// Retrieve the actual CssmKey value for the key object.
// This will decode its blob if needed (and appropriate).
#include "acls.h"
#include <Security/utilities.h>
#include <Security/handleobject.h>
+#include <Security/keyclient.h>
class Database;
// yield the decoded internal key -- internal attributes
operator CssmKey &() { return keyValue(); }
+ operator CSSM_KEY & () { return keyValue(); }
size_t length() { return keyValue().length(); }
void *data() { return keyValue().data(); }
// key attributes that should not be passed on to the CSP
static const uint32 managedAttributes = KeyBlob::managedAttributes;
+ // these attributes are internally generated, and invalid on input
+ static const uint32 generatedAttributes =
+ CSSM_KEYATTR_ALWAYS_SENSITIVE | CSSM_KEYATTR_NEVER_EXTRACTABLE;
+
+ // a version of KeySpec that self-checks and masks for CSP operation
+ class KeySpec : public CssmClient::KeySpec {
+ public:
+ KeySpec(uint32 usage, uint32 attrs);
+ KeySpec(uint32 usage, uint32 attrs, const CssmData &label);
+ };
private:
void setup(const CssmKey &newKey, uint32 attrs);
//
#include "securityserver.h"
#include "server.h"
-#include <MacYarrow/yarrowseed.h>
+#include "entropy.h"
#include <Security/daemon.h>
#include <Security/osxsigner.h>
// ACL subject types (their makers are instantiated here)
#include <Security/acl_any.h>
#include <Security/acl_password.h>
+#include <Security/acl_protectedpw.h>
#include <Security/acl_threshold.h>
#include <Security/acl_codesigning.h>
#include <Security/acl_comment.h>
{
// program arguments (preset to defaults)
bool forceCssmInit = false;
+ bool reExecute = false;
int workerTimeout = 0;
int maxThreads = 0;
const char *authorizationConfig = "/etc/authorization";
const char *bootstrapName = "SecurityServer";
+ const char *entropyFile = "/var/db/SystemEntropyCache";
// parse command line arguments
extern char *optarg;
extern int optind;
int arg;
- while ((arg = getopt(argc, argv, "a:dfN:t:T:")) != -1) {
+ while ((arg = getopt(argc, argv, "a:dEfN:t:T:X")) != -1) {
switch (arg) {
case 'a':
authorizationConfig = optarg;
case 'd':
debugMode++;
break;
+ case 'E':
+ entropyFile = optarg;
+ break;
case 'f':
forceCssmInit = true;
break;
if ((workerTimeout = atoi(optarg)) < 0)
workerTimeout = 0;
break;
+ case 'X':
+ reExecute = true;
+ break;
default:
usage(argv[0]);
}
if (optind < argc)
usage(argv[0]);
- // configure logging
+ // configure logging first
if (debugMode) {
Syslog::open(argv[0], LOG_AUTHPRIV, LOG_PERROR);
Syslog::notice("SecurityServer started in debug mode");
// in debug mode, issue a warning
if (uid_t uid = getuid()) {
#if defined(NDEBUG)
- Syslog::alert("Unprivileged SecurityServer aborted (uid=%d)", uid);
+ Syslog::alert("Tried to run SecurityServer as user %d: aborted", uid);
fprintf(stderr, "You are not allowed to run SecurityServer\n");
exit(1);
#else
- debug("SS", "Running unprivileged (uid=%d); some features may not work", uid);
+ fprintf(stderr, "SecurityServer is unprivileged; some features may not work.\n");
+ debug("SS", "Running as user %d (you have been warned)", uid);
#endif //NDEBUG
}
// turn into a properly diabolical daemon unless debugMode is on
- if (!debugMode && !Daemon::incarnate())
- exit(1);
+ if (!debugMode) {
+ if (!Daemon::incarnate())
+ exit(1); // can't daemonize
+
+ if (reExecute && !Daemon::executeSelf(argv))
+ exit(1); // can't self-execute
+ }
// create a code signing engine
CodeSigning::OSXSigner signer;
// establish the ACL machinery
new AnyAclSubject::Maker();
new PasswordAclSubject::Maker();
+ new ProtectedPasswordAclSubject::Maker();
new ThresholdAclSubject::Maker();
- new KeychainPromptAclSubject::Maker();
new CommentAclSubject::Maker();
new CodeSignatureAclSubject::Maker(signer);
-
- // create the RootSession object
- RootSession rootSession;
+ new KeychainPromptAclSubject::Maker();
+
+ // add a temporary registration for a subject type that went out in 10.2 seed 1
+ // this should probably be removed for the next major release >10.2
+ new KeychainPromptAclSubject::Maker(CSSM_WORDID__RESERVED_1);
// create the main server object and register it
Server server(authority, bootstrapName);
+
+ // create the RootSession object (if -d, give it graphics and tty attributes)
+ RootSession rootSession(server.primaryServicePort(),
+ debugMode ? (sessionHasGraphicAccess | sessionHasTTY) : 0);
// set server configuration from arguments, if specified
if (workerTimeout)
server.maxThreads(maxThreads);
// add the RNG seed timer to it
- YarrowTimer yarrow(server);
+# if defined(NDEBUG)
+ EntropyManager entropy(server, entropyFile);
+# else
+ if (!getuid()) new EntropyManager(server, entropyFile);
+# endif
// set up signal handlers
if (signal(SIGCHLD, handleSIGCHLD) == SIG_ERR)
switch (sig) {
case SIGINT:
debug("SS", "Interrupt signal; terminating");
+ Syslog::notice("received interrupt signal; terminating");
exit(0);
case SIGTERM:
debug("SS", "Termination signal; terminating");
+ Syslog::notice("received termination signal; terminating");
exit(0);
}
}
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// EntropyManager - manage entropy on the system.
+//
+#include "notifications.h"
+#include "server.h"
+#include "ucspNotify.h"
+
+
+Listener::ListenerMap Listener::listeners;
+Mutex Listener::setLock;
+
+
+//
+// Construct a new Listener and hook it up
+//
+Listener::Listener(Process &proc, Port receiver, Domain dom, EventMask evs)
+ : process(proc), domain(dom), events(evs), mNotificationPort(receiver)
+{
+ assert(events); // what's the point?
+
+ // register in listener set
+ StLock<Mutex> _(setLock);
+ listeners.insert(ListenerMap::value_type(receiver, this));
+
+ // let's get told when the receiver port dies
+ Server::active().notifyIfDead(receiver);
+
+ debug("notify", "%p created domain %ld events 0x%lx port %d",
+ this, domain, events, mNotificationPort.port());
+}
+
+
+//
+// Destroy a listener. Cleans up.
+//
+Listener::~Listener()
+{
+ mNotificationPort.deallocate();
+ debug("notify", "%p destroyed", this);
+}
+
+
+//
+// Send a single notification for this listener
+//
+void Listener::notifyMe(Domain domain, Event event, const CssmData &data)
+{
+ if (domain != this->domain || !(event & events))
+ return; // not interested
+
+ debug("notify", "%p sending domain %ld event 0x%lx to port %d process %d",
+ this, domain, event, mNotificationPort.port(), process.pid());
+
+ // send mach message (via MIG simpleroutine)
+ if (kern_return_t rc = ucsp_notify_sender_notify(mNotificationPort,
+ MACH_SEND_TIMEOUT, 0,
+ domain, event, data.data(), data.length(),
+ 0 /*@@@ placeholder for sender ID */))
+ debug("notify", "%p send failed (error=%d)", this, rc);
+}
+
+
+//
+// Send a notification to all registered listeners
+//
+void Listener::notify(Domain domain, Event event, const CssmData &data)
+{
+ for (ListenerMap::const_iterator it = listeners.begin();
+ it != listeners.end(); it++)
+ it->second->notifyMe(domain, event, data);
+}
+
+
+//
+// Handle a port death or deallocation by removing all Listeners using that port.
+// Returns true iff we had one.
+//
+bool Listener::remove(Port port)
+{
+ typedef ListenerMap::iterator Iterator;
+ StLock<Mutex> _(setLock);
+ pair<Iterator, Iterator> range = listeners.equal_range(port);
+ if (range.first == range.second)
+ return false; // not one of ours
+
+ Server::active().notifyIfDead(port, false);
+ for (Iterator it = range.first; it != range.second; it++)
+ delete it->second;
+ listeners.erase(range.first, range.second);
+ return true; // got it
+}
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+//
+//
+#ifndef _H_NOTIFICATIONS
+#define _H_NOTIFICATIONS
+
+#include <Security/mach++.h>
+#include <Security/globalizer.h>
+#include <map>
+
+
+using namespace MachPlusPlus;
+
+
+class Process;
+
+
+//
+// A registered receiver of notifications.
+// Each one is for a particular database (or all), set of events,
+// and to a particular Mach port. A process may have any number
+// of listeners, each independent; so that multiple notifications can
+// be sent to the same process if it registers repeatedly.
+//
+class Listener {
+public:
+ enum {
+ lockedEvent = 1, // a keychain was locked
+ unlockedEvent = 2, // a keychain was unlocked
+ passphraseChangedEvent = 6, // a keychain password was (possibly) changed
+
+ allEvents = lockedEvent | unlockedEvent | passphraseChangedEvent
+ };
+ typedef uint32 Event, EventMask;
+
+ enum {
+ allNotifications = 0, // all domains (useful for testing only)
+ databaseNotifications = 1 // something happened to a database (aka keychain)
+ };
+ typedef uint32 Domain;
+
+public:
+ Listener(Process &proc, Port receiver, Domain domain, EventMask evs = allEvents);
+ virtual ~Listener();
+
+ Process &process;
+ const Domain domain;
+ const EventMask events;
+
+ virtual void notifyMe(Domain domain, Event event, const CssmData &data);
+ static void notify(Domain domain, Event event, const CssmData &data);
+ static bool remove(Port port);
+
+protected:
+ Port mNotificationPort;
+
+private:
+ typedef multimap<mach_port_t, Listener *> ListenerMap;
+ static ListenerMap listeners;
+ static Mutex setLock;
+};
+
+
+#endif //_H_NOTIFICATIONS
//
// Construct a Process object.
//
-Process::Process(TaskPort taskPort, const char *identity, uid_t uid, gid_t gid)
- : session(Session::find(taskPort.bootstrap())), mBusyCount(0), mDying(false),
+Process::Process(Port servicePort, TaskPort taskPort, const char *identity, uid_t uid, gid_t gid)
+ : session(Session::find(servicePort)), mBusyCount(0), mDying(false),
mTaskPort(taskPort), mUid(uid), mGid(gid)
{
// let's take a look at our wannabe client...
mTaskPort.port(), identity ? identity : "(unknown)");
}
+#if 0
Process::Process(Process &prior)
: session(Session::find(prior.mTaskPort.bootstrap())), mBusyCount(0), mDying(false),
mTaskPort(prior.mTaskPort), mUid(prior.mUid), mGid(prior.mGid)
// copy the client-code id (and clear it in the prior so it doesn't get destroyed there)
mClientCode = prior.mClientCode;
- prior.mClientCode = NULL;
prior.mTaskPort = Port();
debug("SS", "Process %p(%d) recloned uid=%d gid=%d session=%p",
this, mPid, mUid, mGid, &session);
}
+#endif
Process::~Process()
// no need to lock here; the client process has no more active threads
debug("SS", "Process %p(%d) has died", this, mPid);
+ // release our name for the process's task port
if (mTaskPort)
mTaskPort.destroy(); // either dead or taken by reclone
- delete mClientCode;
// deregister from session
if (session.removeProcess(this))
}
-//
-// Given a task port, determine which session it belongs to.
-// @@@ Very preliminary, pending true session implementation.
-//
-Session &Process::sessionForPort(TaskPort taskPort)
-{
- return Session::find(taskPort.bootstrap());
-}
-
-
//
// Connection management
//
}
return false; // keep the auth; it's still in use
}
+
+
+//
+// Notification client maintainance
+//
+void Process::requestNotifications(Port port, Listener::Domain domain, Listener::EventMask events)
+{
+ new Listener(*this, port, domain, events);
+}
+
+void Process::stopNotifications(Port port)
+{
+ if (!Listener::remove(port))
+ CssmError::throwMe(CSSMERR_CSSM_INVALID_HANDLE_USAGE); //@@@ bad name (should be "no such callback")
+}
+
+void Process::postNotification(Listener::Domain domain, Listener::Event event, const CssmData &data)
+{
+ Listener::notify(domain, event, data);
+}
+
#include "securityserver.h"
#include "SecurityAgentClient.h"
#include <Security/osxsigning.h>
+#include <Security/refcount.h>
#include "key.h"
+#include "notifications.h"
#include <string>
using MachPlusPlus::Port;
//
class Process {
public:
- Process(TaskPort tPort, const char *identity, uid_t uid, gid_t gid);
+ Process(Port servicePort, TaskPort tPort, const char *identity, uid_t uid, gid_t gid);
+#if 0
Process(Process &prior); // specialized reclone facility
+#endif
virtual ~Process();
uid_t uid() const { return mUid; }
pid_t pid() const { return mPid; }
TaskPort taskPort() const { return mTaskPort; }
- const CodeSigning::OSXCode *clientCode() const { return mClientCode; }
+ CodeSigning::OSXCode *clientCode() const { return mClientCode; }
bool verifyCodeSignature(const CodeSigning::Signature *signature);
void addAuthorization(AuthorizationToken *auth);
void addDatabase(Database *database);
void removeDatabase(Database *database);
+ void requestNotifications(Port port, Listener::Domain domain, Listener::EventMask events);
+ void stopNotifications(Port port);
+ void postNotification(Listener::Domain domain, Listener::Event event, const CssmData &data);
+
Session &session;
-protected:
- static Session &sessionForPort(TaskPort taskPort);
-
private:
Mutex mLock; // object lock
uint32 mBusyCount; // number of Connection references
uid_t mUid; // UNIX uid credential
gid_t mGid; // primary UNIX gid credential
- CodeSigning::OSXCode *mClientCode; // code object for client
+ RefPointer<CodeSigning::OSXCode> mClientCode; // code object for client
// authorization dictionary
typedef multiset<AuthorizationToken *> AuthorizationSet;
type Choice = struct[2] of unsigned32;
type MigBoolean = unsigned32;
+type Data = array [] of char;
+
+type AuthorizationString = c_string[*:1024];
+type AuthorizationItemSetBlob = Data
+ ctype: AuthorizationItemSetPtr;
+type AuthorizationItemSetPtr = unsigned32;
+type AuthorizationValueVectorBlob = Data
+ ctype: AuthorizationValueVectorPtr;
+type AuthorizationValueVectorPtr = unsigned32;
+
+type AuthorizationResultInt = unsigned32;
+
//
// Common argument profiles
//
+
#define UCSP_PORTS requestport sport: mach_port_t; \
replyport rport: mach_port_t; \
out status: OSStatus
-#define IN_BLOB(name) in name: name##Blob; in name##Base: name##Ptr
+#define IN_BLOB(name,type) in name: type##Blob; in name##Base: type##Ptr
+#define OUT_BLOB(name,type) out name: type##Blob; out name##Base: type##Ptr
//
//
// "Rogue App" alert/confirm function
//
-routine queryKeychainAccess(UCSP_PORTS;
+routine queryKeychainAccess(UCSP_PORTS;
in requestor: ConstString; in requestPid: pid_t; in database: ConstString;
- in item: ConstString; in operation: AclAuthorization;
+ in item: ConstString; in operation: AclAuthorization; in needPassphrase: MigBoolean;
out choice: Choice);
//
out authenticatedUser: Username; out authenticatedPassword: String);
routine retryAuthorizationAuthenticate(UCSP_PORTS; in reason: Reason;
out authenticatedUser: Username; out authenticatedPassword: String);
+
+routine invokeMechanism(UCSP_PORTS;
+ out stagePort: mach_port_copy_send_t;
+// plugin id
+ in pluginId: AuthorizationString;
+// mechanism id
+ in mechanismId: AuthorizationString;
+ IN_BLOB(argumentsIn,AuthorizationValueVector);
+ IN_BLOB(hintsIn,AuthorizationItemSet);
+ IN_BLOB(contextIn,AuthorizationItemSet);
+// result
+ out resultOut: AuthorizationResultInt;
+ OUT_BLOB(hintsOut,AuthorizationItemSet);
+ OUT_BLOB(contextOut,AuthorizationItemSet)
+);
+
+routine terminate(requestport sport: mach_port_t;
+ replyport rport: mach_port_t);
+
// secagent_types - type equivalence declarations for SecurityAgent MIG
//
#include "SecurityAgentClient.h"
+#include <Security/Authorization.h>
+#include <Security/AuthorizationPlugin.h>
// @@@ who forgot that one?
extern "C" kern_return_t mig_deallocate(vm_address_t addr, vm_size_t size);
using namespace SecurityAgent;
-
+typedef void *Data;
+
typedef char *String;
typedef const char *ConstString;
typedef Client::KeychainChoice Choice;
typedef char *Username;
typedef uint32 MigBoolean;
+typedef AuthorizationItemSet AuthorizationItemSetBlob;
+typedef AuthorizationItemSet *AuthorizationItemSetPtr;
+typedef AuthorizationValueVector AuthorizationValueVectorBlob;
+typedef AuthorizationValueVector *AuthorizationValueVectorPtr;
-// fix const-blindless in MIG's internals
-inline int mig_strncpy(char *dest, const char *src, int length)
-{ return ::mig_strncpy(dest, const_cast<char *>(src), length); }
+typedef AuthorizationMechanismId PluginId;
+typedef AuthorizationMechanismId MechanismId;
+typedef uint32 AuthorizationResultInt;
//
#include "server.h"
#include "session.h"
#include "acls.h"
+#include "notifications.h"
+#include "ucsp.h"
#include <mach/mach_error.h>
using namespace MachPlusPlus;
//
Server::Server(Authority &myAuthority, const char *bootstrapName)
: MachServer(bootstrapName),
+ mBootstrapName(bootstrapName),
mCurrentConnection(false),
mCSPModule(gGuidAppleCSP, mCssm), mCSP(mCSPModule),
mAuthority(myAuthority)
//
-// The server run-loop function
+// The primary server run-loop function.
+// Invokes the MIG-generated main dispatch function (ucsp_server).
+// For debug builds, look up request names in a MIG-generated table
+// for better debug-log messages.
//
boolean_t ucsp_server(mach_msg_header_t *, mach_msg_header_t *);
+#if defined(NDEBUG)
+
boolean_t Server::handle(mach_msg_header_t *in, mach_msg_header_t *out)
{
return ucsp_server(in, out);
}
+#else //NDEBUG
+
+static const struct IPCName { const char *name; int ipc; } ipcNames[] =
+ { subsystem_to_name_map_ucsp }; // macro generated by MIG, from ucsp.h
+
+boolean_t Server::handle(mach_msg_header_t *in, mach_msg_header_t *out)
+{
+ const int first = ipcNames[0].ipc;
+ assert(in->msgh_id >= first && in->msgh_id < first + ucsp_MSG_COUNT);
+ const char *name = ipcNames[in->msgh_id - first].name;
+ debug("SSreq", "begin %s (%d)", name, in->msgh_id);
+ boolean_t result = ucsp_server(in, out);
+ debug("SSreq", "end %s (%d)", name, in->msgh_id);
+ return result;
+}
+
+#endif //NDEBUG
+
//
// Set up a new Connection. This establishes the environment (process et al) as needed
// and registers a properly initialized Connection object to run with.
//
-void Server::setupConnection(Port replyPort, Port taskPort,
+void Server::setupConnection(Port servicePort, Port replyPort, Port taskPort,
const security_token_t &securityToken, const char *identity)
{
// first, make or find the process based on task port
StLock<Mutex> _(lock);
Process * &proc = processes[taskPort];
if (proc == NULL) {
- proc = new Process(taskPort, identity, securityToken.val[0], securityToken.val[1]);
+ proc = new Process(servicePort, taskPort, identity,
+ securityToken.val[0], securityToken.val[1]);
notifyIfDead(taskPort);
}
// (Avoid it by calling SessionCreate before calling any other Security interfaces in
// the process's life.)
//
+#if 0
Process *Server::resetConnection()
{
Connection *oldConnection = mCurrentConnection;
return proc;
}
+#endif
//
void Server::notifyDeadName(Port port)
{
StLock<Mutex> _(lock);
+ debug("SSports", "port %d is dead", port.port());
// is it a connection?
ConnectionMap::iterator conIt = connections.find(port);
return;
}
- // well, it better be a session
- Session::eliminate(Bootstrap(port));
+ // is it a notification client?
+ if (Listener::remove(port))
+ return;
+
+ debug("server", "spurious dead port notification for port %d", port.port());
+}
+
+
+//
+// Handling no-senders notifications.
+// This is currently only used for (subsidiary) service ports
+//
+void Server::notifyNoSenders(Port port, mach_port_mscount_t)
+{
+ debug("SSports", "port %d no senders", port.port());
+ Session::eliminate(port);
}
//
CssmClient::CSP &Server::getCsp()
{
- //@@@ not officially pthread-kosher. Use a ModuleNexus here?
- if (!mCssm->isActive()) {
- // first time load
- //@@@ should we abort the server if this fails? What point continuing?
- StLock<Mutex> _(lock);
- debug("SS", "CSSM initializing");
- mCssm->init();
- mCSP->attach();
- char guids[Guid::stringRepLength+1];
- IFDEBUG(debug("SS", "CSSM ready with CSP %s", mCSP->guid().toString(guids)));
- }
+ if (!mCssm->isActive())
+ loadCssm();
return mCSP;
}
+
+
+//
+// Initialize the CSSM/MDS subsystem.
+// This is thread-safe and can be done lazily.
+//
+static void initMds();
+
+void Server::loadCssm()
+{
+ if (!mCssm->isActive()) {
+ StLock<Mutex> _(lock);
+ if (!mCssm->isActive()) {
+ initMds();
+ debug("SS", "CSSM initializing");
+ mCssm->init();
+ mCSP->attach();
+ char guids[Guid::stringRepLength+1];
+ IFDEBUG(debug("SS", "CSSM ready with CSP %s", mCSP->guid().toString(guids)));
+ }
+ }
+}
+
+#include <Security/mds.h>
+
+static void initMds()
+{
+ debug("SS", "MDS initializing");
+ CssmAllocatorMemoryFunctions memory(CssmAllocator::standard());
+ MDS_FUNCS functions;
+ MDS_HANDLE handle;
+ CssmError::check(MDS_Initialize(NULL, &memory, &functions, &handle));
+ CssmError::check(MDS_Install(handle));
+ CssmError::check(MDS_Terminate(handle));
+}
// These are all static methods that use the active() Server of this thread.
//
static Server &active() { return safer_cast<Server &>(MachServer::active()); }
+ static const char *bootstrapName() { return active().mBootstrapName.c_str(); }
static Connection &connection(mach_port_t replyPort);
static Connection &connection(bool tolerant = false);
static SecurityServerAcl &aclBearer(AclKind kind, CSSM_HANDLE handle);
static CssmClient::CSP &csp() { return active().getCsp(); }
- void loadCssm() { getCsp(); }
+ void loadCssm();
public:
- void setupConnection(Port replyPort, Port taskPort,
+ void setupConnection(Port servicePort, Port replyPort, Port taskPort,
const security_token_t &securityToken, const char *executablePath);
+#if 0
Process *resetConnection();
+#endif
void endConnection(Port replyPort);
static void releaseWhenDone(CssmAllocator &alloc, void *memory)
// implementation methods of MachServer
boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out);
void notifyDeadName(Port port);
+ void notifyNoSenders(Port port, mach_port_mscount_t);
private:
class SleepWatcher : public MachPlusPlus::PortPowerWatcher {
private:
Mutex lock; // master lock
+
+ // mach bootstrap registration name
+ std::string mBootstrapName;
// map of connections (by client reply port)
typedef map<mach_port_t, Connection *> ConnectionMap;
//
// Create a Session object from initial parameters (create)
//
-Session::Session(Bootstrap bootstrap, SessionAttributeBits attrs)
- : mBootstrap(bootstrap), mAttributes(attrs), mProcessCount(0), mAuthCount(0), mDying(false)
+Session::Session(Bootstrap bootstrap, Port servicePort, SessionAttributeBits attrs)
+ : mBootstrap(bootstrap), mServicePort(servicePort),
+ mAttributes(attrs), mProcessCount(0), mAuthCount(0), mDying(false)
{
- debug("SSsession", "%p CREATED: handle=0x%lx bootstrap=%d attrs=0x%lx",
- this, handle(), mBootstrap.port(), mAttributes);
+ debug("SSsession", "%p CREATED: handle=0x%lx bootstrap=%d service=%d attrs=0x%lx",
+ this, handle(), mBootstrap.port(), mServicePort.port(), mAttributes);
}
-RootSession::RootSession()
- : Session(Bootstrap(), sessionIsRoot | sessionWasInitialized)
+
+void Session::release()
{
- // self-install
- sessionMap[mBootstrap] = this;
+ // nothing by default
}
-DynamicSession::DynamicSession(Bootstrap bootstrap) : Session(bootstrap)
+
+//
+// The root session inherits the startup bootstrap and service port
+//
+RootSession::RootSession(Port servicePort, SessionAttributeBits attrs)
+ : Session(Bootstrap(), servicePort, sessionIsRoot | sessionWasInitialized | attrs)
{
- Server::active().notifyIfDead(bootstrapPort());
+ // self-install (no thread safety issues here)
+ sessionMap[mServicePort] = this;
+}
+
+
+//
+// Dynamic sessions use the given bootstrap and re-register in it
+//
+DynamicSession::DynamicSession(const Bootstrap &bootstrap)
+ : ReceivePort(Server::active().bootstrapName(), bootstrap),
+ Session(bootstrap, *this)
+{
+ // tell the server to listen to our port
+ Server::active().add(*this);
+
+ // register for port notifications
+ Server::active().notifyIfDead(bootstrapPort()); //@@@??? still needed?
+ Server::active().notifyIfUnused(*this);
+
+ // self-register
+ StLock<Mutex> _(sessionMapLock);
+ sessionMap[*this] = this;
+}
+
+DynamicSession::~DynamicSession()
+{
+ // remove our service port from the server
+ Server::active().remove(*this);
+
+ // if this is a (the) graphic login session, lock all databases
+ if (attribute(sessionHasGraphicAccess))
+ Database::lockAllDatabases();
+}
+
+
+void DynamicSession::release()
+{
+ mBootstrap.destroy();
}
Session::~Session()
{
assert(mProcessCount == 0); // can't die with processes still alive
- Database::lockAllDatabases();
debug("SSsession", "%p DESTROYED: handle=0x%lx bootstrap=%d",
this, handle(), mBootstrap.port());
}
//
-// Retrieve or create a session object
+// Locate a session object by service port or (Session API) identifier
//
-Session &Session::find(Bootstrap bootstrap, bool makeNew)
+Session &Session::find(Port servicePort)
{
StLock<Mutex> _(sessionMapLock);
- Session * &slot = sessionMap[bootstrap];
- if (slot == NULL)
- if (makeNew)
- slot = new DynamicSession(bootstrap);
- else
- Authorization::Error::throwMe(errAuthorizationInvalidRef);
- return *slot;
+ SessionMap::const_iterator it = sessionMap.find(servicePort);
+ assert(it != sessionMap.end());
+ return *it->second;
}
Session &Session::find(SecuritySessionId id)
// We may not destroy the Session outright here (due to processes that use it),
// but we do clear out its accumulated wealth.
//
-void Session::eliminate(Bootstrap bootstrap)
+void Session::eliminate(Port servPort)
{
// remove session from session map
StLock<Mutex> _(sessionMapLock);
- SessionMap::iterator it = sessionMap.find(bootstrap);
+ SessionMap::iterator it = sessionMap.find(servPort);
assert(it != sessionMap.end());
Session *session = it->second;
sessionMap.erase(it);
+
+ // destroy the session service port (this releases mach_init to proceed)
+ session->release();
// clear resources
if (session->clearResources())
mDying = true;
// invalidate shared credentials
- IFDEBUG(if (!mSessionCreds.empty())
- debug("SSauth", "session %p clearing %d shared credentials",
- this, int(mSessionCreds.size())));
- for (CredentialSet::iterator it = mSessionCreds.begin(); it != mSessionCreds.end(); it++)
- (*it)->invalidate();
-
+ {
+ StLock<Mutex> _(mCredsLock);
+
+ IFDEBUG(if (!mSessionCreds.empty())
+ debug("SSauth", "session %p clearing %d shared credentials",
+ this, int(mSessionCreds.size())));
+ for (CredentialSet::iterator it = mSessionCreds.begin(); it != mSessionCreds.end(); it++)
+ (*it)->invalidate();
+ }
// let the caller know if we are ready to die NOW
return mProcessCount == 0 && mAuthCount == 0;
}
// this will acquire mLock, so we delay acquiring it
auto_ptr<AuthorizationToken> auth(new AuthorizationToken(*this, resultCreds));
-
+
+ // Make a copy of the mSessionCreds
+ CredentialSet sessionCreds;
+ {
+ StLock<Mutex> _(mCredsLock);
+ sessionCreds = mSessionCreds;
+ }
+
OSStatus result = Server::authority().authorize(rights, environment, flags,
- &mSessionCreds, &resultCreds, NULL, *auth);
+ &sessionCreds, &resultCreds, NULL, *auth);
newHandle = auth->handle();
- {
- StLock<Mutex> _(mLock);
-
- // merge resulting creds into shared pool
- if ((flags & kAuthorizationFlagExtendRights) &&
- !(flags & kAuthorizationFlagDestroyRights)) {
- mergeCredentials(resultCreds);
- auth->mergeCredentials(resultCreds);
- }
- }
+ // merge resulting creds into shared pool
+ if ((flags & kAuthorizationFlagExtendRights) &&
+ !(flags & kAuthorizationFlagDestroyRights))
+ {
+ StLock<Mutex> _(mCredsLock);
+ mergeCredentials(resultCreds);
+ auth->mergeCredentials(resultCreds);
+ }
// Make sure that this isn't done until the auth(AuthorizationToken) is guaranteed to
// not be destroyed anymore since it's destructor asserts it has no processes
AuthorizationFlags flags,
MutableRightSet &grantedRights)
{
- StLock<Mutex> _(mLock);
- CredentialSet resultCreds;
- AuthorizationToken &auth = authorization(authBlob);
- CredentialSet effective = auth.effectiveCreds();
+ CredentialSet resultCreds;
+ AuthorizationToken &auth = authorization(authBlob);
+ CredentialSet effective;
+ {
+ StLock<Mutex> _(mCredsLock);
+ effective = auth.effectiveCreds();
+ }
OSStatus result = Server::authority().authorize(rights, environment, flags,
&effective, &resultCreds, &grantedRights, auth);
// merge resulting creds into shared pool
- if ((flags & kAuthorizationFlagExtendRights) && !(flags & kAuthorizationFlagDestroyRights)) {
- mergeCredentials(resultCreds);
- auth.mergeCredentials(resultCreds);
+ if ((flags & kAuthorizationFlagExtendRights) && !(flags & kAuthorizationFlagDestroyRights))
+ {
+ StLock<Mutex> _(mCredsLock);
+ mergeCredentials(resultCreds);
+ auth.mergeCredentials(resultCreds);
}
IFDEBUG(debug("SSauth", "Authorization %p copyRights asked for %d got %d",
OSStatus Session::authGetInfo(const AuthorizationBlob &authBlob,
const char *tag,
- MutableRightSet &grantedRights)
+ AuthorizationItemSet *&contextInfo)
{
StLock<Mutex> _(mLock);
AuthorizationToken &auth = authorization(authBlob);
- debug("SSauth", "Authorization %p get-info not implemented", &auth);
- if (tag) { // no such tag (no info support)
+ debug("SSauth", "Authorization %p get-info", &auth);
+ if (tag) { // @@@ no tag support yet
return errAuthorizationInvalidTag;
- } else { // return no tags (no info support)
- grantedRights = RightSet(); // return no entries
+ } else { // return all tags
+ contextInfo = &auth.infoSet();
return noErr;
}
}
{
// check current process object - it may have been cached before the client's bootstrap switch
Process *process = &Server::connection().process;
+#if 0
if (process->taskPort().bootstrap() != process->session.bootstrapPort())
process = Server::active().resetConnection();
+#endif
process->session.setupAttributes(attrs);
}
//
// Merge a set of credentials into the shared-session credential pool
//
+// must hold mCredsLock
void Session::mergeCredentials(CredentialSet &creds)
{
+ debug("SSsession", "%p merge creds @%p", this, &creds);
for (CredentialSet::const_iterator it = creds.begin(); it != creds.end(); it++)
if (((*it)->isShared() && (*it)->isValid())) {
CredentialSet::iterator old = mSessionCreds.find(*it);
#include <Security/utilities.h>
#include <Security/handleobject.h>
#include <Security/cssmdb.h>
+
+#if __GNUC__ > 2
+#include <ext/hash_map>
+using __gnu_cxx::hash_map;
+#else
#include <hash_map>
+#endif
class Key;
// single-sign-on functionality.
//
class Session : public HandleObject {
- typedef MachPlusPlus::Bootstrap Bootstrap;
public:
- Session(Bootstrap bootstrap, SessionAttributeBits attrs = 0);
+ typedef MachPlusPlus::Bootstrap Bootstrap;
+
+ Session(Bootstrap bootstrap, Port servicePort, SessionAttributeBits attrs = 0);
virtual ~Session();
Bootstrap bootstrapPort() const { return mBootstrap; }
+ Port servicePort() const { return mServicePort; }
void addProcess(Process *proc);
bool removeProcess(Process *proc);
+
+ virtual void release();
void addAuthorization(AuthorizationToken *auth);
bool removeAuthorization(AuthorizationToken *auth);
OSStatus authGetRights(const AuthorizationBlob &auth,
const RightSet &requestedRights, const AuthorizationEnvironment *environment,
AuthorizationFlags flags, MutableRightSet &grantedRights);
- OSStatus authGetInfo(const AuthorizationBlob &auth, const char *tag, MutableRightSet &info);
+ OSStatus authGetInfo(const AuthorizationBlob &auth, const char *tag, AuthorizationItemSet *&contextInfo);
+
OSStatus authExternalize(const AuthorizationBlob &auth, AuthorizationExternalForm &extForm);
OSStatus authInternalize(const AuthorizationExternalForm &extForm, AuthorizationBlob &auth);
bool clearResources();
public:
- static Session &find(Bootstrap bootstrap, bool makeNew = true);
+ static Session &find(Port servPort);
static Session &find(SecuritySessionId id);
- static void eliminate(Bootstrap bootstrap);
+ static void eliminate(Port servPort);
protected:
mutable Mutex mLock; // object lock
Bootstrap mBootstrap; // session bootstrap port
+ Port mServicePort; // SecurityServer service port for this session
SessionAttributeBits mAttributes; // attribute bits (see AuthSession.h)
unsigned int mProcessCount; // number of active processes in session
unsigned int mAuthCount; // number of AuthorizationTokens belonging to us
bool mDying; // session is dying
+ mutable Mutex mCredsLock; // lock for mSessionCreds
CredentialSet mSessionCreds; // shared session authorization credentials
private:
//
class RootSession : public Session {
public:
- RootSession();
+ RootSession(Port servicePort, SessionAttributeBits attrs = 0);
};
// are torn down when their bootstrap object disappears (which happens when mach_init
// destroys it due to its requestor referent vanishing).
//
-class DynamicSession : public Session {
+class DynamicSession : private ReceivePort, public Session {
public:
- DynamicSession(Bootstrap bootstrap);
+ DynamicSession(const Bootstrap &bootstrap);
+ ~DynamicSession();
+
+protected:
+ void release();
};
};
struct PrivateBlob : public Blob {
- uint8 encryptionKey[24]; // master encryption key
- uint8 signingKey[20]; // master signing key
+ typedef uint8 EncryptionKey[24];
+ typedef uint8 SigningKey[20];
+
+ EncryptionKey encryptionKey; // master encryption key
+ SigningKey signingKey; // master signing key
// private ACL blob follows, to the end
void *privateAclBlob() { return at(sizeof(PrivateBlob)); }
using CodeSigning::OSXCode;
-namespace Security
-{
+namespace Security {
+namespace SecurityServer {
-namespace SecurityServer
-{
//
// The process-global object
//
ModuleNexus<ClientSession::Global> ClientSession::mGlobal;
+bool ClientSession::mSetupSession;
//
//
-// Activate a session: This connects to the SecurityServer and executes
+// Activate a client session: This connects to the SecurityServer and executes
// application authentication
//
void ClientSession::activate()
}
}
-// Caution: you can't use mGlobal() inside Global::Global (deadlock)
+
+//
+// Construct the process-global state object.
+// The ModuleNexus construction magic will ensure that this happens uniquely
+// even if the face of multithreaded attack.
+// Do note that the mSetupSession (session creation) case is gated by a global flag,
+// and it's the caller's responsibility not to multithread-race it.
+//
ClientSession::Global::Global()
{
- debug("SSclnt", "Initial process setup");
-
// find server port
- serverPort = Bootstrap().lookup("SecurityServer");
+ Bootstrap myBootstrap;
+ serverPort = myBootstrap.lookup("SecurityServer");
+ debug("SSclnt", "contacting SecurityServer at port %d", serverPort.port());
// send identification/setup message
string extForm;
extForm = myself->encode();
debug("SSclnt", "my OSXCode extForm=%s", extForm.c_str());
} catch (...) {
- myself = NULL;
// leave extForm empty
debug("SSclnt", "failed to obtain my own OSXCode");
}
- // cannot use UCSP_ARGS here because it uses mGlobal()
- IPCN(ucsp_client_setup(serverPort, mig_get_reply_port(), &rcode,
- mach_task_self(), extForm.c_str()));
+ // cannot use UCSP_ARGS here because it uses mGlobal() -> deadlock
Thread &thread = this->thread();
+
+ if (mSetupSession) {
+ debug("SSclnt", "sending session setup request");
+ mSetupSession = false;
+ IPCN(ucsp_client_setupNew(serverPort, thread.replyPort, &rcode,
+ mach_task_self(), extForm.c_str(), &serverPort.port()));
+ debug("SSclnt", "new session server port is %d", serverPort.port());
+ } else {
+ IPCN(ucsp_client_setup(serverPort, thread.replyPort, &rcode,
+ mach_task_self(), extForm.c_str()));
+ }
thread.registered = true; // as a side-effect of setup call above
serverPort.requestNotify(thread.replyPort, MACH_NOTIFY_DEAD_NAME, true);
- debug("SSclnt", "Process registered with SecurityServer");
+ debug("SSclnt", "contact with SecurityServer established");
}
//
// ssclient - SecurityServer client interface library
//
+// This interface is private to the Security system. It is not a public interface,
+// and it may change at any time. You have been warned.
+//
#ifndef _H_SSCLIENT
#define _H_SSCLIENT
#include <Security/AuthSession.h>
-namespace Security
-{
+namespace Security {
+namespace SecurityServer {
using MachPlusPlus::Port;
using MachPlusPlus::ReceivePort;
-namespace SecurityServer
-{
-
//
// Common data types
//
public:
typedef CSSM_DB_ACCESS_TYPE DBAccessType;
+
+ typedef uint32 NotifyEvent;
+ typedef uint32 NotifyEvents;
+ enum {
+ allEvents = uint32(-1)
+ };
+
+ typedef uint32 NotifyDomain;
+ enum {
+ databaseNotifications = 1
+ };
public:
void activate();
KeyHandle decodeKey(DbHandle db, const CssmData &blob, CssmKey::Header &header);
void releaseKey(KeyHandle key);
+ CssmKeySize queryKeySizeInBits(KeyHandle key);
+ uint32 getOutputSize(const Context &context, KeyHandle key,
+ uint32 inputSize, bool encrypt = true);
+
public:
// key wrapping and unwrapping
void wrapKey(const Context &context, KeyHandle key, KeyHandle keyToBeWrapped,
const AccessCredentials *cred, const AclEntryInput *owner,
KeyHandle &pubKey, CssmKey::Header &pubHeader,
KeyHandle &privKey, CssmKey::Header &privHeader);
- void deriveKey(DbHandle db, KeyHandle &newKey, CssmKey::Header &newHeader);
+ void deriveKey(DbHandle db, const Context &context, KeyHandle baseKey,
+ uint32 keyUsage, uint32 keyAttr, CssmData ¶m,
+ const AccessCredentials *cred, const AclEntryInput *owner,
+ KeyHandle &newKey, CssmKey::Header &newHeader, CssmAllocator &alloc);
+ void deriveKey(DbHandle db, const Context &context, KeyHandle baseKey,
+ uint32 keyUsage, uint32 keyAttr, CssmData ¶m,
+ const AccessCredentials *cred, const AclEntryInput *owner,
+ KeyHandle &newKey, CssmKey::Header &newHeader)
+ { return deriveKey(db, context, baseKey, keyUsage, keyAttr, param, cred, owner, newKey, newHeader, returnAllocator); }
//void generateAlgorithmParameters(); // not implemented
void generateRandom(CssmData &data);
// signatures
void generateSignature(const Context &context, KeyHandle key,
- const CssmData &data, CssmData &signature, CssmAllocator &alloc);
+ const CssmData &data, CssmData &signature, CssmAllocator &alloc,
+ CSSM_ALGORITHMS signOnlyAlgorithm = CSSM_ALGID_NONE);
void generateSignature(const Context &context, KeyHandle key,
- const CssmData &data, CssmData &signature)
- { return generateSignature(context, key, data, signature, returnAllocator); }
+ const CssmData &data, CssmData &signature, CSSM_ALGORITHMS signOnlyAlgorithm = CSSM_ALGID_NONE)
+ { return generateSignature(context, key, data, signature, returnAllocator, signOnlyAlgorithm); }
void verifySignature(const Context &context, KeyHandle key,
- const CssmData &data, const CssmData &signature);
+ const CssmData &data, const CssmData &signature,
+ CSSM_ALGORITHMS verifyOnlyAlgorithm = CSSM_ALGID_NONE);
// MACs
void generateMac(const Context &context, KeyHandle key,
{ return generateMac(context, key, data, mac, returnAllocator); }
void verifyMac(const Context &context, KeyHandle key,
const CssmData &data, const CssmData &mac);
- uint32 queryKeySizeInBits(KeyHandle key);
// key ACL management
void getKeyAcl(KeyHandle key, const char *tag,
// Session API support
void getSessionInfo(SecuritySessionId &sessionId, SessionAttributeBits &attrs);
void setupSession(SessionCreationFlags flags, SessionAttributeBits attrs);
-
+
+public:
+ // Notification core support
+ void requestNotification(Port receiver, NotifyDomain domain, NotifyEvents events);
+ void stopNotification(Port receiver);
+ void postNotification(NotifyDomain domain, NotifyEvent event, const CssmData &data);
+
+ typedef OSStatus ConsumeNotification(NotifyDomain domain, NotifyEvent event,
+ const void *data, size_t dataLength, void *context);
+ OSStatus dispatchNotification(const mach_msg_header_t *message,
+ ConsumeNotification *consumer, void *context);
+
private:
void getAcl(AclKind kind, KeyHandle key, const char *tag,
uint32 &count, AclEntryInfo * &info, CssmAllocator &alloc);
private:
struct Thread {
- Thread() : replyPort(mig_get_reply_port()), registered(false) { }
+ Thread() : registered(false) { }
operator bool() const { return registered; }
- Port replyPort; // cached mig_get_reply_port
+ ReceivePort replyPort; // dedicated reply port (send right held by SecurityServer)
bool registered; // has been registered with SecurityServer
};
struct Global {
Global();
Port serverPort;
- CodeSigning::OSXCode *myself;
+ RefPointer<CodeSigning::OSXCode> myself;
ThreadNexus<Thread> thread;
};
static ModuleNexus<Global> mGlobal;
+ static bool mSetupSession;
};
} // end namespace SecurityServer
-
} // end namespace Security
{
using MachPlusPlus::check;
+using MachPlusPlus::VMGuard;
//
-// Utility classes
+// DataOutput helper.
+// This happens "at the end" of a glue method, via the DataOutput destructor.
//
DataOutput::~DataOutput()
{
+ VMGuard _(mData, mLength);
if (mData) { // was assigned to; IPC returned OK
if (argument) { // buffer was provided
if (argument.length() < mLength)
}
+CssmKeySize ClientSession::queryKeySizeInBits(KeyHandle key)
+{
+ CssmKeySize length;
+ IPC(ucsp_client_queryKeySizeInBits(UCSP_ARGS, key, &length));
+ return length;
+}
+
+
+uint32 ClientSession::getOutputSize(const Context &context, KeyHandle key,
+ uint32 inputSize, bool encrypt)
+{
+ SendContext ctx(context);
+ uint32 outputSize;
+ IPC(ucsp_client_getOutputSize(UCSP_ARGS, CONTEXT(ctx), key, inputSize, encrypt, &outputSize));
+ return outputSize;
+}
+
+
//
// Random number generation.
// This interfaces to the secure RNG inside the SecurityServer; it does not access
// Signatures and MACs
//
void ClientSession::generateSignature(const Context &context, KeyHandle key,
- const CssmData &data, CssmData &signature, CssmAllocator &alloc)
+ const CssmData &data, CssmData &signature, CssmAllocator &alloc, CSSM_ALGORITHMS signOnlyAlgorithm)
{
SendContext ctx(context);
DataOutput sig(signature, alloc);
- IPC(ucsp_client_generateSignature(UCSP_ARGS, CONTEXT(ctx), key,
+ IPC(ucsp_client_generateSignature(UCSP_ARGS, CONTEXT(ctx), key, signOnlyAlgorithm,
DATA(data), DATA(sig)));
}
void ClientSession::verifySignature(const Context &context, KeyHandle key,
- const CssmData &data, const CssmData &signature)
+ const CssmData &data, const CssmData &signature, CSSM_ALGORITHMS verifyOnlyAlgorithm)
{
SendContext ctx(context);
- IPC(ucsp_client_verifySignature(UCSP_ARGS, CONTEXT(ctx), key,
+ IPC(ucsp_client_verifySignature(UCSP_ARGS, CONTEXT(ctx), key, verifyOnlyAlgorithm,
DATA(data), DATA(signature)));
}
}
+//
+// Key derivation
+// This is a bit strained; the incoming 'param' value may have structure
+// and needs to be handled on a per-algorithm basis, which means we have to
+// know which key derivation algorithms we support for passing to our CSP(s).
+// The default behavior is to handle "flat" data blobs, which is as good
+// a default as we can manage.
+// NOTE: The param-specific handling must be synchronized with the server
+// transition layer code (in transition.cpp).
+//
+void ClientSession::deriveKey(DbHandle db, const Context &context, KeyHandle baseKey,
+ uint32 keyUsage, uint32 keyAttr, CssmData ¶m,
+ const AccessCredentials *cred, const AclEntryInput *owner,
+ KeyHandle &newKey, CssmKey::Header &newHeader, CssmAllocator &allocator)
+{
+ SendContext ctx(context);
+ Copier<AccessCredentials> creds(cred, internalAllocator);
+ Copier<AclEntryPrototype> proto(&owner->proto(), internalAllocator);
+ DataOutput paramOutput(param, allocator);
+ switch (context.algorithm()) {
+ case CSSM_ALGID_PKCS5_PBKDF2: {
+ typedef CSSM_PKCS5_PBKDF2_PARAMS Params;
+ Copier<Params> params(param.interpretedAs<Params> (sizeof(Params)), internalAllocator);
+ IPC(ucsp_client_deriveKey(UCSP_ARGS, db, CONTEXT(ctx), baseKey,
+ COPY(creds), COPY(proto), COPY(params), DATA(paramOutput),
+ keyUsage, keyAttr, &newKey, &newHeader));
+ break; }
+ default: {
+ IPC(ucsp_client_deriveKey(UCSP_ARGS, db, CONTEXT(ctx), baseKey,
+ COPY(creds), COPY(proto),
+ param.data(), param.length(), param.data(),
+ DATA(paramOutput),
+ keyUsage, keyAttr, &newKey, &newHeader));
+ break; }
+ }
+}
+
+
//
// Key wrapping and unwrapping
//
IPC(ucsp_client_getAcl(UCSP_ARGS, kind, key,
(tag != NULL), tag ? tag : "",
&count, COPY_OUT(info)));
+ VMGuard _(info, infoLength);
infoCount = count;
// relocate incoming AclEntryInfo array
{
Copier<AccessCredentials> creds(&cred, internalAllocator);
//@@@ ignoring callback
- Copier<AclEntryPrototype> aclEntry(&edit.newEntry()->proto(), internalAllocator);
+ Copier<AclEntryInput> newEntry(edit.newEntry(), internalAllocator);
IPC(ucsp_client_changeAcl(UCSP_ARGS, kind, key, COPY(creds),
- edit.mode(), edit.handle(), COPY(aclEntry)));
+ edit.mode(), edit.handle(), COPY(newEntry)));
}
void ClientSession::getOwner(AclKind kind, KeyHandle key, AclOwnerPrototype &owner,
IPC(ucsp_client_authorizationCopyRights(UCSP_ARGS, auth, COPY(rightSet),
flags | (grantedRights ? 0 : kAuthorizationFlagNoData),
COPY(environ), COPY_OUT(result)));
+ VMGuard _(result, resultLength);
// return rights vector (only) if requested
if (grantedRights) {
relocate(result, resultBase);
else if (tag[0] == '\0')
MacOSError::throwMe(errAuthorizationInvalidTag);
IPC(ucsp_client_authorizationCopyInfo(UCSP_ARGS, auth, tag, COPY_OUT(result)));
+ VMGuard _(result, resultLength);
relocate(result, resultBase);
info = copy(result, returnAllocator);
}
void ClientSession::setupSession(SessionCreationFlags flags, SessionAttributeBits attrs)
{
- IPC(ucsp_client_setupSession(UCSP_ARGS, flags, attrs));
+ mSetupSession = true; // global flag to Global constructor
+ mGlobal.reset(); // kill existing cache, all threads
+ IPC(ucsp_client_setupSession(UCSP_ARGS, flags, attrs));
}
-} // end namespace SecurityServer
+//
+// Notification subsystem
+//
+void ClientSession::requestNotification(Port receiver, NotifyDomain domain, NotifyEvents events)
+{
+ IPC(ucsp_client_requestNotification(UCSP_ARGS, receiver, domain, events));
+}
+
+void ClientSession::stopNotification(Port port)
+{
+ IPC(ucsp_client_stopNotification(UCSP_ARGS, port.port()));
+}
+void ClientSession::postNotification(NotifyDomain domain, NotifyEvent event, const CssmData &data)
+{
+ IPC(ucsp_client_postNotification(UCSP_ARGS, domain, event, DATA(data)));
+}
+
+OSStatus ClientSession::dispatchNotification(const mach_msg_header_t *message,
+ ConsumeNotification *consumer, void *context)
+{
+ struct Message {
+ mach_msg_header_t Head;
+ /* start of the kernel processed data */
+ mach_msg_body_t msgh_body;
+ mach_msg_ool_descriptor_t data;
+ /* end of the kernel processed data */
+ NDR_record_t NDR;
+ uint32 domain;
+ uint32 event;
+ mach_msg_type_number_t dataCnt;
+ uint32 sender;
+ } *msg = (Message *)message;
+
+ OSStatus status = consumer(msg->domain, msg->event, msg->data.address, msg->dataCnt, context);
+
+ mig_deallocate((vm_offset_t) msg->data.address, msg->dataCnt);
+ msg->data.address = (vm_offset_t) 0;
+ msg->data.size = (mach_msg_size_t) 0;
+
+ return status;
+}
+
+
+} // end namespace SecurityServer
} // end namespace Security
{
// stock leading argument profile used by all calls
-#define UCSP_ARGS mGlobal().serverPort, mig_get_reply_port(), &rcode
+#define UCSP_ARGS mGlobal().serverPort, mGlobal().thread().replyPort, &rcode
// IPC/IPCN wrap the actual Mach IPC call. IPC also activates the connection first
#define IPCN(statement) \
class DataOutput {
public:
DataOutput(CssmData &arg, CssmAllocator &alloc)
- : argument(arg), allocator(alloc) { mData = NULL; }
+ : argument(arg), allocator(alloc) { mData = NULL; mLength = 0; }
~DataOutput();
void **data() { return &mData; }
//
// Bracket Macros
//
-#define UCSP_ARGS mach_port_t sport, mach_port_t rport, security_token_t securityToken, \
+#define UCSP_ARGS mach_port_t servicePort, mach_port_t replyPort, security_token_t securityToken, \
CSSM_RETURN *rcode
#define CONTEXT_ARGS Context context, Pointer contextBase, Context::Attr *attributes, mach_msg_type_number_t attrCount
#define BEGIN_IPCN *rcode = CSSM_OK; try {
-#define BEGIN_IPC BEGIN_IPCN Connection &connection = Server::connection(rport);
+#define BEGIN_IPC BEGIN_IPCN Connection &connection = Server::connection(replyPort);
#define END_IPC(base) END_IPCN(base) Server::requestComplete(); return KERN_SUCCESS;
#define END_IPCN(base) } \
catch (const CssmCommonError &err) { *rcode = err.cssmError(CSSM_ ## base ## _BASE_ERROR); } \
- catch (std::bad_alloc) { *rcode = CssmError::merge(CSSM_ERRCODE_MEMORY_ERROR, CSSM_ ## base ## _BASE_ERROR); } \
+ catch (const std::bad_alloc &) { *rcode = CssmError::merge(CSSM_ERRCODE_MEMORY_ERROR, CSSM_ ## base ## _BASE_ERROR); } \
catch (Connection *conn) { *rcode = 0; } \
catch (...) { *rcode = CssmError::merge(CSSM_ERRCODE_INTERNAL_ERROR, CSSM_ ## base ## _BASE_ERROR); }
: mData(*outP), mLength(*outLength) { }
~OutputData()
{ mData = data(); mLength = length(); Server::releaseWhenDone(mData); }
+
+ void operator = (const CssmData &source)
+ { CssmData::operator = (source); }
private:
void * &mData;
void relocate(T *obj, T *base, size_t size)
{
if (obj) {
+ if (base == NULL) // invalid, could confuse walkers
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_POINTER);
CheckingReconstituteWalker w(obj, base, size);
walk(w, base);
}
}
-
//
// Setup/Teardown functions.
//
kern_return_t ucsp_server_setup(UCSP_ARGS, mach_port_t taskPort, const char *identity)
{
BEGIN_IPCN
- Server::active().setupConnection(rport, taskPort, securityToken, identity);
+ Server::active().setupConnection(servicePort, replyPort, taskPort, securityToken, identity);
+ END_IPCN(CSSM)
+ return KERN_SUCCESS;
+}
+
+kern_return_t ucsp_server_setupNew(UCSP_ARGS, mach_port_t taskPort, const char *identity,
+ mach_port_t *newServicePort)
+{
+ BEGIN_IPCN
+ Session *session = new DynamicSession(TaskPort(taskPort).bootstrap());
+ Server::active().setupConnection(session->servicePort(), replyPort,
+ taskPort, securityToken, identity);
+ *newServicePort = session->servicePort();
END_IPCN(CSSM)
return KERN_SUCCESS;
}
kern_return_t ucsp_server_teardown(UCSP_ARGS)
{
BEGIN_IPCN
- Server::active().endConnection(rport);
+ Server::active().endConnection(replyPort);
END_IPCN(CSSM)
return KERN_SUCCESS;
}
END_IPC(CSP)
}
+kern_return_t ucsp_server_queryKeySizeInBits(UCSP_ARGS, KeyHandle key, CSSM_KEY_SIZE *length)
+{
+ BEGIN_IPC
+ *length = connection.queryKeySize(findHandle<Key>(key));
+ END_IPC(CSP)
+}
+
+kern_return_t ucsp_server_getOutputSize(UCSP_ARGS, CONTEXT_ARGS, KeyHandle key,
+ uint32 inputSize, boolean_t encrypt, uint32 *outputSize)
+{
+ BEGIN_IPC
+ context.postIPC(contextBase, attributes);
+ *outputSize = connection.getOutputSize(context, findHandle<Key>(key), inputSize, encrypt);
+ END_IPC(CSP)
+}
+
//
// RNG interface
// Signatures and MACs
//
kern_return_t ucsp_server_generateSignature(UCSP_ARGS, CONTEXT_ARGS, KeyHandle key,
- DATA_IN(data), DATA_OUT(signature))
+ CSSM_ALGORITHMS signOnlyAlgorithm, DATA_IN(data), DATA_OUT(signature))
{
BEGIN_IPC
context.postIPC(contextBase, attributes);
OutputData sigData(signature, signatureLength);
- connection.generateSignature(context, findHandle<Key>(key),
+ connection.generateSignature(context, findHandle<Key>(key), signOnlyAlgorithm,
DATA(data), sigData);
END_IPC(CSP)
}
kern_return_t ucsp_server_verifySignature(UCSP_ARGS, CONTEXT_ARGS, KeyHandle key,
- DATA_IN(data), DATA_IN(signature))
+ CSSM_ALGORITHMS verifyOnlyAlgorithm, DATA_IN(data), DATA_IN(signature))
{
BEGIN_IPC
context.postIPC(contextBase, attributes);
- connection.verifySignature(context, findHandle<Key>(key),
+ connection.verifySignature(context, findHandle<Key>(key), verifyOnlyAlgorithm,
DATA(data), DATA(signature));
END_IPC(CSP)
}
}
+//
+// Key derivation.
+// This is a bit strained; the incoming 'param' value may have structure
+// and needs to be handled on a per-algorithm basis, which means we have to
+// know which key derivation algorithms we support for passing to our CSP(s).
+// The default behavior is to handle "flat" data blobs, which is as good
+// a default as we can manage.
+// NOTE: The param-specific handling must be synchronized with the client library
+// code (in sstransit.h).
+//
+kern_return_t ucsp_server_deriveKey(UCSP_ARGS, DbHandle db, CONTEXT_ARGS, KeyHandle key,
+ COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner),
+ COPY_IN(void, paramInputData), DATA_OUT(paramOutput),
+ uint32 usage, uint32 attrs, KeyHandle *newKey, CssmKey::Header *newHeader)
+{
+ BEGIN_IPC
+ context.postIPC(contextBase, attributes);
+ relocate(cred, credBase, credLength);
+ relocate(owner, ownerBase, ownerLength);
+
+ // munge together the incoming 'param' value according to algorithm
+ CssmData param;
+ switch (context.algorithm()) {
+ case CSSM_ALGID_PKCS5_PBKDF2:
+ relocate((CSSM_PKCS5_PBKDF2_PARAMS *)paramInputData,
+ (CSSM_PKCS5_PBKDF2_PARAMS *)paramInputDataBase,
+ paramInputDataLength);
+ param = CssmData(paramInputData, sizeof(CSSM_PKCS5_PBKDF2_PARAMS));
+ break;
+ default:
+ param = CssmData(paramInputData, paramInputDataLength);
+ break;
+ }
+ Key &theKey = connection.deriveKey(Server::optionalDatabase(db),
+ context, Server::optionalKey(key), cred, owner, ¶m, usage, attrs);
+ theKey.returnKey(*newKey, *newHeader);
+ if (param.length()) {
+ if (!param) // CSP screwed up
+ CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
+ if (paramInputDataLength) // using incoming buffer; make a copy
+ param = CssmAutoData(Server::csp().allocator(), param).release();
+ OutputData(paramOutput, paramOutputLength) = param; // return the data
+ }
+ END_IPC(CSP)
+}
+
+
//
// Key wrapping and unwrapping
//
kern_return_t ucsp_server_changeAcl(UCSP_ARGS, AclKind kind, KeyHandle key,
COPY_IN(AccessCredentials, cred), CSSM_ACL_EDIT_MODE mode, CSSM_ACL_HANDLE handle,
- COPY_IN(AclEntryPrototype, acl))
+ COPY_IN(AclEntryInput, acl))
{
BEGIN_IPC
relocate(cred, credBase, credLength);
relocate(acl, aclBase, aclLength);
- AclEntryInput input(*acl);
- Server::aclBearer(kind, key).cssmChangeAcl(AclEdit(mode, handle, &input), cred);
+ Server::aclBearer(kind, key).cssmChangeAcl(AclEdit(mode, handle, acl), cred);
END_IPC(CSP)
}
COPY_OUT(AuthorizationItemSet, info))
{
BEGIN_IPC
- Authorization::MutableRightSet result;
- *rcode = connection.process.session.authGetInfo(authorization,
- tag[0] ? tag : NULL, result);
- Copier<AuthorizationItemSet> returnedInfo(result, CssmAllocator::standard());
- *info = *infoBase = returnedInfo;
- *infoLength = returnedInfo.length();
- Server::releaseWhenDone(returnedInfo.keep());
- END_IPC(CSSM)
+ AuthorizationItemSet *result;
+ *info = *infoBase = NULL;
+ *infoLength = 0;
+ *rcode = connection.process.session.authGetInfo(authorization,
+ tag[0] ? tag : NULL, result); // result is a deep copy
+ if (*rcode == noErr)
+ {
+ *info = *infoBase = result;
+ *infoLength = size(result);
+ Server::releaseWhenDone(result);
+ }
+ END_IPC(CSSM)
}
kern_return_t ucsp_server_authorizationExternalize(UCSP_ARGS,
Session::setup(flags, attrs);
END_IPC(CSSM)
}
+
+
+//
+// Notification core subsystem
+//
+kern_return_t ucsp_server_requestNotification(UCSP_ARGS, mach_port_t receiver, uint32 domain, uint32 events)
+{
+ BEGIN_IPC
+ connection.process.requestNotifications(receiver, domain, events);
+ END_IPC(CSSM)
+}
+
+kern_return_t ucsp_server_stopNotification(UCSP_ARGS, mach_port_t receiver)
+{
+ BEGIN_IPC
+ connection.process.stopNotifications(receiver);
+ END_IPC(CSSM)
+}
+
+kern_return_t ucsp_server_postNotification(UCSP_ARGS, uint32 domain, uint32 event, DATA_IN(data))
+{
+ BEGIN_IPC
+ connection.process.postNotification(domain, event, DATA(data));
+ END_IPC(CSSM)
+}
ctype: AclEntryInfoPtr;
type AclEntryInfoPtr = unsigned32;
+type AclEntryInputBlob = Data
+ ctype: AclEntryInputPtr;
+type AclEntryInputPtr = unsigned32;
+
type AclOwnerPrototypeBlob = Data
ctype: AclOwnerPrototypePtr;
type AclOwnerPrototypePtr = unsigned32;
ctype: DLDbIdentPtr;
type DLDbIdentPtr = unsigned32;
+type VoidBlob = Data
+ ctype: VoidPtr;
+type VoidPtr = unsigned32;
+
type Context = struct [9] of unsigned32
ctype: CSSM_CONTEXT
intran: Context inTrans(CSSM_CONTEXT);
ctype: CSSM_KEY
intran: CssmKey inTrans(CSSM_KEY)
outtran: CSSM_KEY outTrans(CssmKey);
+
+type CSSM_KEY_SIZE = struct [2] of unsigned32
+ ctype: CSSM_KEY_SIZE;
type DBParameters = struct [1] of unsigned32;
// Management and administrative functions
//
routine setup(UCSP_PORTS; in tport: mach_port_t; in executablePath: ExecutablePath);
+routine setupNew(UCSP_PORTS; in tport: mach_port_t; in executablePath: ExecutablePath;
+ out newServicePort: mach_port_make_send_t);
routine teardown(UCSP_PORTS);
in db: DbHandle; in blob: KeyBlob);
routine releaseKey(UCSP_PORTS; in key: KeyHandle);
+routine queryKeySizeInBits(UCSP_PORTS; in key: KeyHandle; out length: CSSM_KEY_SIZE);
+routine getOutputSize(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
+ in inputSize: uint32; in encrypt: boolean_t; out outputSize: uint32);
//
// Random numbers
// Cryptographic operations
//
routine generateSignature(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
- in data: Data; out signature: Data);
+ in signOnlyAlgorithm: CSSM_ALGORITHMS; in data: Data; out signature: Data);
routine verifySignature(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
- in data: Data; in signature: Data);
+ in signOnlyAlgorithm: CSSM_ALGORITHMS; in data: Data; in signature: Data);
routine generateMac(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
in data: Data; out signature: Data);
routine verifyMac(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
in pubUsage: uint32; in pubAttrs: uint32; in privUsage: uint32; in privAttrs: uint32;
out pubKey: KeyHandle; out pubHeader: CssmKeyHeader;
out privKey: KeyHandle; out privHeader: CssmKeyHeader);
+routine deriveKey(UCSP_PORTS; in db: DbHandle; IN_CONTEXT; in baseKey: KeyHandle;
+ IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
+ IN_BLOB(paramInput,Void); out paramOutput: Data;
+ in keyUsage: uint32; in keyAttrs: uint32; out key: KeyHandle; out header: CssmKeyHeader);
routine wrapKey(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
IN_BLOB(accessCredentials,AccessCredentials); in keyToBeWrapped: KeyHandle;
routine changeAcl(UCSP_PORTS; in kind: AclKind; in key: KeyHandle;
IN_BLOB(accessCredentials,AccessCredentials);
in mode: CSSM_ACL_EDIT_MODE; in handle: CSSM_ACL_HANDLE;
- IN_BLOB(aclEntryPrototype,AclEntryPrototype));
+ IN_BLOB(aclEntryInput,AclEntryInput));
//
out attrs: SessionAttributeBits);
routine setupSession(UCSP_PORTS; in flags: SessionCreationFlags; in attrs: SessionAttributeBits);
+
+
+//
+// Notification subsystem
+//
+routine requestNotification(UCSP_PORTS; in receiver: mach_port_t; in domain: uint32; in events: uint32);
+routine stopNotification(UCSP_PORTS; in receiver: mach_port_t);
+routine postNotification(UCSP_PORTS; in domain: uint32; in event: uint32; in data: Data);
--- /dev/null
+//
+// ucsp_callbacks: MIG definition of SecurityServer's callback services
+//
+#include <mach/std_types.defs>
+#include <mach/mach_types.defs>
+
+subsystem ucsp_notify 10000;
+serverprefix ucsp_notify_receiver_;
+userprefix ucsp_notify_sender_;
+
+import "securityserver.h";
+import "ucsp_types.h";
+
+
+//
+// Data types
+//
+type Data = array [] of char;
+type uint32 = unsigned32;
+
+
+simpleroutine notify(requestport receiver: mach_port_t;
+ msgoption options: mach_msg_options_t; waittime timeout: natural_t;
+ in domain: uint32; in event: uint32; in data: Data;
+ in sender: uint32);
typedef Context::Attr *ContextAttributesPointer;
typedef AclEntryPrototype *AclEntryPrototypePtr;
+typedef AclEntryInput *AclEntryInputPtr;
typedef AclEntryInfo *AclEntryInfoPtr;
typedef AclOwnerPrototype *AclOwnerPrototypePtr;
typedef AccessCredentials *AccessCredentialsPtr;
+typedef void *VoidPtr;
typedef DataWalkers::DLDbFlatIdentifier DLDbIdentBlob;
typedef DataWalkers::DLDbFlatIdentifier *DLDbIdentPtr;
inline CssmKey &inTrans(CSSM_KEY &arg) { return CssmKey::overlay(arg); }
inline CSSM_KEY &outTrans(CssmKey &key) { return key; }
-// fix const-blindless in MIG's internals
-inline int mig_strncpy(char *dest, const char *src, int length)
-{ return ::mig_strncpy(dest, const_cast<char *>(src), length); }
-
//
// Customization macros for MIG code
#include "agentquery.h"
#include "key.h"
#include "server.h"
-#include "cfnotifier.h"
+#include "cfnotifier.h" // legacy
+#include "notifications.h"
#include "SecurityAgentClient.h"
#include <Security/acl_any.h> // for default owner ACLs
// get the new passphrase
// @@@ unstaged version -- revise to filter passphrases
- QueryNewPassphrase query(*common, SecurityAgent::changePassphrase);
- query(cred, common->passphrase);
+ Process &cltProc = Server::active().connection().process;
+ IFDEBUG(debug("SSdb", "New passphrase query from PID %d (UID %d)", cltProc.pid(), cltProc.uid()));
+ QueryNewPassphrase query(cltProc.uid(), cltProc.session, *common, SecurityAgent::changePassphrase);
+ query(cred, common->passphrase);
common->version++; // blob state changed
IFDEBUG(debug("SSdb", "Database %s(%p) passphrase changed", common->dbName(), this));
// send out a notification
KeychainNotifier::passphraseChanged(identifier());
+ notify(passphraseChangedEvent);
// I guess this counts as an activity
activity();
IFDUMPING("SSdb", debugDump("default procedures unlock"));
if (isLocked()) {
assert(mBlob || (mValidData && common->passphrase));
-
- QueryUnlock query(*this);
+
+ Process &cltProc = Server::active().connection().process;
+ IFDEBUG(debug("SSdb", "Unlock query from process %d (UID %d)", cltProc.pid(), cltProc.uid()));
+ QueryUnlock query(cltProc.uid(), cltProc.session, *this);
query(mCred);
if (isLocked()) // still locked, unlock failed
CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
}
+//
+// Verify a putative database passphrase.
+// This requires that the database be already unlocked;
+// it will not unlock the database (and will not lock it
+// if the proffered phrase is wrong).
+//
+bool Database::validatePassphrase(const CssmData &passphrase) const
+{
+ assert(!isLocked());
+ return passphrase == common->passphrase;
+}
+
+
//
// Lock this database
//
// broadcast unlock notification
KeychainNotifier::unlock(identifier());
+ notify(unlockedEvent);
return true;
}
if (passphrase == this->passphrase) {
mIsLocked = false;
KeychainNotifier::unlock(identifier());
+ notify(unlockedEvent);
return true; // okay
} else
return false; // failed
//@@@ discard secrets here? That would make fast-path impossible.
mIsLocked = true;
KeychainNotifier::lock(identifier());
+ notify(lockedEvent);
// if no database refers to us now, we're history
StLock<Mutex> _(commonLock, false);
}
+//
+// Send out database-related notifications
+//
+void Database::Common::notify(Listener::Event event)
+{
+ IFDEBUG(debug("SSdb", "common %s(%p) sending event %ld", dbName(), this, event));
+ DLDbFlatIdentifier flatId(mIdentifier); // walkable form of DLDbIdentifier
+ CssmAutoData data(CssmAllocator::standard());
+ copy(&flatId, CssmAllocator::standard(), data.get());
+ Listener::notify(Listener::databaseNotifications, event, data);
+}
+
+
//
// Initialize a (new) database's key information.
// This acquires the passphrase in the appropriate way.
{
// get the new passphrase
// @@@ Un-staged version of the API - revise with acceptability tests
- QueryNewPassphrase query(*this, SecurityAgent::newDatabase);
+ Process &cltProc = Server::active().connection().process;
+ IFDEBUG(debug("SSdb", "New passphrase request from process %d (UID %d)", cltProc.pid(), cltProc.uid()));
+ QueryNewPassphrase query(cltProc.uid(), cltProc.session, *this, SecurityAgent::newDatabase);
query(cred, passphrase);
// we have the passphrase now
#include "securityserver.h"
#include "acls.h"
#include "dbcrypto.h"
+#include "notifications.h"
#include <Security/utilities.h>
#include <Security/handleobject.h>
#include <Security/cssmdb.h>
// access.
//
class Database : public HandleObject, public SecurityServerAcl {
- class Common; friend class Common;
+ static const Listener::Event lockedEvent = Listener::lockedEvent;
+ static const Listener::Event unlockedEvent = Listener::unlockedEvent;
+ static const Listener::Event passphraseChangedEvent = Listener::passphraseChangedEvent;
+
public:
+ class Common; friend class Common;
+
Database(const DLDbIdentifier &id, const DBParameters ¶ms, Process &proc,
const AccessCredentials *cred, const AclEntryPrototype *owner);
virtual ~Database();
: mIdent(id), mSig(sig) { }
operator const DLDbIdentifier &() const { return mIdent; }
- operator const Signature &() const { return mSig; }
+ operator const Signature &() const { return mSig; }
+ const char *dbName() const { return mIdent.dbName(); }
bool operator < (const DbIdentifier &id) const // simple lexicographic
{
DbBlob *encode(Database &db);
void setupKeys(const AccessCredentials *cred);
+
+ void notify(Listener::Event event);
protected:
void action(); // timer queue action to lock keychain
void unlock(); // full-feature unlock
void unlock(const CssmData &passphrase); // unlock with passphrase
bool decode(const CssmData &passphrase); // try unlock/don't fail
+ bool validatePassphrase(const CssmData &passphrase) const; // validate passphrase (no status change)
bool isLocked() const { return common->isLocked(); } // lock status
void activity() const { common->activity(); } // reset timeout clock
void instantiateAcl();
void noticeAclChange();
const Database *relatedDatabase() const; // "self", for SecurityServerAcl's sake
+
+ // notifications
+ void notify(Listener::Event event) { common->notify(event); }
// debugging
IFDUMP(void debugDump(const char *msg));
# Created and modified by checkpoint; do not edit
# $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:53 mb Exp $
-# $Name: Security-30~1 $
+# $Name: $
ProjectName: cdsa
ProjectVersion: 21
+++ /dev/null
-// !$*UTF8*$!
-{
- archiveVersion = 1;
- classes = {
- };
- objectVersion = 31;
- objects = {
- 00DAE77BFEB4BE5E11CD2984 = {
- isa = PBXFileReference;
- path = DLDBList.cpp;
- refType = 4;
- };
- 00DAE77CFEB4BE5E11CD2984 = {
- isa = PBXFileReference;
- path = DLDBList.h;
- refType = 4;
- };
- 00DAE77DFEB4BE5E11CD2984 = {
- fileRef = 00DAE77CFEB4BE5E11CD2984;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 00DAE77EFEB4BE5E11CD2984 = {
- fileRef = 00DAE77BFEB4BE5E11CD2984;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 00DE4CA2FEBE2E3B11CD296C = {
- isa = PBXFileReference;
- path = walkers.cpp;
- refType = 4;
- };
- 00DE4CA3FEBE2E3B11CD296C = {
- isa = PBXFileReference;
- path = walkers.h;
- refType = 4;
- };
- 00DE4CA4FEBE2E3B11CD296C = {
- fileRef = 00DE4CA3FEBE2E3B11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 00DE4CA5FEBE2E3B11CD296C = {
- fileRef = 00DE4CA2FEBE2E3B11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 00DE4CA6FEC3407011CD296C = {
- isa = PBXFileReference;
- path = cssmwalkers.cpp;
- refType = 4;
- };
- 00DE4CA7FEC3407011CD296C = {
- isa = PBXFileReference;
- path = cssmwalkers.h;
- refType = 4;
- };
- 00DE4CA8FEC3407011CD296C = {
- fileRef = 00DE4CA7FEC3407011CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 00DE4CA9FEC3407011CD296C = {
- fileRef = 00DE4CA6FEC3407011CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 00DE4CAAFEC34AB411CD296C = {
- children = (
- 00DE4CABFEC34AB411CD296C,
- 00DE4CACFEC34AB411CD296C,
- 0C2D421CFE89F09B11CD283A,
- 0C2D421DFE89F09B11CD283A,
- 012E3793FEDC6CAE11CD296C,
- 012E3794FEDC6CAE11CD296C,
- 013A8788FEDD94C911CD296C,
- 013A8789FEDD94C911CD296C,
- 01692099FF9E3C0511CD296C,
- 0169209AFF9E3C0511CD296C,
- 00FD121BFFCB76E511CD296C,
- 00FD121CFFCB76E511CD296C,
- );
- isa = PBXGroup;
- name = "ACL Subjects";
- refType = 4;
- };
- 00DE4CABFEC34AB411CD296C = {
- isa = PBXFileReference;
- path = acl_any.cpp;
- refType = 4;
- };
- 00DE4CACFEC34AB411CD296C = {
- isa = PBXFileReference;
- path = acl_any.h;
- refType = 4;
- };
- 00DE4CADFEC34AB411CD296C = {
- fileRef = 00DE4CACFEC34AB411CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 00DE4CAEFEC34AB411CD296C = {
- fileRef = 00DE4CABFEC34AB411CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 00DE4CAFFEC35F0311CD296C = {
- isa = PBXFileReference;
- path = cssmaclpod.cpp;
- refType = 4;
- };
- 00DE4CB0FEC35F0311CD296C = {
- isa = PBXFileReference;
- path = cssmaclpod.h;
- refType = 4;
- };
- 00DE4CB1FEC35F0311CD296C = {
- fileRef = 00DE4CB0FEC35F0311CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 00DE4CB2FEC35F0311CD296C = {
- fileRef = 00DE4CAFFEC35F0311CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 00FD121BFFCB76E511CD296C = {
- isa = PBXFileReference;
- path = acl_comment.cpp;
- refType = 4;
- };
- 00FD121CFFCB76E511CD296C = {
- isa = PBXFileReference;
- path = acl_comment.h;
- refType = 4;
- };
- 00FD121DFFCB76E511CD296C = {
- fileRef = 00FD121CFFCB76E511CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 00FD121EFFCB76E511CD296C = {
- fileRef = 00FD121BFFCB76E511CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01022B31FF5326C811CD28CA = {
- isa = PBXFileReference;
- path = NOTES;
- refType = 4;
- };
- 01022B32FF5326C811CD28CA = {
- fileRef = 01022B31FF5326C811CD28CA;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 01022B33FF54464F11CD28CA = {
- children = (
- 0C2D4234FE89F09B11CD283A,
- 0C2D4235FE89F09B11CD283A,
- 0C2D4236FE89F09B11CD283A,
- 0C2D4237FE89F09B11CD283A,
- 0C2D4238FE89F09B11CD283A,
- 0C2D4239FE89F09B11CD283A,
- 0C2D423AFE89F09B11CD283A,
- 0C2D423BFE89F09B11CD283A,
- 0C2D423CFE89F09B11CD283A,
- 0C2D423DFE89F09B11CD283A,
- 01022B34FF54464F11CD28CA,
- 01022B35FF54464F11CD28CA,
- 01022B36FF54464F11CD28CA,
- 01022B37FF54464F11CD28CA,
- 01022B38FF54464F11CD28CA,
- 01022B39FF54464F11CD28CA,
- 01022B3AFF54464F11CD28CA,
- 01022B3BFF54464F11CD28CA,
- 01022B3CFF54464F11CD28CA,
- 01022B3DFF54464F11CD28CA,
- 01022B3EFF54464F11CD28CA,
- 01022B3FFF54464F11CD28CA,
- 01022B40FF54464F11CD28CA,
- );
- isa = PBXGroup;
- name = AppleDatabase;
- refType = 4;
- };
- 01022B34FF54464F11CD28CA = {
- isa = PBXFileReference;
- path = AppleDatabase.cpp;
- refType = 4;
- };
- 01022B35FF54464F11CD28CA = {
- isa = PBXFileReference;
- path = AppleDatabase.h;
- refType = 4;
- };
- 01022B36FF54464F11CD28CA = {
- isa = PBXFileReference;
- path = DbIndex.cpp;
- refType = 4;
- };
- 01022B37FF54464F11CD28CA = {
- isa = PBXFileReference;
- path = DbIndex.h;
- refType = 4;
- };
- 01022B38FF54464F11CD28CA = {
- isa = PBXFileReference;
- path = DbValue.cpp;
- refType = 4;
- };
- 01022B39FF54464F11CD28CA = {
- isa = PBXFileReference;
- path = DbValue.h;
- refType = 4;
- };
- 01022B3AFF54464F11CD28CA = {
- isa = PBXFileReference;
- path = MetaAttribute.cpp;
- refType = 4;
- };
- 01022B3BFF54464F11CD28CA = {
- isa = PBXFileReference;
- path = MetaAttribute.h;
- refType = 4;
- };
- 01022B3CFF54464F11CD28CA = {
- isa = PBXFileReference;
- path = MetaRecord.cpp;
- refType = 4;
- };
- 01022B3DFF54464F11CD28CA = {
- isa = PBXFileReference;
- path = MetaRecord.h;
- refType = 4;
- };
- 01022B3EFF54464F11CD28CA = {
- isa = PBXFileReference;
- path = ReadWriteSection.h;
- refType = 4;
- };
- 01022B3FFF54464F11CD28CA = {
- isa = PBXFileReference;
- path = SelectionPredicate.cpp;
- refType = 4;
- };
- 01022B40FF54464F11CD28CA = {
- isa = PBXFileReference;
- path = SelectionPredicate.h;
- refType = 4;
- };
- 01022B41FF54464F11CD28CA = {
- fileRef = 01022B35FF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 01022B42FF54464F11CD28CA = {
- fileRef = 01022B37FF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 01022B43FF54464F11CD28CA = {
- fileRef = 01022B39FF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 01022B44FF54464F11CD28CA = {
- fileRef = 01022B3BFF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 01022B45FF54464F11CD28CA = {
- fileRef = 01022B3DFF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 01022B46FF54464F11CD28CA = {
- fileRef = 01022B3EFF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 01022B47FF54464F11CD28CA = {
- fileRef = 01022B40FF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 01022B48FF54464F11CD28CA = {
- fileRef = 01022B34FF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01022B49FF54464F11CD28CA = {
- fileRef = 01022B36FF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01022B4AFF54464F11CD28CA = {
- fileRef = 01022B38FF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01022B4BFF54464F11CD28CA = {
- fileRef = 01022B3AFF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01022B4CFF54464F11CD28CA = {
- fileRef = 01022B3CFF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01022B4DFF54464F11CD28CA = {
- fileRef = 01022B3FFF54464F11CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01128942FECB751C11CD296C = {
- children = (
- 01128943FECB751C11CD296C,
- 01128944FECB751C11CD296C,
- 01128947FECB77DB11CD296C,
- 01128948FECB77DB11CD296C,
- 12DB1A67FF094C9E11CD296C,
- 12DB1A68FF094C9E11CD296C,
- 0112894BFECB79BA11CD296C,
- 0112894CFECB79BA11CD296C,
- );
- isa = PBXGroup;
- name = Mach;
- path = "";
- refType = 4;
- };
- 01128943FECB751C11CD296C = {
- isa = PBXFileReference;
- path = "mach++.cpp";
- refType = 4;
- };
- 01128944FECB751C11CD296C = {
- isa = PBXFileReference;
- path = "mach++.h";
- refType = 4;
- };
- 01128945FECB751C11CD296C = {
- fileRef = 01128944FECB751C11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 01128946FECB751C11CD296C = {
- fileRef = 01128943FECB751C11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01128947FECB77DB11CD296C = {
- isa = PBXFileReference;
- path = machserver.cpp;
- refType = 4;
- };
- 01128948FECB77DB11CD296C = {
- isa = PBXFileReference;
- path = machserver.h;
- refType = 4;
- };
- 01128949FECB77DB11CD296C = {
- fileRef = 01128948FECB77DB11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0112894AFECB77DB11CD296C = {
- fileRef = 01128947FECB77DB11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0112894BFECB79BA11CD296C = {
- isa = PBXFileReference;
- path = mach_notify.c;
- refType = 4;
- };
- 0112894CFECB79BA11CD296C = {
- isa = PBXFileReference;
- path = mach_notify.h;
- refType = 4;
- };
- 0112894DFECB79BA11CD296C = {
- fileRef = 0112894CFECB79BA11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0112894EFECB79BA11CD296C = {
- fileRef = 0112894BFECB79BA11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0112894FFECB7F4711CD296C = {
- isa = PBXFileReference;
- path = cssmcred.cpp;
- refType = 4;
- };
- 01128950FECB7F4711CD296C = {
- isa = PBXFileReference;
- path = cssmcred.h;
- refType = 4;
- };
- 01128951FECB7F4711CD296C = {
- fileRef = 01128950FECB7F4711CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 01128952FECB7F4711CD296C = {
- fileRef = 0112894FFECB7F4711CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0115DA1BFF13D7E811CD283A = {
- children = (
- 0115DA1CFF13D7E811CD283A,
- 0115DA1DFF13D7E811CD283A,
- 0115DA1EFF13D7E811CD283A,
- 0115DA1FFF13D7E811CD283A,
- 0115DA20FF13D7E811CD283A,
- 01815976FFEAFFA511CD283A,
- 01815985FFEE820F11CD283A,
- 0181598FFFEE88CD11CD283A,
- 42462E68FFF0254211CD283A,
- );
- isa = PBXGroup;
- name = Products;
- refType = 4;
- };
- 0115DA1CFF13D7E811CD283A = {
- isa = PBXFrameworkReference;
- path = cdsa.framework;
- refType = 3;
- };
- 0115DA1DFF13D7E811CD283A = {
- isa = PBXFrameworkReference;
- path = cdsa_utilities.framework;
- refType = 3;
- };
- 0115DA1EFF13D7E811CD283A = {
- isa = PBXFrameworkReference;
- path = mds.framework;
- refType = 3;
- };
- 0115DA1FFF13D7E811CD283A = {
- isa = PBXFrameworkReference;
- path = cdsa_pluginlib.framework;
- refType = 3;
- };
- 0115DA20FF13D7E811CD283A = {
- isa = PBXFrameworkReference;
- path = cdsa_client.framework;
- refType = 3;
- };
- 0115DA21FF13D7E811CD283A = {
- fileRef = 0115DA1DFF13D7E811CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0115DA22FF13D7E811CD283A = {
- fileRef = 0115DA1DFF13D7E811CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0115DA23FF13D7E811CD283A = {
- fileRef = 0115DA1DFF13D7E811CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0115DA24FF13D7E811CD283A = {
- fileRef = 0115DA1CFF13D7E811CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0115DA25FF13D7E811CD283A = {
- fileRef = 0115DA1DFF13D7E811CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 012E3793FEDC6CAE11CD296C = {
- isa = PBXFileReference;
- path = acl_threshold.cpp;
- refType = 4;
- };
- 012E3794FEDC6CAE11CD296C = {
- isa = PBXFileReference;
- path = acl_threshold.h;
- refType = 4;
- };
- 012E3795FEDC6CAE11CD296C = {
- fileRef = 012E3794FEDC6CAE11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 012E3796FEDC6CAE11CD296C = {
- fileRef = 012E3793FEDC6CAE11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 013867ADFEAB8F4011CD283A = {
- fileRef = 41463C2AFE8C141C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 013867AEFEAB8F4011CD283A = {
- fileRef = 41463C2BFE8C141C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 013867AFFEAB8F4011CD283A = {
- fileRef = 41463C2CFE8C141C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 013867B0FEAB8F4011CD283A = {
- fileRef = 41463C2DFE8C141C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 013867B1FEAB8F4011CD283A = {
- fileRef = 41463C2EFE8C141C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 013867B2FEAB8F4011CD283A = {
- fileRef = 0DD48EDDFE89FA0911CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 013867B3FEAB8F4011CD283A = {
- fileRef = 0DD48EDEFE89FA0911CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 013867B4FEAB8F4011CD283A = {
- fileRef = 0DD48EDFFE89FA0911CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 013867B5FEAB8F4011CD283A = {
- fileRef = 0DD48EE0FE89FA0911CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 013867B6FEAB8F4011CD283A = {
- fileRef = 0DD48EE1FE89FA0911CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 013A8788FEDD94C911CD296C = {
- isa = PBXFileReference;
- path = acl_process.cpp;
- refType = 4;
- };
- 013A8789FEDD94C911CD296C = {
- isa = PBXFileReference;
- path = acl_process.h;
- refType = 4;
- };
- 013A878AFEDD94C911CD296C = {
- fileRef = 013A8789FEDD94C911CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 013A878BFEDD94C911CD296C = {
- fileRef = 013A8788FEDD94C911CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 015BB43CFFB749EA11CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- };
- isa = PBXBuildStyle;
- name = Development;
- };
- 015BB43DFFB749EA11CD296C = {
- buildRules = (
- );
- buildSettings = {
- COPY_PHASE_STRIP = YES;
- };
- isa = PBXBuildStyle;
- name = Deployment;
- };
- 01692075FF9B76B311CD296C = {
- isa = PBXFileReference;
- path = codesigning.cpp;
- refType = 4;
- };
- 01692076FF9B76B311CD296C = {
- isa = PBXFileReference;
- path = codesigning.h;
- refType = 4;
- };
- 01692077FF9B76B311CD296C = {
- fileRef = 01692076FF9B76B311CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 01692078FF9B76B311CD296C = {
- fileRef = 01692075FF9B76B311CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0169207DFF9BA84C11CD296C = {
- children = (
- 01692088FF9D296311CD296C,
- 01692089FF9D296311CD296C,
- );
- isa = PBXGroup;
- name = "OSX Code Signing";
- refType = 4;
- };
- 01692088FF9D296311CD296C = {
- isa = PBXFileReference;
- path = osxsigner.cpp;
- refType = 4;
- };
- 01692089FF9D296311CD296C = {
- isa = PBXFileReference;
- path = osxsigner.h;
- refType = 4;
- };
- 0169208AFF9D296311CD296C = {
- fileRef = 01692089FF9D296311CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0169208BFF9D296311CD296C = {
- fileRef = 01692088FF9D296311CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01692099FF9E3C0511CD296C = {
- isa = PBXFileReference;
- path = acl_codesigning.cpp;
- refType = 4;
- };
- 0169209AFF9E3C0511CD296C = {
- isa = PBXFileReference;
- path = acl_codesigning.h;
- refType = 4;
- };
- 0169209BFF9E3C0511CD296C = {
- fileRef = 0169209AFF9E3C0511CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0169209CFF9E3C0511CD296C = {
- fileRef = 01692099FF9E3C0511CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 016920A2FF9E86DF11CD296C = {
- children = (
- 01692075FF9B76B311CD296C,
- 01692076FF9B76B311CD296C,
- 016920A3FF9E872A11CD296C,
- 016920A4FF9E872A11CD296C,
- );
- isa = PBXGroup;
- name = "Code Signing";
- path = "";
- refType = 4;
- };
- 016920A3FF9E872A11CD296C = {
- isa = PBXFileReference;
- path = osxsigning.cpp;
- refType = 4;
- };
- 016920A4FF9E872A11CD296C = {
- isa = PBXFileReference;
- path = osxsigning.h;
- refType = 4;
- };
- 016920A5FF9E872A11CD296C = {
- fileRef = 016920A4FF9E872A11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 016920A6FF9E872A11CD296C = {
- fileRef = 016920A3FF9E872A11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01815975FFEAFFA511CD283A = {
- children = (
- 0181597DFFEAFFC711CD283A,
- 0181597FFFEE802311CD283A,
- 01815980FFEE802311CD283A,
- 0181598DFFEE86AE11CD283A,
- );
- isa = PBXGroup;
- name = master;
- refType = 4;
- };
- 01815976FFEAFFA511CD283A = {
- isa = PBXLibraryReference;
- path = libcdsa_utilities.a;
- refType = 3;
- };
- 01815977FFEAFFA511CD283A = {
- buildPhases = (
- 01815979FFEAFFA511CD283A,
- 0181597AFFEAFFA511CD283A,
- 0181597BFFEAFFA511CD283A,
- 0181597CFFEAFFA511CD283A,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SYMROOT)/derived_src\"";
- LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "-O1";
- OTHER_CFLAGS = "-DSAFER -DLIMITED_SIGNING -DDEBUGDUMP";
- OTHER_LDFLAGS = "";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = libcdsa_utilities.a;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 01815978FFEAFFA511CD283A,
- );
- isa = PBXLibraryTarget;
- name = libcdsa_utilities.a;
- productInstallPath = /usr/local/lib;
- productName = libcdsa_utilities.a;
- productReference = 01815976FFEAFFA511CD283A;
- shouldUseHeadermap = 0;
- };
- 01815978FFEAFFA511CD283A = {
- isa = PBXTargetDependency;
- target = 0C2D4320FE89F10511CD283A;
- };
- 01815979FFEAFFA511CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 0181597AFFEAFFA511CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0181597EFFEAFFC711CD283A,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 0181597BFFEAFFA511CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 0181597CFFEAFFA511CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 0181597DFFEAFFC711CD283A = {
- isa = PBXFileReference;
- path = cdsa_utilities.cpp;
- refType = 4;
- };
- 0181597EFFEAFFC711CD283A = {
- fileRef = 0181597DFFEAFFC711CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0181597FFFEE802311CD283A = {
- isa = PBXFileReference;
- path = cdsa_client.cpp;
- refType = 4;
- };
- 01815980FFEE802311CD283A = {
- isa = PBXFileReference;
- path = cdsa_pluginlib.cpp;
- refType = 4;
- };
- 01815985FFEE820F11CD283A = {
- isa = PBXLibraryReference;
- path = libcdsa.a;
- refType = 3;
- };
- 01815986FFEE820F11CD283A = {
- buildPhases = (
- 01815988FFEE820F11CD283A,
- 01815989FFEE820F11CD283A,
- 0181598AFFEE820F11CD283A,
- 0181598BFFEE820F11CD283A,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- EXPORTED_SYMBOLS_FILE = "\"$(SYMROOT)/derived_src/cssmexports.gen\"";
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SYMROOT)/derived_src\"";
- LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "-O1";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = libcdsa.a;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXLibraryTarget;
- name = libcdsa.a;
- productInstallPath = /usr/local/lib;
- productName = libcdsa.a;
- productReference = 01815985FFEE820F11CD283A;
- shouldUseHeadermap = 0;
- };
- 01815988FFEE820F11CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 01815989FFEE820F11CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0181598EFFEE86AE11CD283A,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 0181598AFFEE820F11CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 0181598BFFEE820F11CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 0181598DFFEE86AE11CD283A = {
- isa = PBXFileReference;
- path = cdsa.cpp;
- refType = 4;
- };
- 0181598EFFEE86AE11CD283A = {
- fileRef = 0181598DFFEE86AE11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0181598FFFEE88CD11CD283A = {
- isa = PBXLibraryReference;
- path = libcdsa_pluginlib.a;
- refType = 3;
- };
- 01815990FFEE88CD11CD283A = {
- buildPhases = (
- 01815991FFEE88CD11CD283A,
- 01815992FFEE88CD11CD283A,
- 01815993FFEE88CD11CD283A,
- 01815994FFEE88CD11CD283A,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SYMROOT)/include\" \"$(SYMROOT)/derived_src\"";
- LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "-O1";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = libcdsa_pluginlib.a;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXLibraryTarget;
- name = libcdsa_pluginlib.a;
- productInstallPath = /usr/local/lib;
- productName = libcdsa_pluginlib.a;
- productReference = 0181598FFFEE88CD11CD283A;
- shouldUseHeadermap = 0;
- };
- 01815991FFEE88CD11CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 01815992FFEE88CD11CD283A = {
- buildActionMask = 2147483647;
- files = (
- 01815995FFEE898511CD283A,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 01815993FFEE88CD11CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 01815994FFEE88CD11CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 01815995FFEE898511CD283A = {
- fileRef = 01815980FFEE802311CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01B9A47EFF51D86CD0A17CE7 = {
- isa = PBXFileReference;
- path = oidsattr.h;
- refType = 4;
- };
- 01B9A47FFF51D86CD0A17CE7 = {
- fileRef = 01B9A47EFF51D86CD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 01B9A480FF51D994D0A17CE7 = {
- isa = PBXFileReference;
- path = oidsattr.c;
- refType = 4;
- };
- 01B9A481FF51D994D0A17CE7 = {
- fileRef = 01B9A480FF51D994D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01EEBCFBFEED9C1111CD287F = {
- isa = PBXFileReference;
- path = genkey.cpp;
- refType = 4;
- };
- 01EEBCFCFEED9C1111CD287F = {
- isa = PBXFileReference;
- path = wrapkey.cpp;
- refType = 4;
- };
- 01EEBCFDFEED9C1111CD287F = {
- fileRef = 01EEBCFBFEED9C1111CD287F;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01EEBCFEFEED9C1111CD287F = {
- fileRef = 01EEBCFCFEED9C1111CD287F;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 01EEBCFFFEED9C5C11CD287F = {
- isa = PBXFileReference;
- path = wrapkey.h;
- refType = 4;
- };
- 01EEBD00FEED9C5C11CD287F = {
- isa = PBXFileReference;
- path = genkey.h;
- refType = 4;
- };
- 01EEBD01FEED9C5C11CD287F = {
- fileRef = 01EEBCFFFEED9C5C11CD287F;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 01EEBD02FEED9C5C11CD287F = {
- fileRef = 01EEBD00FEED9C5C11CD287F;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 020587C0FF4AFF9BD0A17CE7 = {
- isa = PBXFileReference;
- path = certextensions.h;
- refType = 4;
- };
- 020587C1FF4AFF9BD0A17CE7 = {
- fileRef = 020587C0FF4AFF9BD0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 02FD68C9FEA50F7511CD283A = {
- isa = PBXFileReference;
- path = guids.cpp;
- refType = 4;
- };
- 02FD68CAFEA50F7511CD283A = {
- fileRef = 02FD68C9FEA50F7511CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 03FB9036FEC7773411CD296C = {
- isa = PBXFileReference;
- path = DLsession.cpp;
- refType = 4;
- };
- 03FB9037FEC7773411CD296C = {
- fileRef = 03FB9036FEC7773411CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 062BE057FEAFD57811CD287F = {
- isa = PBXFileReference;
- path = macclient.cpp;
- refType = 4;
- };
- 062BE058FEAFD57811CD287F = {
- isa = PBXFileReference;
- path = macclient.h;
- refType = 4;
- };
- 062BE059FEAFD57811CD287F = {
- fileRef = 062BE058FEAFD57811CD287F;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 062BE05AFEAFD57811CD287F = {
- fileRef = 062BE057FEAFD57811CD287F;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 088B6D7DFF8E7B2111CD296C = {
- isa = PBXFileReference;
- path = tqueue.cpp;
- refType = 4;
- };
- 088B6D7EFF8E7B2111CD296C = {
- isa = PBXFileReference;
- path = tqueue.h;
- refType = 4;
- };
- 088B6D7FFF8E7B2111CD296C = {
- fileRef = 088B6D7EFF8E7B2111CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 088B6D80FF8E7B2111CD296C = {
- fileRef = 088B6D7DFF8E7B2111CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C1F5822FE89EE6611CD283A = {
- buildStyles = (
- 015BB43CFFB749EA11CD296C,
- 015BB43DFFB749EA11CD296C,
- );
- isa = PBXProject;
- mainGroup = 0C1F5823FE89EE6611CD283A;
- productRefGroup = 0115DA1BFF13D7E811CD283A;
- projectDirPath = .;
- targets = (
- 0C2A94F3FE89EF8611CD283A,
- 0C2D4320FE89F10511CD283A,
- 0C2A94F6FE89EF8611CD283A,
- 0C2A94FEFE89EF8611CD283A,
- 0C2A9506FE89EF8611CD283A,
- 1F54E424FE99514A11CD296C,
- 0C2A950EFE89EF8611CD283A,
- 01815977FFEAFFA511CD283A,
- 01815986FFEE820F11CD283A,
- 42462E69FFF0254211CD283A,
- 01815990FFEE88CD11CD283A,
- );
- };
- 0C1F5823FE89EE6611CD283A = {
- children = (
- 0C2D4324FE89F18F11CD283A,
- 0C2D426FFE89F09B11CD283A,
- 0C2D421AFE89F09B11CD283A,
- 0C2D4287FE89F09B11CD283A,
- 0C2D425EFE89F09B11CD283A,
- 0C2D4254FE89F09B11CD283A,
- 1F54E423FE99511211CD296C,
- 01815975FFEAFFA511CD283A,
- 0DD48EDBFE89F98211CD283A,
- 41463C29FE8C139711CD283A,
- 0CE0F7C5FE89F77411CD283A,
- 0115DA1BFF13D7E811CD283A,
- );
- isa = PBXGroup;
- refType = 4;
- };
- 0C2A94F3FE89EF8611CD283A = {
- buildPhases = (
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Libraries/CIncludes\"";
- INSTALL_PATH = /;
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = world;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 0C2D431FFE89F10511CD283A,
- 0C2D4214FE89EFEE11CD283A,
- 0C2D4215FE89EFEE11CD283A,
- 0C2D4217FE89EFEE11CD283A,
- 15B6EA0AFE9AA4C511CD283A,
- );
- isa = PBXAggregateTarget;
- name = world;
- productInstallPath = /;
- productName = world;
- shouldUseHeadermap = 0;
- };
- 0C2A94F6FE89EF8611CD283A = {
- buildPhases = (
- 0C2A94F7FE89EF8611CD283A,
- 0C2A94F8FE89EF8611CD283A,
- 0C2A94F9FE89EF8611CD283A,
- 0C2A94FAFE89EF8611CD283A,
- 0C2A94FBFE89EF8611CD283A,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- FRAMEWORK_VERSION = A;
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(SYMROOT)/derived_src\"";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "-O1";
- OTHER_CFLAGS = "-DSAFER -DLIMITED_SIGNING -DDEBUGDUMP";
- OTHER_LDFLAGS = "\"-lstdc++\" -prebind -seg_addr_table \"$(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table\"";
- OTHER_REZFLAGS = "";
- PRINCIPAL_CLASS = "";
- PRODUCT_NAME = cdsa_utilities;
- SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(APPLE_INTERNAL_DIR)/OrderFiles/cdsa_utilities.order\"";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = framework;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 0C2D4323FE89F10511CD283A,
- );
- isa = PBXFrameworkTarget;
- name = cdsa_utilities;
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- productName = cdsa_utilities;
- productReference = 0115DA1DFF13D7E811CD283A;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict>
- <key>CFBundleDevelopmentRegion</key>
- <string>English</string>
- <key>CFBundleExecutable</key>
- <string>cdsa_utilities</string>
- <key>CFBundleIconFile</key>
- <string></string>
- <key>CFBundleIdentifier</key>
- <string>com.apple.cdsa_utilities</string>
- <key>CFBundleInfoDictionaryVersion</key>
- <string>6.0</string>
- <key>CFBundlePackageType</key>
- <string>FMWK</string>
- <key>CFBundleSignature</key>
- <string>????</string>
- <key>CFBundleVersion</key>
- <string>0.0.1d1</string>
-</dict>
-</plist>
-";
- shouldUseHeadermap = 1;
- };
- 0C2A94F7FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0C2D429FFE89F09B11CD283A,
- 00DE4CADFEC34AB411CD296C,
- 012E3795FEDC6CAE11CD296C,
- 013A878AFEDD94C911CD296C,
- 0C2D42A0FE89F09B11CD283A,
- 0C2D42A2FE89F09B11CD283A,
- 0C2D42A3FE89F09B11CD283A,
- 0C2D42A5FE89F09B11CD283A,
- 0C2D42A6FE89F09B11CD283A,
- 0C2D42A7FE89F09B11CD283A,
- 688302CEFE940F2A11CD283A,
- 0C2D42A8FE89F09B11CD283A,
- 0C2D42A9FE89F09B11CD283A,
- 0C2D42AAFE89F09B11CD283A,
- 0C2D42ABFE89F09B11CD283A,
- 0C2D42ACFE89F09B11CD283A,
- 0C2D42ADFE89F09B11CD283A,
- 0C2D42AEFE89F09B11CD283A,
- 0C2D42AFFE89F09B11CD283A,
- 0C2D42B0FE89F09B11CD283A,
- 0C2D42B2FE89F09B11CD283A,
- 0C2D42B3FE89F09B11CD283A,
- 0C2D42B4FE89F09B11CD283A,
- 0C2D42B5FE89F09B11CD283A,
- 0C2D42B6FE89F09B11CD283A,
- 0C2D42B7FE89F09B11CD283A,
- 0C2D42B9FE89F09B11CD283A,
- 0C2D42BAFE89F09B11CD283A,
- 0C2D42BBFE89F09B11CD283A,
- 00DE4CA4FEBE2E3B11CD296C,
- 00DE4CA8FEC3407011CD296C,
- 00DE4CB1FEC35F0311CD296C,
- 01128945FECB751C11CD296C,
- 01128949FECB77DB11CD296C,
- 01128951FECB7F4711CD296C,
- 0112894DFECB79BA11CD296C,
- 12DB1A69FF094C9E11CD296C,
- 01022B41FF54464F11CD28CA,
- 01022B42FF54464F11CD28CA,
- 01022B43FF54464F11CD28CA,
- 01022B44FF54464F11CD28CA,
- 01022B45FF54464F11CD28CA,
- 01022B46FF54464F11CD28CA,
- 01022B47FF54464F11CD28CA,
- 17AD015BFF6EA90F11CD296C,
- 17AD015CFF6EA90F11CD296C,
- 17AD015DFF6EA90F11CD296C,
- 088B6D7FFF8E7B2111CD296C,
- 01692077FF9B76B311CD296C,
- 0169209BFF9E3C0511CD296C,
- 016920A5FF9E872A11CD296C,
- 168D1485FFC4593211CD296C,
- 00FD121DFFCB76E511CD296C,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 0C2A94F8FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 0C2A94F9FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0C2D42C0FE89F09B11CD283A,
- 0C2D42C1FE89F09B11CD283A,
- 0C2D42C2FE89F09B11CD283A,
- 0C2D42C3FE89F09B11CD283A,
- 0C2D42C4FE89F09B11CD283A,
- 0C2D42C5FE89F09B11CD283A,
- 0C2D42C6FE89F09B11CD283A,
- 634531E8FF097FD011CD283A,
- 0C2D42C7FE89F09B11CD283A,
- 0C2D42C8FE89F09B11CD283A,
- 0C2D42C9FE89F09B11CD283A,
- 0C2D42CAFE89F09B11CD283A,
- 0C2D42CBFE89F09B11CD283A,
- 0C2D42CCFE89F09B11CD283A,
- 0C2D42CDFE89F09B11CD283A,
- 0C2D42CEFE89F09B11CD283A,
- 0C2D42CFFE89F09B11CD283A,
- 0C2D42D0FE89F09B11CD283A,
- 02FD68CAFEA50F7511CD283A,
- 0C2D42D1FE89F09B11CD283A,
- 0C2D42D2FE89F09B11CD283A,
- 0C2D42D3FE89F09B11CD283A,
- 0C2D42D4FE89F09B11CD283A,
- 0C2D42D6FE89F09B11CD283A,
- 0C2D42D7FE89F09B11CD283A,
- 00DE4CA5FEBE2E3B11CD296C,
- 00DE4CA9FEC3407011CD296C,
- 00DE4CAEFEC34AB411CD296C,
- 00DE4CB2FEC35F0311CD296C,
- 01128946FECB751C11CD296C,
- 0112894AFECB77DB11CD296C,
- 0112894EFECB79BA11CD296C,
- 01128952FECB7F4711CD296C,
- 012E3796FEDC6CAE11CD296C,
- 013A878BFEDD94C911CD296C,
- 12DB1A6AFF094C9E11CD296C,
- 01022B48FF54464F11CD28CA,
- 01022B49FF54464F11CD28CA,
- 01022B4AFF54464F11CD28CA,
- 01022B4BFF54464F11CD28CA,
- 01022B4CFF54464F11CD28CA,
- 01022B4DFF54464F11CD28CA,
- 17AD015EFF6EA90F11CD296C,
- 17AD015FFF6EA90F11CD296C,
- 088B6D80FF8E7B2111CD296C,
- 01692078FF9B76B311CD296C,
- 0169209CFF9E3C0511CD296C,
- 016920A6FF9E872A11CD296C,
- 168D1486FFC4593211CD296C,
- 00FD121EFFCB76E511CD296C,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 0C2A94FAFE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0CE0F7C7FE89F77411CD283A,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 0C2A94FBFE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 0C2A94FEFE89EF8611CD283A = {
- buildPhases = (
- 0C2A94FFFE89EF8611CD283A,
- 0C2A9500FE89EF8611CD283A,
- 0C2A9501FE89EF8611CD283A,
- 0C2A9502FE89EF8611CD283A,
- 0C2A9503FE89EF8611CD283A,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\"";
- FRAMEWORK_VERSION = A;
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\"";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "\"-lstdc++\" -prebind -seg_addr_table \"$(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table\"";
- OTHER_REZFLAGS = "";
- PRINCIPAL_CLASS = "";
- PRODUCT_NAME = mds;
- SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(APPLE_INTERNAL_DIR)/OrderFiles/mds.order\"";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = framework;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 0C2D4219FE89EFEE11CD283A,
- );
- isa = PBXFrameworkTarget;
- name = mds;
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- productName = mds;
- productReference = 0115DA1EFF13D7E811CD283A;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict>
- <key>CFBundleDevelopmentRegion</key>
- <string>English</string>
- <key>CFBundleExecutable</key>
- <string>mds</string>
- <key>CFBundleIconFile</key>
- <string></string>
- <key>CFBundleIdentifier</key>
- <string>com.apple.mds</string>
- <key>CFBundleInfoDictionaryVersion</key>
- <string>6.0</string>
- <key>CFBundlePackageType</key>
- <string>FMWK</string>
- <key>CFBundleSignature</key>
- <string>????</string>
- <key>CFBundleVersion</key>
- <string>0.0.1d1</string>
-</dict>
-</plist>
-";
- shouldUseHeadermap = 1;
- };
- 0C2A94FFFE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0C2D4316FE89F09B11CD283A,
- 0C2D4317FE89F09B11CD283A,
- 0C2D4318FE89F09B11CD283A,
- 454AF0B6FFAB6EDE11CD28CA,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 0C2A9500FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 01022B32FF5326C811CD28CA,
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 0C2A9501FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0C2D431BFE89F09B11CD283A,
- 0C2D431CFE89F09B11CD283A,
- 0C2D431DFE89F09B11CD283A,
- 0C2D431EFE89F09B11CD283A,
- 454AF0B4FFAB6E8311CD28CA,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 0C2A9502FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0115DA21FF13D7E811CD283A,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 0C2A9503FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 0C2A9506FE89EF8611CD283A = {
- buildPhases = (
- 0C2A9507FE89EF8611CD283A,
- 0C2A9508FE89EF8611CD283A,
- 0C2A9509FE89EF8611CD283A,
- 0C2A950AFE89EF8611CD283A,
- 0C2A950BFE89EF8611CD283A,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- EXPORTED_SYMBOLS_FILE = "\"$(SYMROOT)/derived_src/cssmexports.gen\"";
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- FRAMEWORK_VERSION = A;
- HEADER_SEARCH_PATHS = "\"$(SYMROOT)/derived_src\"";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "\"-lstdc++\" -prebind -seg_addr_table \"$(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table\"";
- OTHER_REZFLAGS = "";
- PRINCIPAL_CLASS = "";
- PRODUCT_NAME = cdsa;
- SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(APPLE_INTERNAL_DIR)/OrderFiles/cdsa.order\"";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = framework;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 0C2D4216FE89EFEE11CD283A,
- );
- isa = PBXFrameworkTarget;
- name = cdsa;
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- productName = cdsa;
- productReference = 0115DA1CFF13D7E811CD283A;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict>
- <key>CFBundleDevelopmentRegion</key>
- <string>English</string>
- <key>CFBundleExecutable</key>
- <string>cdsa</string>
- <key>CFBundleIconFile</key>
- <string></string>
- <key>CFBundleIdentifier</key>
- <string>com.apple.cdsa</string>
- <key>CFBundleInfoDictionaryVersion</key>
- <string>6.0</string>
- <key>CFBundlePackageType</key>
- <string>FMWK</string>
- <key>CFBundleSignature</key>
- <string>????</string>
- <key>CFBundleVersion</key>
- <string>0.0.1d1</string>
-</dict>
-</plist>
-";
- shouldUseHeadermap = 1;
- };
- 0C2A9507FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0C2D42D8FE89F09B11CD283A,
- 0C2D42D9FE89F09B11CD283A,
- 0C2D42DAFE89F09B11CD283A,
- 0C2D42DBFE89F09B11CD283A,
- 0C2D42DCFE89F09B11CD283A,
- 0C2D42DDFE89F09B11CD283A,
- 0C2D42DEFE89F09B11CD283A,
- 0C2D42DFFE89F09B11CD283A,
- 0C2D42E0FE89F09B11CD283A,
- 0C2D42E1FE89F09B11CD283A,
- 0C2D42E2FE89F09B11CD283A,
- 0C2D42E3FE89F09B11CD283A,
- 0C2D42E4FE89F09B11CD283A,
- 0C2D42E5FE89F09B11CD283A,
- 0C2D42E6FE89F09B11CD283A,
- 0C2D42E7FE89F09B11CD283A,
- 0C2D42E8FE89F09B11CD283A,
- 0C2D42E9FE89F09B11CD283A,
- 0C2D42EAFE89F09B11CD283A,
- 0C2D42EBFE89F09B11CD283A,
- 0C2D42ECFE89F09B11CD283A,
- 0C2D42EDFE89F09B11CD283A,
- 0C2D42EEFE89F09B11CD283A,
- 020587C1FF4AFF9BD0A17CE7,
- 01B9A47FFF51D86CD0A17CE7,
- 163F7758FF543E27D0A17CE7,
- 0C2D42EFFE89F09B11CD283A,
- 0C2D42F0FE89F09B11CD283A,
- 0C2D42F1FE89F09B11CD283A,
- 0C2D42F2FE89F09B11CD283A,
- 0C2D42F3FE89F09B11CD283A,
- 0C2D42F4FE89F09B11CD283A,
- 0C2D42F5FE89F09B11CD283A,
- 0C2D42F6FE89F09B11CD283A,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 0C2A9508FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 4EABFBABFE9016E511CD283A,
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 0C2A9509FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0C2D42FBFE89F09B11CD283A,
- 0C2D42FCFE89F09B11CD283A,
- 0C2D42FDFE89F09B11CD283A,
- 0C2D42FEFE89F09B11CD283A,
- 0C2D42FFFE89F09B11CD283A,
- 0C2D4300FE89F09B11CD283A,
- 0C2D4301FE89F09B11CD283A,
- 0C2D4302FE89F09B11CD283A,
- 0C2D4303FE89F09B11CD283A,
- 0C2D4304FE89F09B11CD283A,
- 0C2D4305FE89F09B11CD283A,
- 01B9A481FF51D994D0A17CE7,
- 163F7759FF543E27D0A17CE7,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 0C2A950AFE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0115DA22FF13D7E811CD283A,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 0C2A950BFE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 0C2A950EFE89EF8611CD283A = {
- buildPhases = (
- 0C2A950FFE89EF8611CD283A,
- 0C2A9510FE89EF8611CD283A,
- 0C2A9511FE89EF8611CD283A,
- 0C2A9512FE89EF8611CD283A,
- 0C2A9513FE89EF8611CD283A,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- FRAMEWORK_VERSION = A;
- HEADER_SEARCH_PATHS = "\"$(SYMROOT)/derived_src\"";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "\"-lstdc++\" -prebind -seg_addr_table \"$(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table\"";
- OTHER_REZFLAGS = "";
- PRINCIPAL_CLASS = "";
- PRODUCT_NAME = cdsa_pluginlib;
- SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(APPLE_INTERNAL_DIR)/OrderFiles/cdsa_pluginlib.order\"";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = framework;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 0C2D4218FE89EFEE11CD283A,
- );
- isa = PBXFrameworkTarget;
- name = cdsa_pluginlib;
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- productName = cdsa_pluginlib;
- productReference = 0115DA1FFF13D7E811CD283A;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict>
- <key>CFBundleDevelopmentRegion</key>
- <string>English</string>
- <key>CFBundleExecutable</key>
- <string>cdsa_pluginlib</string>
- <key>CFBundleIconFile</key>
- <string></string>
- <key>CFBundleIdentifier</key>
- <string>com.apple.cdsa_pluginlib</string>
- <key>CFBundleInfoDictionaryVersion</key>
- <string>6.0</string>
- <key>CFBundlePackageType</key>
- <string>FMWK</string>
- <key>CFBundleSignature</key>
- <string>????</string>
- <key>CFBundleVersion</key>
- <string>0.0.1d1</string>
-</dict>
-</plist>
-";
- shouldUseHeadermap = 1;
- };
- 0C2A950FFE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0C2D4306FE89F09B11CD283A,
- 0C2D4307FE89F09B11CD283A,
- 0C2D4308FE89F09B11CD283A,
- 0C2D4309FE89F09B11CD283A,
- 0C2D430AFE89F09B11CD283A,
- 0DD48EE7FE89FB7511CD283A,
- 0C2D430BFE89F09B11CD283A,
- 0C2D430CFE89F09B11CD283A,
- 0C2D430DFE89F09B11CD283A,
- 013867ADFEAB8F4011CD283A,
- 013867AEFEAB8F4011CD283A,
- 013867AFFEAB8F4011CD283A,
- 013867B0FEAB8F4011CD283A,
- 013867B1FEAB8F4011CD283A,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 0C2A9510FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 0C2A9511FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0C2D4312FE89F09B11CD283A,
- 0C2D4313FE89F09B11CD283A,
- 0C2D4314FE89F09B11CD283A,
- 0C2D4315FE89F09B11CD283A,
- 013867B2FEAB8F4011CD283A,
- 013867B3FEAB8F4011CD283A,
- 013867B4FEAB8F4011CD283A,
- 013867B5FEAB8F4011CD283A,
- 013867B6FEAB8F4011CD283A,
- 03FB9037FEC7773411CD296C,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 0C2A9512FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- 0115DA23FF13D7E811CD283A,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 0C2A9513FE89EF8611CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 0C2D4214FE89EFEE11CD283A = {
- isa = PBXTargetDependency;
- target = 0C2A94F6FE89EF8611CD283A;
- };
- 0C2D4215FE89EFEE11CD283A = {
- isa = PBXTargetDependency;
- target = 0C2A9506FE89EF8611CD283A;
- };
- 0C2D4216FE89EFEE11CD283A = {
- isa = PBXTargetDependency;
- target = 0C2A94F6FE89EF8611CD283A;
- };
- 0C2D4217FE89EFEE11CD283A = {
- isa = PBXTargetDependency;
- target = 0C2A950EFE89EF8611CD283A;
- };
- 0C2D4218FE89EFEE11CD283A = {
- isa = PBXTargetDependency;
- target = 0C2A94F6FE89EF8611CD283A;
- };
- 0C2D4219FE89EFEE11CD283A = {
- isa = PBXTargetDependency;
- target = 0C2A94F6FE89EF8611CD283A;
- };
- 0C2D421AFE89F09B11CD283A = {
- children = (
- 01022B33FF54464F11CD28CA,
- 0C2D421BFE89F09B11CD283A,
- 0C2D421EFE89F09B11CD283A,
- 0C2D421FFE89F09B11CD283A,
- 0C2D4221FE89F09B11CD283A,
- 0C2D4222FE89F09B11CD283A,
- 0C2D4223FE89F09B11CD283A,
- 0C2D4224FE89F09B11CD283A,
- 00DE4CAFFEC35F0311CD296C,
- 00DE4CB0FEC35F0311CD296C,
- 0C2D4228FE89F09B11CD283A,
- 0C2D4229FE89F09B11CD283A,
- 0C2D4226FE89F09B11CD283A,
- 0C2D4227FE89F09B11CD283A,
- 0C2D422AFE89F09B11CD283A,
- 0C2D422BFE89F09B11CD283A,
- 0112894FFECB7F4711CD296C,
- 01128950FECB7F4711CD296C,
- 634531E7FF097FD011CD283A,
- 688302CDFE940F2A11CD283A,
- 0C2D422CFE89F09B11CD283A,
- 0C2D422DFE89F09B11CD283A,
- 0C2D422EFE89F09B11CD283A,
- 0C2D422FFE89F09B11CD283A,
- 0C2D4230FE89F09B11CD283A,
- 0C2D4231FE89F09B11CD283A,
- 0C2D4232FE89F09B11CD283A,
- 0C2D4233FE89F09B11CD283A,
- 00DE4CA6FEC3407011CD296C,
- 00DE4CA7FEC3407011CD296C,
- 168D1483FFC4593111CD296C,
- 168D1484FFC4593111CD296C,
- 17AD0156FF6EA90F11CD296C,
- 17AD0157FF6EA90F11CD296C,
- 17AD0158FF6EA90F11CD296C,
- 0C2D423FFE89F09B11CD283A,
- 0C2D4240FE89F09B11CD283A,
- 0C2D4241FE89F09B11CD283A,
- 0C2D4242FE89F09B11CD283A,
- 02FD68C9FEA50F7511CD283A,
- 0C2D4243FE89F09B11CD283A,
- 0C2D4244FE89F09B11CD283A,
- 17AD0159FF6EA90F11CD296C,
- 17AD015AFF6EA90F11CD296C,
- 0C2D4245FE89F09B11CD283A,
- 0C2D4246FE89F09B11CD283A,
- 0C2D4247FE89F09B11CD283A,
- 0C2D4248FE89F09B11CD283A,
- 0C2D4249FE89F09B11CD283A,
- 0C2D424AFE89F09B11CD283A,
- 0C2D424BFE89F09B11CD283A,
- 0C2D424CFE89F09B11CD283A,
- 0C2D424DFE89F09B11CD283A,
- 0C2D424EFE89F09B11CD283A,
- 0C2D424FFE89F09B11CD283A,
- 0C2D4250FE89F09B11CD283A,
- 088B6D7DFF8E7B2111CD296C,
- 088B6D7EFF8E7B2111CD296C,
- 0C2D4251FE89F09B11CD283A,
- 0C2D4252FE89F09B11CD283A,
- 0C2D4253FE89F09B11CD283A,
- 00DE4CA2FEBE2E3B11CD296C,
- 00DE4CA3FEBE2E3B11CD296C,
- 016920A2FF9E86DF11CD296C,
- 00DE4CAAFEC34AB411CD296C,
- 01128942FECB751C11CD296C,
- );
- isa = PBXGroup;
- path = cdsa_utilities;
- refType = 4;
- };
- 0C2D421BFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = .cvsignore;
- refType = 4;
- };
- 0C2D421CFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = acl_password.cpp;
- refType = 4;
- };
- 0C2D421DFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = acl_password.h;
- refType = 4;
- };
- 0C2D421EFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = AtomicFile.cpp;
- refType = 4;
- };
- 0C2D421FFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = AtomicFile.h;
- refType = 4;
- };
- 0C2D4221FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = callback.cpp;
- refType = 4;
- };
- 0C2D4222FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = callback.h;
- refType = 4;
- };
- 0C2D4223FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = context.cpp;
- refType = 4;
- };
- 0C2D4224FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = context.h;
- refType = 4;
- };
- 0C2D4226FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssm_adt_utils.cpp;
- refType = 4;
- };
- 0C2D4227FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssm_adt_utils.h;
- refType = 4;
- };
- 0C2D4228FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmacl.cpp;
- refType = 4;
- };
- 0C2D4229FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmacl.h;
- refType = 4;
- };
- 0C2D422AFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmalloc.cpp;
- refType = 4;
- };
- 0C2D422BFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmalloc.h;
- refType = 4;
- };
- 0C2D422CFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmdates.cpp;
- refType = 4;
- };
- 0C2D422DFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmdates.h;
- refType = 4;
- };
- 0C2D422EFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmdb.cpp;
- refType = 4;
- };
- 0C2D422FFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmdb.h;
- refType = 4;
- };
- 0C2D4230FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmerrno.cpp;
- refType = 4;
- };
- 0C2D4231FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmerrno.h;
- refType = 4;
- };
- 0C2D4232FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmlist.cpp;
- refType = 4;
- };
- 0C2D4233FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmlist.h;
- refType = 4;
- };
- 0C2D4234FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = Database.cpp;
- refType = 4;
- };
- 0C2D4235FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = Database.h;
- refType = 4;
- };
- 0C2D4236FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = DatabaseSession.cpp;
- refType = 4;
- };
- 0C2D4237FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = DatabaseSession.h;
- refType = 4;
- };
- 0C2D4238FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = DbContext.cpp;
- refType = 4;
- };
- 0C2D4239FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = DbContext.h;
- refType = 4;
- };
- 0C2D423AFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = DbName.cpp;
- refType = 4;
- };
- 0C2D423BFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = DbName.h;
- refType = 4;
- };
- 0C2D423CFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = DbQuery.cpp;
- refType = 4;
- };
- 0C2D423DFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = DbQuery.h;
- refType = 4;
- };
- 0C2D423EFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = DLsession.h;
- refType = 4;
- };
- 0C2D423FFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = generator.mk;
- refType = 4;
- };
- 0C2D4240FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = generator.pl;
- refType = 4;
- };
- 0C2D4241FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = globalizer.cpp;
- refType = 4;
- };
- 0C2D4242FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = globalizer.h;
- refType = 4;
- };
- 0C2D4243FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = handleobject.cpp;
- refType = 4;
- };
- 0C2D4244FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = handleobject.h;
- refType = 4;
- };
- 0C2D4245FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = memutils.h;
- refType = 4;
- };
- 0C2D4246FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = modloader.cpp;
- refType = 4;
- };
- 0C2D4247FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = modloader.h;
- refType = 4;
- };
- 0C2D4248FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = modloader9.cpp;
- refType = 4;
- };
- 0C2D4249FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = NOTES;
- refType = 4;
- };
- 0C2D424AFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = os9utils.cpp;
- refType = 4;
- };
- 0C2D424BFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = os9utils.h;
- refType = 4;
- };
- 0C2D424CFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = refcount.h;
- refType = 4;
- };
- 0C2D424DFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = SampleGroup.cpp;
- refType = 4;
- };
- 0C2D424EFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = SampleGroup.h;
- refType = 4;
- };
- 0C2D424FFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = threading.cpp;
- refType = 4;
- };
- 0C2D4250FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = threading.h;
- refType = 4;
- };
- 0C2D4251FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = utilities.cpp;
- refType = 4;
- };
- 0C2D4252FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = utilities.h;
- refType = 4;
- };
- 0C2D4253FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = utility_config.h;
- refType = 4;
- };
- 0C2D4254FE89F09B11CD283A = {
- children = (
- 0C2D4255FE89F09B11CD283A,
- 0C2D4256FE89F09B11CD283A,
- 0C2D4257FE89F09B11CD283A,
- 0C2D4258FE89F09B11CD283A,
- 0C2D4259FE89F09B11CD283A,
- 0C2D425AFE89F09B11CD283A,
- 0C2D425BFE89F09B11CD283A,
- 0C2D425CFE89F09B11CD283A,
- 0C2D425DFE89F09B11CD283A,
- 01022B31FF5326C811CD28CA,
- 454AF0B3FFAB6E8311CD28CA,
- 454AF0B5FFAB6EDE11CD28CA,
- );
- isa = PBXGroup;
- path = mds;
- refType = 2;
- };
- 0C2D4255FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = .cvsignore;
- refType = 4;
- };
- 0C2D4256FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = mds.mcp;
- refType = 4;
- };
- 0C2D4257FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = mdsapi.cpp;
- refType = 4;
- };
- 0C2D4258FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = MDSDatabase.cpp;
- refType = 4;
- };
- 0C2D4259FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = MDSDatabase.h;
- refType = 4;
- };
- 0C2D425AFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = MDSModule.cpp;
- refType = 4;
- };
- 0C2D425BFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = MDSModule.h;
- refType = 4;
- };
- 0C2D425CFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = MDSSession.cpp;
- refType = 4;
- };
- 0C2D425DFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = MDSSession.h;
- refType = 4;
- };
- 0C2D425EFE89F09B11CD283A = {
- children = (
- 0C2D425FFE89F09B11CD283A,
- 0C2D4260FE89F09B11CD283A,
- 0C2D4261FE89F09B11CD283A,
- 0C2D4262FE89F09B11CD283A,
- 0C2D4263FE89F09B11CD283A,
- 0C2D4264FE89F09B11CD283A,
- 0C2D4265FE89F09B11CD283A,
- 0C2D4266FE89F09B11CD283A,
- 0C2D4267FE89F09B11CD283A,
- 03FB9036FEC7773411CD296C,
- 0C2D423EFE89F09B11CD283A,
- 0C2D4268FE89F09B11CD283A,
- 0C2D4269FE89F09B11CD283A,
- 0C2D426AFE89F09B11CD283A,
- 0C2D426BFE89F09B11CD283A,
- 0C2D426CFE89F09B11CD283A,
- 0C2D426DFE89F09B11CD283A,
- 0C2D426EFE89F09B11CD283A,
- );
- isa = PBXGroup;
- path = cdsa_pluginlib;
- refType = 2;
- };
- 0C2D425FFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = .cvsignore;
- refType = 4;
- };
- 0C2D4260FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = ACsession.h;
- refType = 4;
- };
- 0C2D4261FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = "c++plugin.h";
- refType = 4;
- };
- 0C2D4262FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = CLsession.h;
- refType = 4;
- };
- 0C2D4263FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = CSPsession.cpp;
- refType = 4;
- };
- 0C2D4264FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = CSPsession.h;
- refType = 4;
- };
- 0C2D4265FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = csputilities.cpp;
- refType = 4;
- };
- 0C2D4266FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmplugin.cpp;
- refType = 4;
- };
- 0C2D4267FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmplugin.h;
- refType = 4;
- };
- 0C2D4268FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = generator.cfg;
- refType = 4;
- };
- 0C2D4269FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = generator.mk;
- refType = 4;
- };
- 0C2D426AFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = generator.pl;
- refType = 4;
- };
- 0C2D426BFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = pluginsession.cpp;
- refType = 4;
- };
- 0C2D426CFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = pluginsession.h;
- refType = 4;
- };
- 0C2D426DFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = pluginspi.h;
- refType = 4;
- };
- 0C2D426EFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = TPsession.h;
- refType = 4;
- };
- 0C2D426FFE89F09B11CD283A = {
- children = (
- 020587C0FF4AFF9BD0A17CE7,
- 0C2D4270FE89F09B11CD283A,
- 0C2D4271FE89F09B11CD283A,
- 0C2D4272FE89F09B11CD283A,
- 0C2D4273FE89F09B11CD283A,
- 0C2D4274FE89F09B11CD283A,
- 0C2D4275FE89F09B11CD283A,
- 0C2D4276FE89F09B11CD283A,
- 0C2D4277FE89F09B11CD283A,
- 0C2D4278FE89F09B11CD283A,
- 0C2D4279FE89F09B11CD283A,
- 0C2D427AFE89F09B11CD283A,
- 0C2D427BFE89F09B11CD283A,
- 0C2D427CFE89F09B11CD283A,
- 0C2D427DFE89F09B11CD283A,
- 0C2D427EFE89F09B11CD283A,
- 0C2D427FFE89F09B11CD283A,
- 0C2D4280FE89F09B11CD283A,
- 0C2D4281FE89F09B11CD283A,
- 0C2D4282FE89F09B11CD283A,
- 163F7756FF543E27D0A17CE7,
- 01B9A47EFF51D86CD0A17CE7,
- 0C2D4283FE89F09B11CD283A,
- 0C2D4284FE89F09B11CD283A,
- 0C2D4285FE89F09B11CD283A,
- 0C2D4286FE89F09B11CD283A,
- );
- isa = PBXGroup;
- path = cdsa;
- refType = 2;
- };
- 0C2D4270FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssm.h;
- refType = 4;
- };
- 0C2D4271FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmaci.h;
- refType = 4;
- };
- 0C2D4272FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmapi.h;
- refType = 4;
- };
- 0C2D4273FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmapple.h;
- refType = 4;
- };
- 0C2D4274FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmcli.h;
- refType = 4;
- };
- 0C2D4275FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmconfig.h;
- refType = 4;
- };
- 0C2D4276FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmcspi.h;
- refType = 4;
- };
- 0C2D4277FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmdli.h;
- refType = 4;
- };
- 0C2D4278FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmerr.h;
- refType = 4;
- };
- 0C2D4279FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmkrapi.h;
- refType = 4;
- };
- 0C2D427AFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmkrspi.h;
- refType = 4;
- };
- 0C2D427BFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmspi.h;
- refType = 4;
- };
- 0C2D427CFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmtpi.h;
- refType = 4;
- };
- 0C2D427DFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmtype.h;
- refType = 4;
- };
- 0C2D427EFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = eisl.h;
- refType = 4;
- };
- 0C2D427FFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = emmspi.h;
- refType = 4;
- };
- 0C2D4280FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = emmtype.h;
- refType = 4;
- };
- 0C2D4281FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = mds.h;
- refType = 4;
- };
- 0C2D4282FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = mds_schema.h;
- refType = 4;
- };
- 0C2D4283FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = oidsbase.h;
- refType = 4;
- };
- 0C2D4284FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = oidscert.h;
- refType = 4;
- };
- 0C2D4285FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = oidscrl.h;
- refType = 4;
- };
- 0C2D4286FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = x509defs.h;
- refType = 4;
- };
- 0C2D4287FE89F09B11CD283A = {
- children = (
- 4EABFBAAFE9016E511CD283A,
- 0C2D4288FE89F09B11CD283A,
- 0C2D4289FE89F09B11CD283A,
- 0C2D428AFE89F09B11CD283A,
- 0C2D428BFE89F09B11CD283A,
- 0C2D428CFE89F09B11CD283A,
- 0C2D428DFE89F09B11CD283A,
- 0C2D428EFE89F09B11CD283A,
- 0C2D428FFE89F09B11CD283A,
- 0C2D4290FE89F09B11CD283A,
- 0C2D4291FE89F09B11CD283A,
- 0C2D4292FE89F09B11CD283A,
- 0C2D4293FE89F09B11CD283A,
- 0C2D4294FE89F09B11CD283A,
- 0C2D4295FE89F09B11CD283A,
- 0C2D4296FE89F09B11CD283A,
- 0C2D4297FE89F09B11CD283A,
- 0C2D4298FE89F09B11CD283A,
- 0C2D4299FE89F09B11CD283A,
- 0C2D429AFE89F09B11CD283A,
- 0C2D429BFE89F09B11CD283A,
- 163F7757FF543E27D0A17CE7,
- 01B9A480FF51D994D0A17CE7,
- 0C2D429CFE89F09B11CD283A,
- 0C2D429DFE89F09B11CD283A,
- 0C2D429EFE89F09B11CD283A,
- );
- isa = PBXGroup;
- path = cssm;
- refType = 4;
- };
- 0C2D4288FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = .cvsignore;
- refType = 4;
- };
- 0C2D4289FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = attachfactory.cpp;
- refType = 4;
- };
- 0C2D428AFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = attachfactory.h;
- refType = 4;
- };
- 0C2D428BFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = attachment.cpp;
- refType = 4;
- };
- 0C2D428CFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = attachment.h;
- refType = 4;
- };
- 0C2D428DFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cspattachment.cpp;
- refType = 4;
- };
- 0C2D428EFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cspattachment.h;
- refType = 4;
- };
- 0C2D428FFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssm.cpp;
- refType = 4;
- };
- 0C2D4290FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmcontext.cpp;
- refType = 4;
- };
- 0C2D4291FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmcontext.h;
- refType = 4;
- };
- 0C2D4292FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmint.h;
- refType = 4;
- };
- 0C2D4293FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmmds.cpp;
- refType = 4;
- };
- 0C2D4294FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = cssmmds.h;
- refType = 4;
- };
- 0C2D4295FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = generator.cfg;
- refType = 4;
- };
- 0C2D4296FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = generator.mk;
- refType = 4;
- };
- 0C2D4297FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = generator.pl;
- refType = 4;
- };
- 0C2D4298FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = manager.cpp;
- refType = 4;
- };
- 0C2D4299FE89F09B11CD283A = {
- isa = PBXFileReference;
- path = manager.h;
- refType = 4;
- };
- 0C2D429AFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = module.cpp;
- refType = 4;
- };
- 0C2D429BFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = module.h;
- refType = 4;
- };
- 0C2D429CFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = oidscert.cpp;
- refType = 4;
- };
- 0C2D429DFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = oidscrl.cpp;
- refType = 4;
- };
- 0C2D429EFE89F09B11CD283A = {
- isa = PBXFileReference;
- path = transition.cpp;
- refType = 4;
- };
- 0C2D429FFE89F09B11CD283A = {
- fileRef = 0C2D421DFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42A0FE89F09B11CD283A = {
- fileRef = 0C2D421FFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42A2FE89F09B11CD283A = {
- fileRef = 0C2D4222FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42A3FE89F09B11CD283A = {
- fileRef = 0C2D4224FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42A5FE89F09B11CD283A = {
- fileRef = 0C2D4227FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42A6FE89F09B11CD283A = {
- fileRef = 0C2D4229FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42A7FE89F09B11CD283A = {
- fileRef = 0C2D422BFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42A8FE89F09B11CD283A = {
- fileRef = 0C2D422DFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42A9FE89F09B11CD283A = {
- fileRef = 0C2D422FFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42AAFE89F09B11CD283A = {
- fileRef = 0C2D4231FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42ABFE89F09B11CD283A = {
- fileRef = 0C2D4233FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42ACFE89F09B11CD283A = {
- fileRef = 0C2D4235FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42ADFE89F09B11CD283A = {
- fileRef = 0C2D4237FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42AEFE89F09B11CD283A = {
- fileRef = 0C2D4239FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42AFFE89F09B11CD283A = {
- fileRef = 0C2D423BFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42B0FE89F09B11CD283A = {
- fileRef = 0C2D423DFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42B2FE89F09B11CD283A = {
- fileRef = 0C2D4242FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42B3FE89F09B11CD283A = {
- fileRef = 0C2D4244FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42B4FE89F09B11CD283A = {
- fileRef = 0C2D4245FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42B5FE89F09B11CD283A = {
- fileRef = 0C2D4247FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42B6FE89F09B11CD283A = {
- fileRef = 0C2D424BFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42B7FE89F09B11CD283A = {
- fileRef = 0C2D424CFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42B9FE89F09B11CD283A = {
- fileRef = 0C2D4250FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42BAFE89F09B11CD283A = {
- fileRef = 0C2D4252FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42BBFE89F09B11CD283A = {
- fileRef = 0C2D4253FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42C0FE89F09B11CD283A = {
- fileRef = 0C2D421CFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42C1FE89F09B11CD283A = {
- fileRef = 0C2D421EFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42C2FE89F09B11CD283A = {
- fileRef = 0C2D4221FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42C3FE89F09B11CD283A = {
- fileRef = 0C2D4223FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42C4FE89F09B11CD283A = {
- fileRef = 0C2D4226FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42C5FE89F09B11CD283A = {
- fileRef = 0C2D4228FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42C6FE89F09B11CD283A = {
- fileRef = 0C2D422AFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42C7FE89F09B11CD283A = {
- fileRef = 0C2D422CFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42C8FE89F09B11CD283A = {
- fileRef = 0C2D422EFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42C9FE89F09B11CD283A = {
- fileRef = 0C2D4230FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42CAFE89F09B11CD283A = {
- fileRef = 0C2D4232FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42CBFE89F09B11CD283A = {
- fileRef = 0C2D4234FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42CCFE89F09B11CD283A = {
- fileRef = 0C2D4236FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42CDFE89F09B11CD283A = {
- fileRef = 0C2D4238FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42CEFE89F09B11CD283A = {
- fileRef = 0C2D423AFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42CFFE89F09B11CD283A = {
- fileRef = 0C2D423CFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42D0FE89F09B11CD283A = {
- fileRef = 0C2D4241FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42D1FE89F09B11CD283A = {
- fileRef = 0C2D4243FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42D2FE89F09B11CD283A = {
- fileRef = 0C2D4246FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42D3FE89F09B11CD283A = {
- fileRef = 0C2D4248FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42D4FE89F09B11CD283A = {
- fileRef = 0C2D424AFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42D6FE89F09B11CD283A = {
- fileRef = 0C2D424FFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42D7FE89F09B11CD283A = {
- fileRef = 0C2D4251FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42D8FE89F09B11CD283A = {
- fileRef = 0C2D4270FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42D9FE89F09B11CD283A = {
- fileRef = 0C2D4271FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42DAFE89F09B11CD283A = {
- fileRef = 0C2D4272FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42DBFE89F09B11CD283A = {
- fileRef = 0C2D4273FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42DCFE89F09B11CD283A = {
- fileRef = 0C2D4274FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42DDFE89F09B11CD283A = {
- fileRef = 0C2D4275FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42DEFE89F09B11CD283A = {
- fileRef = 0C2D4276FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42DFFE89F09B11CD283A = {
- fileRef = 0C2D4277FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42E0FE89F09B11CD283A = {
- fileRef = 0C2D4278FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42E1FE89F09B11CD283A = {
- fileRef = 0C2D4279FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42E2FE89F09B11CD283A = {
- fileRef = 0C2D427AFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42E3FE89F09B11CD283A = {
- fileRef = 0C2D427BFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42E4FE89F09B11CD283A = {
- fileRef = 0C2D427CFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42E5FE89F09B11CD283A = {
- fileRef = 0C2D427DFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42E6FE89F09B11CD283A = {
- fileRef = 0C2D427EFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42E7FE89F09B11CD283A = {
- fileRef = 0C2D427FFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42E8FE89F09B11CD283A = {
- fileRef = 0C2D4280FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42E9FE89F09B11CD283A = {
- fileRef = 0C2D4281FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42EAFE89F09B11CD283A = {
- fileRef = 0C2D4282FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42EBFE89F09B11CD283A = {
- fileRef = 0C2D4283FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42ECFE89F09B11CD283A = {
- fileRef = 0C2D4284FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42EDFE89F09B11CD283A = {
- fileRef = 0C2D4285FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42EEFE89F09B11CD283A = {
- fileRef = 0C2D4286FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D42EFFE89F09B11CD283A = {
- fileRef = 0C2D428AFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0C2D42F0FE89F09B11CD283A = {
- fileRef = 0C2D428CFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0C2D42F1FE89F09B11CD283A = {
- fileRef = 0C2D428EFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0C2D42F2FE89F09B11CD283A = {
- fileRef = 0C2D4291FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0C2D42F3FE89F09B11CD283A = {
- fileRef = 0C2D4292FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0C2D42F4FE89F09B11CD283A = {
- fileRef = 0C2D4294FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0C2D42F5FE89F09B11CD283A = {
- fileRef = 0C2D4299FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0C2D42F6FE89F09B11CD283A = {
- fileRef = 0C2D429BFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- );
- };
- };
- 0C2D42FBFE89F09B11CD283A = {
- fileRef = 0C2D4289FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42FCFE89F09B11CD283A = {
- fileRef = 0C2D428BFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42FDFE89F09B11CD283A = {
- fileRef = 0C2D428DFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42FEFE89F09B11CD283A = {
- fileRef = 0C2D428FFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D42FFFE89F09B11CD283A = {
- fileRef = 0C2D4290FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D4300FE89F09B11CD283A = {
- fileRef = 0C2D4293FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D4301FE89F09B11CD283A = {
- fileRef = 0C2D4298FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D4302FE89F09B11CD283A = {
- fileRef = 0C2D429AFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D4303FE89F09B11CD283A = {
- fileRef = 0C2D429CFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D4304FE89F09B11CD283A = {
- fileRef = 0C2D429DFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D4305FE89F09B11CD283A = {
- fileRef = 0C2D429EFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D4306FE89F09B11CD283A = {
- fileRef = 0C2D4260FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D4307FE89F09B11CD283A = {
- fileRef = 0C2D4261FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D4308FE89F09B11CD283A = {
- fileRef = 0C2D4262FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D4309FE89F09B11CD283A = {
- fileRef = 0C2D4264FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D430AFE89F09B11CD283A = {
- fileRef = 0C2D4267FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D430BFE89F09B11CD283A = {
- fileRef = 0C2D426CFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D430CFE89F09B11CD283A = {
- fileRef = 0C2D426DFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D430DFE89F09B11CD283A = {
- fileRef = 0C2D426EFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0C2D4312FE89F09B11CD283A = {
- fileRef = 0C2D4263FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D4313FE89F09B11CD283A = {
- fileRef = 0C2D4265FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D4314FE89F09B11CD283A = {
- fileRef = 0C2D4266FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D4315FE89F09B11CD283A = {
- fileRef = 0C2D426BFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D4316FE89F09B11CD283A = {
- fileRef = 0C2D4259FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0C2D4317FE89F09B11CD283A = {
- fileRef = 0C2D425BFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0C2D4318FE89F09B11CD283A = {
- fileRef = 0C2D425DFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0C2D431BFE89F09B11CD283A = {
- fileRef = 0C2D4257FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D431CFE89F09B11CD283A = {
- fileRef = 0C2D4258FE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D431DFE89F09B11CD283A = {
- fileRef = 0C2D425AFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D431EFE89F09B11CD283A = {
- fileRef = 0C2D425CFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0C2D431FFE89F10511CD283A = {
- isa = PBXTargetDependency;
- target = 0C2D4320FE89F10511CD283A;
- };
- 0C2D4320FE89F10511CD283A = {
- buildArgumentsString = "-f generator.mk $ACTION \"SRCROOT=$SRCROOT\" \"SYMROOT=$SYMROOT\"";
- buildPhases = (
- );
- buildSettings = {
- FRAMEWORK_SEARCH_PATHS = "";
- HEADER_SEARCH_PATHS = "";
- INSTALL_PATH = /;
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = generate;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "";
- };
- buildToolPath = /usr/bin/gnumake;
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXLegacyTarget;
- name = generate;
- productInstallPath = /;
- productName = generate;
- settingsToExpand = 6;
- settingsToPassInEnvironment = 1;
- settingsToPassOnCommandLine = 280;
- shouldUseHeadermap = 0;
- };
- 0C2D4323FE89F10511CD283A = {
- isa = PBXTargetDependency;
- target = 0C2D4320FE89F10511CD283A;
- };
- 0C2D4324FE89F18F11CD283A = {
- isa = PBXFileReference;
- path = generator.mk;
- refType = 2;
- };
- 0CE0F7C5FE89F77411CD283A = {
- children = (
- 0CE0F7C6FE89F77411CD283A,
- );
- isa = PBXGroup;
- name = Frameworks;
- refType = 4;
- };
- 0CE0F7C6FE89F77411CD283A = {
- isa = PBXFrameworkReference;
- name = CoreFoundation.framework;
- path = /System/Library/Frameworks/CoreFoundation.framework;
- refType = 0;
- };
- 0CE0F7C7FE89F77411CD283A = {
- fileRef = 0CE0F7C6FE89F77411CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 0D80A0A1FEA5508C11CD283A = {
- isa = PBXFileReference;
- path = cryptoclient.cpp;
- refType = 4;
- };
- 0D80A0A2FEA5508C11CD283A = {
- isa = PBXFileReference;
- path = cryptoclient.h;
- refType = 4;
- };
- 0D80A0A3FEA5508C11CD283A = {
- isa = PBXFileReference;
- path = keyclient.cpp;
- refType = 4;
- };
- 0D80A0A4FEA5508C11CD283A = {
- isa = PBXFileReference;
- path = keyclient.h;
- refType = 4;
- };
- 0D80A0A5FEA5508C11CD283A = {
- fileRef = 0D80A0A2FEA5508C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0D80A0A6FEA5508C11CD283A = {
- fileRef = 0D80A0A4FEA5508C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0D80A0A7FEA5508C11CD283A = {
- fileRef = 0D80A0A1FEA5508C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0D80A0A8FEA5508C11CD283A = {
- fileRef = 0D80A0A3FEA5508C11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0DD48EDBFE89F98211CD283A = {
- children = (
- 0DD48EDDFE89FA0911CD283A,
- 0DD48EDEFE89FA0911CD283A,
- 0DD48EDFFE89FA0911CD283A,
- 0DD48EE0FE89FA0911CD283A,
- 0DD48EE1FE89FA0911CD283A,
- 0DD48EEAFE89FD5111CD283A,
- 0DD48EEBFE89FD5111CD283A,
- 0DD48EECFE89FD5111CD283A,
- 0DD48EEDFE89FD5111CD283A,
- );
- isa = PBXGroup;
- path = derived_src;
- refType = 3;
- };
- 0DD48EDDFE89FA0911CD283A = {
- isa = PBXFileReference;
- path = ACabstractsession.cpp;
- refType = 4;
- };
- 0DD48EDEFE89FA0911CD283A = {
- isa = PBXFileReference;
- path = CLabstractsession.cpp;
- refType = 4;
- };
- 0DD48EDFFE89FA0911CD283A = {
- isa = PBXFileReference;
- path = CSPabstractsession.cpp;
- refType = 4;
- };
- 0DD48EE0FE89FA0911CD283A = {
- isa = PBXFileReference;
- path = DLabstractsession.cpp;
- refType = 4;
- };
- 0DD48EE1FE89FA0911CD283A = {
- isa = PBXFileReference;
- path = TPabstractsession.cpp;
- refType = 4;
- };
- 0DD48EE7FE89FB7511CD283A = {
- fileRef = 0C2D423EFE89F09B11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0DD48EEAFE89FD5111CD283A = {
- isa = PBXFileReference;
- path = errorcodes.gen;
- refType = 4;
- };
- 0DD48EEBFE89FD5111CD283A = {
- isa = PBXFileReference;
- path = funcnames.gen;
- refType = 4;
- };
- 0DD48EECFE89FD5111CD283A = {
- isa = PBXFileReference;
- path = generator.rpt;
- refType = 4;
- };
- 0DD48EEDFE89FD5111CD283A = {
- isa = PBXFileReference;
- path = transition.gen;
- refType = 4;
- };
- 0ECA317BFEB7611311CD283A = {
- isa = PBXFileReference;
- path = securestorage.cpp;
- refType = 4;
- };
- 0ECA317CFEB7611311CD283A = {
- isa = PBXFileReference;
- path = securestorage.h;
- refType = 4;
- };
- 0ECA317DFEB7611311CD283A = {
- fileRef = 0ECA317CFEB7611311CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0ECA317EFEB7611311CD283A = {
- fileRef = 0ECA317BFEB7611311CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 0ECA317FFEB793E111CD283A = {
- isa = PBXFileReference;
- path = multidldb.cpp;
- refType = 4;
- };
- 0ECA3180FEB793E111CD283A = {
- isa = PBXFileReference;
- path = multidldb.h;
- refType = 4;
- };
- 0ECA3181FEB793E111CD283A = {
- fileRef = 0ECA3180FEB793E111CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 0ECA3182FEB793E111CD283A = {
- fileRef = 0ECA317FFEB793E111CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 12DB1A67FF094C9E11CD296C = {
- isa = PBXFileReference;
- path = machrunloopserver.cpp;
- refType = 4;
- };
- 12DB1A68FF094C9E11CD296C = {
- isa = PBXFileReference;
- path = machrunloopserver.h;
- refType = 4;
- };
- 12DB1A69FF094C9E11CD296C = {
- fileRef = 12DB1A68FF094C9E11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 12DB1A6AFF094C9E11CD296C = {
- fileRef = 12DB1A67FF094C9E11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 15B6EA05FE9A545311CD283A = {
- children = (
- 15B6EA06FE9A545311CD283A,
- 15B6EA07FE9A545311CD283A,
- );
- isa = PBXGroup;
- name = Datastore;
- path = "";
- refType = 4;
- };
- 15B6EA06FE9A545311CD283A = {
- isa = PBXFileReference;
- path = dlclient.cpp;
- refType = 4;
- };
- 15B6EA07FE9A545311CD283A = {
- isa = PBXFileReference;
- path = dlclient.h;
- refType = 4;
- };
- 15B6EA08FE9A545311CD283A = {
- fileRef = 15B6EA07FE9A545311CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 15B6EA09FE9A545311CD283A = {
- fileRef = 15B6EA06FE9A545311CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 15B6EA0AFE9AA4C511CD283A = {
- isa = PBXTargetDependency;
- target = 1F54E424FE99514A11CD296C;
- };
- 163F7756FF543E27D0A17CE7 = {
- isa = PBXFileReference;
- path = oidsalg.h;
- refType = 4;
- };
- 163F7757FF543E27D0A17CE7 = {
- isa = PBXFileReference;
- name = oidsalg.c;
- path = cssm/oidsalg.c;
- refType = 2;
- };
- 163F7758FF543E27D0A17CE7 = {
- fileRef = 163F7756FF543E27D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 163F7759FF543E27D0A17CE7 = {
- fileRef = 163F7757FF543E27D0A17CE7;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 168D1483FFC4593111CD296C = {
- isa = PBXFileReference;
- path = daemon.cpp;
- refType = 4;
- };
- 168D1484FFC4593111CD296C = {
- isa = PBXFileReference;
- path = daemon.h;
- refType = 4;
- };
- 168D1485FFC4593211CD296C = {
- fileRef = 168D1484FFC4593111CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 168D1486FFC4593211CD296C = {
- fileRef = 168D1483FFC4593111CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 17AD0156FF6EA90F11CD296C = {
- isa = PBXFileReference;
- path = debugging.cpp;
- refType = 4;
- };
- 17AD0157FF6EA90F11CD296C = {
- isa = PBXFileReference;
- path = debugging.h;
- refType = 4;
- };
- 17AD0158FF6EA90F11CD296C = {
- isa = PBXFileReference;
- path = debugsupport.h;
- refType = 4;
- };
- 17AD0159FF6EA90F11CD296C = {
- isa = PBXFileReference;
- path = logging.cpp;
- refType = 4;
- };
- 17AD015AFF6EA90F11CD296C = {
- isa = PBXFileReference;
- path = logging.h;
- refType = 4;
- };
- 17AD015BFF6EA90F11CD296C = {
- fileRef = 17AD0157FF6EA90F11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 17AD015CFF6EA90F11CD296C = {
- fileRef = 17AD0158FF6EA90F11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 17AD015DFF6EA90F11CD296C = {
- fileRef = 17AD015AFF6EA90F11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 17AD015EFF6EA90F11CD296C = {
- fileRef = 17AD0156FF6EA90F11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 17AD015FFF6EA90F11CD296C = {
- fileRef = 17AD0159FF6EA90F11CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 1F382786FF238CB211CD283A = {
- isa = PBXFileReference;
- path = aclclient.h;
- refType = 4;
- };
- 1F382788FF238E7911CD283A = {
- fileRef = 1F382786FF238CB211CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 1F54E423FE99511211CD296C = {
- children = (
- 1F54E42FFE99523511CD296C,
- 1F54E430FE99523511CD296C,
- 1F382786FF238CB211CD283A,
- 1F54E43BFE99528E11CD296C,
- 15B6EA05FE9A545311CD283A,
- 00DAE77BFEB4BE5E11CD2984,
- 00DAE77CFEB4BE5E11CD2984,
- 0ECA317FFEB793E111CD283A,
- 0ECA3180FEB793E111CD283A,
- 0ECA317BFEB7611311CD283A,
- 0ECA317CFEB7611311CD283A,
- 28455460FFF000A111CD283A,
- 0169207DFF9BA84C11CD296C,
- );
- isa = PBXGroup;
- path = cdsa_client;
- refType = 4;
- };
- 1F54E424FE99514A11CD296C = {
- buildPhases = (
- 1F54E426FE99514A11CD296C,
- 1F54E427FE99514A11CD296C,
- 1F54E428FE99514A11CD296C,
- 1F54E429FE99514A11CD296C,
- 1F54E42AFE99514A11CD296C,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- FRAMEWORK_VERSION = A;
- HEADER_SEARCH_PATHS = "";
- INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- LIBRARY_SEARCH_PATHS = "";
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "\"-lstdc++\" -prebind -seg_addr_table \"$(APPLE_INTERNAL_DEVELOPER_DIR)/seg_addr_table\"";
- OTHER_REZFLAGS = "";
- PRINCIPAL_CLASS = "";
- PRODUCT_NAME = cdsa_client;
- SECTORDER_FLAGS = "-sectorder __TEXT __text \"$(APPLE_INTERNAL_DIR)/OrderFiles/cdsa_client.order\"";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- WRAPPER_EXTENSION = framework;
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- 1F54E425FE99514A11CD296C,
- );
- isa = PBXFrameworkTarget;
- name = cdsa_client;
- productInstallPath = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
- productName = cdsa_client;
- productReference = 0115DA20FF13D7E811CD283A;
- productSettingsXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<!DOCTYPE plist SYSTEM \"file://localhost/System/Library/DTDs/PropertyList.dtd\">
-<plist version=\"0.9\">
-<dict>
- <key>CFBundleDevelopmentRegion</key>
- <string>English</string>
- <key>CFBundleExecutable</key>
- <string>cdsa_client</string>
- <key>CFBundleIconFile</key>
- <string></string>
- <key>CFBundleIdentifier</key>
- <string>com.apple.cdsa_client</string>
- <key>CFBundleInfoDictionaryVersion</key>
- <string>6.0</string>
- <key>CFBundlePackageType</key>
- <string>FMWK</string>
- <key>CFBundleSignature</key>
- <string>????</string>
- <key>CFBundleVersion</key>
- <string>0.0.1d1</string>
-</dict>
-</plist>
-";
- shouldUseHeadermap = 1;
- };
- 1F54E425FE99514A11CD296C = {
- isa = PBXTargetDependency;
- target = 0C2A9506FE89EF8611CD283A;
- };
- 1F54E426FE99514A11CD296C = {
- buildActionMask = 2147483647;
- files = (
- 1F382788FF238E7911CD283A,
- 0D80A0A5FEA5508C11CD283A,
- 1F54E434FE99523511CD296C,
- 1F54E435FE99523511CD296C,
- 15B6EA08FE9A545311CD283A,
- 00DAE77DFEB4BE5E11CD2984,
- 0D80A0A6FEA5508C11CD283A,
- 062BE059FEAFD57811CD287F,
- 0ECA3181FEB793E111CD283A,
- 0ECA317DFEB7611311CD283A,
- 1F54E436FE99523511CD296C,
- 01EEBD01FEED9C5C11CD287F,
- 01EEBD02FEED9C5C11CD287F,
- 0169208AFF9D296311CD296C,
- 28455463FFF000A111CD283A,
- 28455467FFF00DA211CD283A,
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 1F54E427FE99514A11CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXResourcesBuildPhase;
- name = "Bundle Resources";
- };
- 1F54E428FE99514A11CD296C = {
- buildActionMask = 2147483647;
- files = (
- 0D80A0A7FEA5508C11CD283A,
- 1F54E437FE99523511CD296C,
- 1F54E438FE99523511CD296C,
- 15B6EA09FE9A545311CD283A,
- 00DAE77EFEB4BE5E11CD2984,
- 0D80A0A8FEA5508C11CD283A,
- 062BE05AFEAFD57811CD287F,
- 0ECA3182FEB793E111CD283A,
- 0ECA317EFEB7611311CD283A,
- 1F54E439FE99523511CD296C,
- 01EEBCFDFEED9C1111CD287F,
- 01EEBCFEFEED9C1111CD287F,
- 0169208BFF9D296311CD296C,
- 28455464FFF000A111CD283A,
- 28455468FFF00DA211CD283A,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 1F54E429FE99514A11CD296C = {
- buildActionMask = 2147483647;
- files = (
- 0115DA24FF13D7E811CD283A,
- 0115DA25FF13D7E811CD283A,
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 1F54E42AFE99514A11CD296C = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 1F54E42DFE99523511CD296C = {
- isa = PBXFileReference;
- path = cspclient.cpp;
- refType = 4;
- };
- 1F54E42EFE99523511CD296C = {
- isa = PBXFileReference;
- path = cspclient.h;
- refType = 4;
- };
- 1F54E42FFE99523511CD296C = {
- isa = PBXFileReference;
- path = cssmclient.cpp;
- refType = 4;
- };
- 1F54E430FE99523511CD296C = {
- isa = PBXFileReference;
- path = cssmclient.h;
- refType = 4;
- };
- 1F54E431FE99523511CD296C = {
- isa = PBXFileReference;
- path = signclient.cpp;
- refType = 4;
- };
- 1F54E432FE99523511CD296C = {
- isa = PBXFileReference;
- path = signclient.h;
- refType = 4;
- };
- 1F54E434FE99523511CD296C = {
- fileRef = 1F54E42EFE99523511CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 1F54E435FE99523511CD296C = {
- fileRef = 1F54E430FE99523511CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 1F54E436FE99523511CD296C = {
- fileRef = 1F54E432FE99523511CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 1F54E437FE99523511CD296C = {
- fileRef = 1F54E42DFE99523511CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 1F54E438FE99523511CD296C = {
- fileRef = 1F54E42FFE99523511CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 1F54E439FE99523511CD296C = {
- fileRef = 1F54E431FE99523511CD296C;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 1F54E43BFE99528E11CD296C = {
- children = (
- 0D80A0A1FEA5508C11CD283A,
- 0D80A0A2FEA5508C11CD283A,
- 1F54E42DFE99523511CD296C,
- 1F54E42EFE99523511CD296C,
- 01EEBCFBFEED9C1111CD287F,
- 01EEBD00FEED9C5C11CD287F,
- 0D80A0A3FEA5508C11CD283A,
- 0D80A0A4FEA5508C11CD283A,
- 062BE057FEAFD57811CD287F,
- 062BE058FEAFD57811CD287F,
- 1F54E431FE99523511CD296C,
- 1F54E432FE99523511CD296C,
- 01EEBCFCFEED9C1111CD287F,
- 01EEBCFFFEED9C5C11CD287F,
- );
- isa = PBXGroup;
- name = Crypto;
- refType = 4;
- };
- 28455460FFF000A111CD283A = {
- children = (
- 28455461FFF000A111CD283A,
- 28455462FFF000A111CD283A,
- 28455465FFF00DA211CD283A,
- 28455466FFF00DA211CD283A,
- );
- isa = PBXGroup;
- name = "ACL Support";
- refType = 4;
- };
- 28455461FFF000A111CD283A = {
- isa = PBXFileReference;
- path = aclsupport.cpp;
- refType = 4;
- };
- 28455462FFF000A111CD283A = {
- isa = PBXFileReference;
- path = aclsupport.h;
- refType = 4;
- };
- 28455463FFF000A111CD283A = {
- fileRef = 28455462FFF000A111CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 28455464FFF000A111CD283A = {
- fileRef = 28455461FFF000A111CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 28455465FFF00DA211CD283A = {
- isa = PBXFileReference;
- path = keychainacl.cpp;
- refType = 4;
- };
- 28455466FFF00DA211CD283A = {
- isa = PBXFileReference;
- path = keychainacl.h;
- refType = 4;
- };
- 28455467FFF00DA211CD283A = {
- fileRef = 28455466FFF00DA211CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- 28455468FFF00DA211CD283A = {
- fileRef = 28455465FFF00DA211CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 41463C29FE8C139711CD283A = {
- children = (
- 41463C2AFE8C141C11CD283A,
- 41463C2BFE8C141C11CD283A,
- 41463C2CFE8C141C11CD283A,
- 41463C2DFE8C141C11CD283A,
- 41463C2EFE8C141C11CD283A,
- );
- isa = PBXGroup;
- name = derived_headers;
- path = include/cdsa_pluginlib;
- refType = 3;
- };
- 41463C2AFE8C141C11CD283A = {
- isa = PBXFileReference;
- path = ACabstractsession.h;
- refType = 4;
- };
- 41463C2BFE8C141C11CD283A = {
- isa = PBXFileReference;
- path = CLabstractsession.h;
- refType = 4;
- };
- 41463C2CFE8C141C11CD283A = {
- isa = PBXFileReference;
- path = CSPabstractsession.h;
- refType = 4;
- };
- 41463C2DFE8C141C11CD283A = {
- isa = PBXFileReference;
- path = DLabstractsession.h;
- refType = 4;
- };
- 41463C2EFE8C141C11CD283A = {
- isa = PBXFileReference;
- path = TPabstractsession.h;
- refType = 4;
- };
- 42462E68FFF0254211CD283A = {
- isa = PBXLibraryReference;
- path = libcdsa_client.a;
- refType = 3;
- };
- 42462E69FFF0254211CD283A = {
- buildPhases = (
- 42462E6AFFF0254211CD283A,
- 42462E6BFFF0254211CD283A,
- 42462E6DFFF0254211CD283A,
- 42462E6EFFF0254211CD283A,
- );
- buildSettings = {
- DYLIB_COMPATIBILITY_VERSION = 1;
- DYLIB_CURRENT_VERSION = 1;
- FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\"";
- HEADER_SEARCH_PATHS = "\"$(SRCROOT)\"";
- LIBRARY_STYLE = STATIC;
- OPTIMIZATION_CFLAGS = "";
- OTHER_CFLAGS = "";
- OTHER_LDFLAGS = "";
- OTHER_LIBTOOL_FLAGS = "";
- OTHER_REZFLAGS = "";
- PRODUCT_NAME = libcdsa_client.a;
- REZ_EXECUTABLE = YES;
- SECTORDER_FLAGS = "";
- WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas";
- };
- conditionalBuildSettings = {
- };
- dependencies = (
- );
- isa = PBXLibraryTarget;
- name = libcdsa_client.a;
- productInstallPath = /usr/local/lib;
- productName = libcdsa_client.a;
- productReference = 42462E68FFF0254211CD283A;
- shouldUseHeadermap = 0;
- };
- 42462E6AFFF0254211CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXHeadersBuildPhase;
- name = Headers;
- };
- 42462E6BFFF0254211CD283A = {
- buildActionMask = 2147483647;
- files = (
- 42462E6CFFF0254211CD283A,
- );
- isa = PBXSourcesBuildPhase;
- name = Sources;
- };
- 42462E6CFFF0254211CD283A = {
- fileRef = 0181597FFFEE802311CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 42462E6DFFF0254211CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXFrameworksBuildPhase;
- name = "Frameworks & Libraries";
- };
- 42462E6EFFF0254211CD283A = {
- buildActionMask = 2147483647;
- files = (
- );
- isa = PBXRezBuildPhase;
- name = "ResourceManager Resources";
- };
- 454AF0B3FFAB6E8311CD28CA = {
- isa = PBXFileReference;
- path = MDSSchema.cpp;
- refType = 4;
- };
- 454AF0B4FFAB6E8311CD28CA = {
- fileRef = 454AF0B3FFAB6E8311CD28CA;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 454AF0B5FFAB6EDE11CD28CA = {
- isa = PBXFileReference;
- path = MDSSchema.h;
- refType = 4;
- };
- 454AF0B6FFAB6EDE11CD28CA = {
- fileRef = 454AF0B5FFAB6EDE11CD28CA;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 4EABFBAAFE9016E511CD283A = {
- isa = PBXFileReference;
- path = MDS;
- refType = 4;
- };
- 4EABFBABFE9016E511CD283A = {
- fileRef = 4EABFBAAFE9016E511CD283A;
- isa = PBXBuildFile;
- settings = {
- };
- };
- 634531E7FF097FD011CD283A = {
- isa = PBXFileReference;
- path = cssmdata.cpp;
- refType = 4;
- };
- 634531E8FF097FD011CD283A = {
- fileRef = 634531E7FF097FD011CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Debug,
- );
- };
- };
- 688302CDFE940F2A11CD283A = {
- isa = PBXFileReference;
- path = cssmdata.h;
- refType = 4;
- };
- 688302CEFE940F2A11CD283A = {
- fileRef = 688302CDFE940F2A11CD283A;
- isa = PBXBuildFile;
- settings = {
- ATTRIBUTES = (
- Public,
- );
- };
- };
- };
- rootObject = 0C1F5822FE89EE6611CD283A;
-}
CSSM_DATA rawData; // unknown, not decoded
} CE_Data;
+typedef struct {
+ CE_DataType type;
+ CE_Data extension;
+ CSSM_BOOL critical;
+} CE_DataAndType;
+
#endif /* _CERT_EXTENSIONS_H_ */
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
File: cssmapple.h
Contains: CSSM features specific to Apple's Implementation
-
- Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved.
*/
#ifndef _CSSMAPPLE_H_
#include <Security/cssmerr.h>
#include <Security/cssmtype.h>
-#include <sys/types.h> /* for the BSD *_t types */
+#include <Security/x509defs.h> /* for CSSM_APPLE_ROOT_CERT_REQUEST fields */
+#include <Security/certextensions.h> /* ditto */
+#include <sys/types.h> /* for the BSD *_t types */
#ifdef __cplusplus
extern "C" {
CSSM_WORDID_KEYCHAIN_LOCK,
CSSM_WORDID_KEYCHAIN_CHANGE_LOCK,
CSSM_WORDID_PROCESS,
+ CSSM_WORDID__RESERVED_1, // was used in 10.2 test seeds; no longer in use
CSSM_WORDID__FIRST_UNUSED
};
CSSM_ACL_CODE_SIGNATURE_OSX = 1 /* standard OS X code signature */
};
+/* ACL subjects of type PROCESS */
enum { /* PROCESS_SUBJECT mask fields */
CSSM_ACL_MATCH_UID = 0x01, /* match userid against uid field */
typedef struct cssm_acl_process_subject_selector { /* PROCESS_SUBJECT selector */
uint16 version; /* version of this selector */
uint16 mask; /* active fields mask */
- uid_t uid; /* effective user id match */
- gid_t gid; /* effective group id match */
+ uint32 uid; /* effective user id match */
+ uint32 gid; /* effective group id match */
} CSSM_ACL_PROCESS_SUBJECT_SELECTOR;
+/* ACL subjects of type KEYCHAIN_PROMPT */
+
+enum { /* KEYCHAIN_PROMPT structure version field */
+ CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION = 0x101
+};
+
+enum { /* KEYCHAIN_PROMPT operational flags */
+ CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE = 0x0001 /* require re-entering of passphrase */
+};
+
+typedef struct cssm_acl_keychain_prompt_selector { /* KEYCHAIN_PROMPT selector */
+ uint16 version; /* version of this selector */
+ uint16 flags; /* flag bits */
+} CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR;
+
/* Apple defined algorithm IDs */
enum
{
CSSM_DL_DB_RECORD_GENERIC_PASSWORD = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0,
CSSM_DL_DB_RECORD_INTERNET_PASSWORD = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 1,
- CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 2
+ CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 2,
+
+ CSSM_DL_DB_RECORD_X509_CERTIFICATE = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0x1000,
+ CSSM_DL_DB_RECORD_USER_TRUST,
+
+ CSSM_DL_DB_RECORD_METADATA = CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0x8000
};
/* AppleFileDL extentions: passthrough ids */
CSSMERR_APPLEDL_INCOMPATIBLE_KEY_BLOB = CSSM_DL_PRIVATE_ERROR + 7,
};
+/* Apple X509TP private error codes. */
+enum
+{
+ /* mismatch between Cert's common name and app-specified host name */
+ CSSMERR_APPLETP_HOSTNAME_MISMATCH = CSSM_TP_PRIVATE_ERROR + 0,
+ /* Non-understood extension with Critical flag true */
+ CSSMERR_APPLETP_UNKNOWN_CRITICAL_EXTEN = CSSM_TP_PRIVATE_ERROR + 1,
+ /* Basic Constraints extension required per policy, but not present */
+ CSSMERR_APPLETP_NO_BASIC_CONSTRAINTS = CSSM_TP_PRIVATE_ERROR + 2,
+ /* Invalid BasicConstraints.CA */
+ CSSMERR_APPLETP_INVALID_CA = CSSM_TP_PRIVATE_ERROR + 3,
+ /* Invalid Authority Key ID */
+ CSSMERR_APPLETP_INVALID_AUTHORITY_ID = CSSM_TP_PRIVATE_ERROR + 4,
+ /* Invalid Subject Key ID */
+ CSSMERR_APPLETP_INVALID_SUBJECT_ID = CSSM_TP_PRIVATE_ERROR + 5,
+ /* Invalid Key Usage for policy */
+ CSSMERR_APPLETP_INVALID_KEY_USAGE = CSSM_TP_PRIVATE_ERROR + 6,
+ /* Invalid Extended Key Usage for policy */
+ CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE = CSSM_TP_PRIVATE_ERROR + 7,
+ /* Invalid Subject/Authority Key ID Linkage */
+ CSSMERR_APPLETP_INVALID_ID_LINKAGE = CSSM_TP_PRIVATE_ERROR + 8,
+};
+
enum
{
CSSM_APPLEDL_OPEN_PARAMETERS_VERSION = 0
CSSM_APPLECSPDL_DB_CHANGE_PASSWORD =5,
- /* Given a CSSM_KEY_PTR in any format, obtain the SSHA-1 hash of the
+ /* Given a CSSM_KEY_PTR in any format, obtain the SHA-1 hash of the
* associated key blob.
* Key is specified in CSSM_CSP_CreatePassThroughContext.
* Hash is allocated bythe CSP, in the App's memory, and returned
CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM = 100
};
-/*
- * Optional argument for X509TP's CertGroupVerify. Instructs TP to
- * ignore "certificate expired" error conditions. Expressed in
- * CSSM_TP_CALLERAUTH_CONTEXT.Policy.PolicyControl.
- */
-#define CSSM_TP_ALLOW_EXPIRE ((void *)0x55)
-
-/*
- * Structure containing parameters for the MDS DbOpen() function.
- */
-
-#define MDS_APPLE_OPEN_LOCAL_DB ((uint32) (1 << 0))
-#define MDS_APPLE_CREATE_LOCAL_DB ((uint32) (1 << 1))
-
-typedef struct mds_apple_open_parameters
-{
- uint32 version;
- uint32 openFlags;
-} MDS_APPLE_OPEN_PARAMETERS, *MDS_APPLE_OPEN_PARAMETERS_PTR;
-
/*
* Custom context attributes for AppleCSP.
*/
/*
* FEE key attributes.
- * See CSSM_FEE_PRIME_TYPE_xxx, CSSM_FEE_CURVE_TYPE_xxx enumsm below.
+ * See CSSM_FEE_PRIME_TYPE_xxx, CSSM_FEE_CURVE_TYPE_xxx enums, below.
*/
CSSM_ATTRIBUTE_FEE_PRIME_TYPE =
(CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 1)),
CSSM_ATTRIBUTE_FEE_CURVE_TYPE =
(CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 2)),
+
+ /*
+ * Apple Secure Compression (ComCryption) optimization.
+ * See CSSM_ASC_OPTIMIZE_xxx, enums, below.
+ */
+ CSSM_ATTRIBUTE_ASC_OPTIMIZATION =
+ (CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 3)),
};
/*
* FEE key pair prime modulus types.
*/
enum {
- CSSM_FEE_PRIME_TYPE_DEFAULT, /* default per key size */
+ CSSM_FEE_PRIME_TYPE_DEFAULT = 0, /* default per key size */
CSSM_FEE_PRIME_TYPE_MERSENNE, /* (2 ** q) - 1Ê*/
CSSM_FEE_PRIME_TYPE_FEE, /* (2 ** q) - k */
CSSM_FEE_PRIME_TYPE_GENERAL /* random prime */
* y**2 = x**3 + c(x**2) + ax + b
*/
enum {
- CSSM_FEE_CURVE_TYPE_DEFAULT, /* default per key size */
+ CSSM_FEE_CURVE_TYPE_DEFAULT = 0, /* default per key size */
CSSM_FEE_CURVE_TYPE_MONTGOMERY, /* a==1, b==0 */
CSSM_FEE_CURVE_TYPE_WEIERSTRASS /* c==0. IEEE P1363 compliant. */
};
-#ifdef __cplusplus
+/*
+ * Apple Secure Compression (ComCryption) optimization attributes.
+ */
+enum {
+ CSSM_ASC_OPTIMIZE_DEFAULT = 0,
+ CSSM_ASC_OPTIMIZE_SIZE, /* max compression (currently the default) */
+ CSSM_ASC_OPTIMIZE_SECURITY, /* currently not implemented */
+ CSSM_ASC_OPTIMIZE_TIME, /* min runtime */
+ CSSM_ASC_OPTIMIZE_TIME_SIZE, /* implies loss of security */
+ CSSM_ASC_OPTIMIZE_ASCII, /* optimized for ASCC text, not implemented */
+};
+
+/*
+ * Name/OID pair used in CSSM_APPLE_TP_CERT_REQUEST
+ */
+typedef struct {
+ const char *string;
+ const CSSM_OID *oid;
+} CSSM_APPLE_TP_NAME_OID;
+
+/*
+ * Certificate request passed to CSSM_TP_SubmitCredRequest() in the
+ * CSSM_TP_AUTHORITY_REQUEST_TYPE.Requests field. Used for requesting
+ * both locally-generated certs (CSSMOID_APPLE_TP_LOCAL_CERT_GEN) and
+ * cert signing requests (CSSMOID_APPLE_TP_CSR_GEN).
+ */
+typedef struct {
+ CSSM_CSP_HANDLE cspHand; // sign with this CSP
+ CSSM_CL_HANDLE clHand; // and this CL
+ uint32 serialNumber;
+ uint32 numSubjectNames;// size subjectNames[]
+ CSSM_APPLE_TP_NAME_OID *subjectNames; // from certextensions.h
+
+ /*
+ * Issuer name can be expressed in the simplified CSSM_APPLE_TP_NAME_OID
+ * array, as is the subject name, or as an CSSM_X509_NAME, which is
+ * typically obtained from a signing cert.
+ * Exactly one of {issuerNames, issuerNameX509} must be non-NULL.
+ */
+ uint32 numIssuerNames; // size issuerNames[]
+ CSSM_APPLE_TP_NAME_OID *issuerNames; // optional; NULL implies root
+ // (signer == subject)
+ CSSM_X509_NAME_PTR issuerNameX509;
+ const CSSM_KEY *certPublicKey;
+ const CSSM_KEY *issuerPrivateKey;
+
+ /* Unfortunately there is no practical way to map any algorithm
+ * to its appropriate OID, and we need both.... */
+ CSSM_ALGORITHMS signatureAlg; // e.g., CSSM_ALGID_SHA1WithRSA
+ CSSM_OID signatureOid; // e.g., CSSMOID_SHA1WithRSA
+ uint32 notBefore; // relative to "now"
+ uint32 notAfter;
+ uint32 numExtensions;
+ CE_DataAndType *extensions; // optional
+
+ /*
+ * Optional challenge string for CSSMOID_APPLE_TP_CSR_GEN.
+ */
+ const char *challengeString;
+} CSSM_APPLE_TP_CERT_REQUEST;
+
+/*
+ * Options for X509TP's CSSM_TP_CertGroupVerify for policy CSSMOID_APPLE_TP_SSL.
+ * A pointer to, and length of, one of these is optionally placed in
+ * CSSM_TP_VERIFY_CONTEXT.Cred->Policy.PolicyIds[n].FieldValue.
+ */
+#define CSSM_APPLE_TP_SSL_OPTS_VERSION 0
+typedef struct {
+ uint32 Version; // CSSM_APPLE_TP_SSL_OPTS_VERSION
+
+ /*
+ * The domain name of the server (e.g., "store.apple.com".) In the
+ * SSL and TLS protocols, this must match the common name of the
+ * subject cert. Expressed as a C string, optionally NULL terminated
+ * if it is NULL terminated, the length field should include the NULL).
+ */
+ uint32 ServerNameLen;
+ const char *ServerName; // optional
+} CSSM_APPLE_TP_SSL_OPTIONS;
+
+/*
+ * Optional ActionData for all X509TP CertGroupVerify policies.
+ * A pointer to, and length of, one of these is optionally placed in
+ * CSSM_TP_VERIFY_CONTEXT.ActionData.
+ */
+typedef uint32 CSSM_APPLE_TP_ACTION_FLAGS;
+enum {
+ CSSM_TP_ACTION_ALLOW_EXPIRED = 0x00000001, // allow expired certs
+ /* other flags TBD */
+};
+
+#define CSSM_APPLE_TP_ACTION_VERSION 0
+typedef struct {
+ uint32 Version; // CSSM_APPLE_TP_ACTION_VERSION
+ CSSM_APPLE_TP_ACTION_FLAGS ActionFlags; // CSSM_TP_ACTION_ALLOW_EXPIRED, etc.
+} CSSM_APPLE_TP_ACTION_DATA;
+
+/*
+ * Per-cert evidence returned from CSSM_TP_CertGroupVerify.
+ * An array of these is presented in CSSM_TP_VERIFY_CONTEXT_RESULT.Evidence[2].
+ * Same number of these as in the cert group in Evidence[1].
+ */
+
+/* First, an array of bits indicating various status of the cert. */
+typedef uint32 CSSM_TP_APPLE_CERT_STATUS;
+enum
+{
+ CSSM_CERT_STATUS_EXPIRED = 0x00000001,
+ CSSM_CERT_STATUS_NOT_VALID_YET = 0x00000002,
+ CSSM_CERT_STATUS_IS_IN_INPUT_CERTS = 0x00000004,
+ CSSM_CERT_STATUS_IS_IN_ANCHORS = 0x00000008,
+ CSSM_CERT_STATUS_IS_ROOT = 0x00000010
+};
+
+typedef struct {
+ CSSM_TP_APPLE_CERT_STATUS StatusBits;
+ uint32 NumStatusCodes;
+ CSSM_RETURN *StatusCodes;
+
+ /* index into raw cert group or AnchorCerts depending on IS_IN_ANCHORS */
+ uint32 Index;
+
+ /* nonzero if cert came from a DLDB */
+ CSSM_DL_DB_HANDLE DlDbHandle;
+ CSSM_DB_UNIQUE_RECORD_PTR UniqueRecord;
+} CSSM_TP_APPLE_EVIDENCE_INFO;
+
+/*
+ * CSSM_TP_VERIFY_CONTEXT_RESULT.Evidence[0], basically defines which version/flavor
+ * of remaining evidence is.
+ */
+#define CSSM_TP_APPLE_EVIDENCE_VERSION 0
+typedef struct
+{
+ uint32 Version;
+} CSSM_TP_APPLE_EVIDENCE_HEADER;
+
+
+/*
+ * Apple-specific CSSM_EVIDENCE_FORM values
+ *
+ * The form of the evidence returns from CSSM_TP_CertGroupVerify is:
+ *
+ * EvidenceForm contents of *Evidence
+ * ------------ ---------------------
+ * CSSM_EVIDENCE_FORM_APPLE_HEADER CSSM_TP_APPLE_EVIDENCE_HEADER
+ * CSSM_EVIDENCE_FORM_APPLE_CERTGROUP CSSM_CERTGROUP
+ * CSSM_EVIDENCE_FORM_APPLE_CERT_INFO array of CSSM_TP_APPLE_EVIDENCE_INFO, size
+ * CSSM_CERTGROUP.NumCerts
+ */
+
+#define CSSM_EVIDENCE_FORM_APPLE_CUSTOM 0x80000000
+enum
+{
+ CSSM_EVIDENCE_FORM_APPLE_HEADER = CSSM_EVIDENCE_FORM_APPLE_CUSTOM + 0,
+ CSSM_EVIDENCE_FORM_APPLE_CERTGROUP = CSSM_EVIDENCE_FORM_APPLE_CUSTOM + 1,
+ CSSM_EVIDENCE_FORM_APPLE_CERT_INFO = CSSM_EVIDENCE_FORM_APPLE_CUSTOM + 2
+};
+
+/* AppleX509CL extensions: passthrough ids */
+enum {
+ /*
+ * Obtain a signed Certificate Signing Request.
+ * Input = CSSM_APPLE_CL_CSR_REQUEST
+ * Output = allocated CSSM_DATA which points to a DER-encoded CSR.
+ */
+ CSSM_APPLEX509CL_OBTAIN_CSR,
+
+ /*
+ * Perform signature verify of a CSR.
+ * Input: CSSM_DATA referring to a DER-encoded CSR.
+ * Output: Nothing, returns CSSMERR_CL_VERIFICATION_FAILURE on
+ * on failure.
+ */
+ CSSM_APPLEX509CL_VERIFY_CSR
+};
+
+/*
+ * Used in CL's CSSM_APPLEX509_OBTAIN_CSR Passthrough. This is the
+ * input; the output is a CSSM_DATA * containing the signed and
+ * PEM-encoded CSR.
+ */
+typedef struct {
+ CSSM_X509_NAME_PTR subjectNameX509;
+
+ /* Unfortunately there is no practical way to map any algorithm
+ * to its appropriate OID, and we need both.... */
+ CSSM_ALGORITHMS signatureAlg; // e.g., CSSM_ALGID_SHA1WithRSA
+ CSSM_OID signatureOid; // e.g., CSSMOID_SHA1WithRSA
+
+ CSSM_CSP_HANDLE cspHand; // sign with this CSP
+ const CSSM_KEY *subjectPublicKey;
+ const CSSM_KEY *subjectPrivateKey;
+
+ /*
+ * Optional challenge string.
+ */
+ const char *challengeString;
+} CSSM_APPLE_CL_CSR_REQUEST;
+
+
+void cssmPerror(const char *how, CSSM_RETURN error);
+
+#ifdef __cplusplus
}
-#endif
+#endif // __cplusplus
#endif /* _CSSMAPPLE_H_ */
CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_INVALID_INPUT_POINTER,
CSSMERR_CSSM_INVALID_OUTPUT_POINTER =
CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_INVALID_OUTPUT_POINTER,
- CSSMERR_CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED =
+ CSSMERR_CSSM_FUNCTION_NOT_IMPLEMENTED =
CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED,
CSSMERR_CSSM_SELF_CHECK_FAILED =
CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_SELF_CHECK_FAILED,
CSSMERR_DL_OS_ACCESS_DENIED =
CSSM_DL_BASE_ERROR + CSSM_ERRCODE_OS_ACCESS_DENIED,
CSSMERR_DL_FUNCTION_FAILED =
- CSSM_DL_BASE_ERROR + CSSM_ERRCODE_FUNCTION_FAILED
+ CSSM_DL_BASE_ERROR + CSSM_ERRCODE_FUNCTION_FAILED,
+ CSSMERR_DL_INVALID_CSP_HANDLE =
+ CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_CSP_HANDLE,
+ CSSMERR_DL_INVALID_DL_HANDLE =
+ CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_DL_HANDLE,
+ CSSMERR_DL_INVALID_CL_HANDLE =
+ CSSM_TP_BASE_ERROR + CSSM_ERRCODE_INVALID_CL_HANDLE,
+ CSSMERR_DL_INVALID_DB_LIST_POINTER =
+ CSSM_DL_BASE_ERROR + CSSM_ERRCODE_INVALID_DB_LIST_POINTER
};
/* DL Error Values Derived from ACL-based Error Codes. */
uint32 NumberOfAttributes;
CSSM_CONTEXT_ATTRIBUTE_PTR ContextAttributes;
CSSM_CSP_HANDLE CSPHandle;
- uint32 Reserved; /* reserved for future use */
- CSSM_BOOL Reserved1; /* reserved for future use */
- uint32 Reserved2; /* reserved for future use */
- uint32 Reserved3; /* reserved for future use */
+ CSSM_BOOL Privileged;
+ uint32 /*CSSM_KR_POLICY_FLAGS*/ EncryptionProhibited;
+ uint32 WorkFactor;
+ uint32 Reserved; /* reserved for future use */
} CSSM_CONTEXT, *CSSM_CONTEXT_PTR;
typedef uint32 CSSM_SC_FLAGS;
ISL_FAIL = -1
} ISL_STATUS;
-typedef void (*ISL_FUNCTION_PTR)(void);
/* Embedded Integrity Services Library Functions */
CSSMOID_DH,
CSSMOID_DSA,
CSSMOID_SHA1WithDSA,
+ CSSMOID_SHA1,
CSSMOID_APPLE_ISIGN,
CSSMOID_APPLE_X509_BASIC,
CSSMOID_APPLE_TP_SSL,
+ CSSMOID_APPLE_TP_LOCAL_CERT_GEN,
+ CSSMOID_APPLE_TP_CSR_GEN,
CSSMOID_APPLE_FEE,
CSSMOID_APPLE_ASC,
CSSMOID_APPLE_FEE_MD5,
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// keyclient
+//
+#include <Security/aclclient.h>
+#include <Security/keychainacl.h>
+#include <Security/walkers.h>
+
+
+namespace Security {
+namespace CssmClient {
+
+
+//
+// AclBearer methods (trivial)
+//
+AclBearer::~AclBearer()
+{ }
+
+
+//
+// Delete an ACL by handle
+//
+void AclBearer::addAcl(const AclEntryInput &input, const CSSM_ACCESS_CREDENTIALS *cred)
+{
+ changeAcl(AclEdit(input), cred);
+}
+
+void AclBearer::changeAcl(CSSM_ACL_HANDLE handle, const AclEntryInput &input,
+ const CSSM_ACCESS_CREDENTIALS *cred)
+{
+ changeAcl(AclEdit(handle, input), cred);
+}
+
+void AclBearer::deleteAcl(CSSM_ACL_HANDLE handle, const CSSM_ACCESS_CREDENTIALS *cred)
+{
+ changeAcl(AclEdit(handle), cred);
+}
+
+void AclBearer::deleteAcl(const char *tag, const CSSM_ACCESS_CREDENTIALS *cred)
+{
+ AutoAclEntryInfoList entries;
+ getAcl(entries, tag);
+ for (uint32 n = 0; n < entries.count(); n++)
+ deleteAcl(entries[n].handle(), cred);
+}
+
+
+//
+// A single global structure containing pseudo-static data
+//
+struct Statics {
+ Statics();
+ CssmAllocator &alloc;
+
+ AutoCredentials nullCred;
+ AutoCredentials promptCred;
+ AutoCredentials unlockCred;
+};
+
+namespace {
+ ModuleNexus<Statics> statics;
+}
+
+
+//
+// Make pseudo-statics.
+// Note: This is an eternal object. It is not currently destroyed
+// if the containing code is unloaded. But then, the containing
+// code is Security.framework, which never unloads anyway.
+//
+Statics::Statics()
+ : alloc(CssmAllocator::standard()),
+ nullCred(alloc, 1),
+ promptCred(alloc, 2),
+ unlockCred(alloc, 1)
+{
+ // nullCred: nothing at all
+ // contains:
+ // an empty THRESHOLD sample to match threshold subjects with "free" subjects
+ nullCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_THRESHOLD);
+
+ // promptCred: a credential permitting user prompt confirmations
+ // contains:
+ // a KEYCHAIN_PROMPT sample, both by itself and in a THRESHOLD
+ promptCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT);
+ promptCred.sample(1) = TypedList(alloc, CSSM_SAMPLE_TYPE_THRESHOLD,
+ new(alloc) ListElement(TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT)));
+
+ // unlockCred: ???
+ unlockCred.sample(0) = TypedList(alloc, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK,
+ new(alloc) ListElement(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT));
+}
+
+
+//
+// Make and break AclFactories
+//
+AclFactory::AclFactory()
+{ }
+
+AclFactory::~AclFactory()
+{ }
+
+
+//
+// Return basic pseudo-static values
+//
+const AccessCredentials *AclFactory::nullCred() const
+{ return &statics().nullCred; }
+
+const AccessCredentials *AclFactory::promptCred() const
+{ return &statics().promptCred; }
+
+const AccessCredentials *AclFactory::unlockCred() const
+{ return &statics().unlockCred; }
+
+
+
+AclFactory::PasswordChangeCredentials::PasswordChangeCredentials (const CssmData& password, CssmAllocator& allocator) :
+ mAllocator (allocator)
+{
+ mCredentials = new (allocator) AutoCredentials (allocator);;
+ mCredentials->sample(0) = TypedList(allocator, CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK, new (allocator) ListElement (CSSM_SAMPLE_TYPE_PASSWORD),
+ new (allocator) ListElement (password));
+}
+
+
+
+AclFactory::PasswordChangeCredentials::~PasswordChangeCredentials ()
+{
+ DataWalkers::chunkFree (mCredentials, mAllocator);
+}
+
+
+
+} // end namespace CssmClient
+} // end namespace Security
#include <Security/cssmaclpod.h>
#include <Security/cssmcred.h>
+#include <Security/refcount.h>
+#include <Security/globalizer.h>
-namespace Security
-{
-
-namespace CssmClient
-{
+namespace Security {
+namespace CssmClient {
class CSP;
+
//
-// AclClient -- abstract interface implemented by objects that can manipulate their acls
+// Any client-side object that has CSSM-layer ACLs shall be
+// derived from AclBearer and implement its methods accordingly.
+// Note the (shared/virtual) RefCount - you should handle AclBearer
+// references via RefPointers.
//
-class AclClient
-{
-public:
+class AclBearer : public virtual RefCount {
+public:
+ virtual ~AclBearer();
+
// Acl manipulation
- virtual void getAcl(const char *selectionTag, AutoAclEntryInfoList &aclInfos) const = 0;
- virtual void changeAcl(const CSSM_ACCESS_CREDENTIALS *accessCred,
- const CSSM_ACL_EDIT &aclEdit) = 0;
+ virtual void getAcl(AutoAclEntryInfoList &aclInfos,
+ const char *selectionTag = NULL) const = 0;
+ virtual void changeAcl(const CSSM_ACL_EDIT &aclEdit,
+ const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
+
+ void addAcl(const AclEntryInput &input, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
+ void changeAcl(CSSM_ACL_HANDLE handle, const AclEntryInput &input,
+ const CSSM_ACCESS_CREDENTIALS *cred = NULL);
+ void deleteAcl(CSSM_ACL_HANDLE handle, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
+ void deleteAcl(const char *tag = NULL, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
// Acl owner manipulation
virtual void getOwner(AutoAclOwnerPrototype &owner) const = 0;
- virtual void changeOwner(const CSSM_ACCESS_CREDENTIALS *accessCred,
- const CSSM_ACL_OWNER_PROTOTYPE &newOwner) = 0;
+ virtual void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
+ const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
+};
+
-#if 0
- // Create a random owner
- static void makeRandomOwner(CSP &csp, AutoAclOwnerPrototype &owner, AutoCredentials &cred);
- void setOwnerAndAcl(const AutoCredentials &cred, const AutoAclOwnerPrototype &newOwner,
- uint32 numEntries, const CSSM_ACL_ENTRY_INFO *entries);
-#endif
+//
+// An AclFactory helps create and maintain CSSM-layer AccessCredentials
+// and matching samples. There is state in an AclFactory, though simple
+// uses may not care about it.
+//
+class AclFactory {
+public:
+ AclFactory();
+ virtual ~AclFactory();
+
+ // these values are owned by the AclFactory and persist
+ // until it is destroyed. You don't own the memory.
+ const AccessCredentials *nullCred() const;
+ const AccessCredentials *promptCred() const;
+ const AccessCredentials *unlockCred() const;
+
+public:
+ // HHS password change credentials are used, amazingly enough, to change passwords...
+ class PasswordChangeCredentials
+ {
+ protected:
+ AutoCredentials* mCredentials;
+ CssmAllocator& mAllocator;
+
+ public:
+ PasswordChangeCredentials (const CssmData& password,
+ CssmAllocator& allocator);
+ ~PasswordChangeCredentials ();
+
+ operator const AccessCredentials* () {return mCredentials;}
+ };
};
} // end namespace CssmClient
-
} // end namespace Security
#endif // _H_CDSA_CLIENT_ACLCLIENT
#include <Security/osxsigning.h>
#include <Security/osxsigner.h>
+#include <Security/trackingallocator.h>
#include "aclsupport.h"
#include "keychainacl.h"
#include <memory>
{
}
-TrustedApplicationImpl::TrustedApplicationImpl(const char *path, const CssmData &comment, bool enabled) : mSignature(CssmAllocator::standard(), calcSignature(path)),
+TrustedApplicationImpl::TrustedApplicationImpl(const char *path, const CssmData &comment, bool enabled) : mSignature(CssmAllocator::standard()),
mComment(CssmAllocator::standard(), comment),
mEnabled(enabled)
{
+ calcSignature(path, mSignature);
}
bool TrustedApplicationImpl::sameSignature(const char *path)
{
// return true if object at given path has same signature
- return (mSignature.get() == calcSignature(path).get());
+ CssmAutoData otherSignature(CssmAllocator::standard());
+ calcSignature(path, otherSignature);
+ return (mSignature.get() == otherSignature);
}
-CssmAutoData TrustedApplicationImpl::calcSignature(const char *path)
+void TrustedApplicationImpl::calcSignature(const char *path, CssmOwnedData &signature)
{
// generate a signature for the given object
- auto_ptr<CodeSigning::OSXCode> objToVerify(CodeSigning::OSXCode::at(path));
+ RefPointer<CodeSigning::OSXCode> objToVerify(CodeSigning::OSXCode::at(path));
CodeSigning::OSXSigner signer;
- auto_ptr<CodeSigning::OSXSigner::OSXSignature> signature(signer.sign(*objToVerify));
-
- return CssmAutoData(CssmAllocator::standard(), signature->data(), signature->length());
+ auto_ptr<CodeSigning::OSXSigner::OSXSignature> osxSignature(signer.sign(*objToVerify));
+ signature.copy(osxSignature->data(), osxSignature->length());
}
// ---------------------------------------------------------------------------
// ---------------------------------------------------------------------------
KeychainACL::KeychainACL(const Key &key) :
- mLabel(CssmAllocator::standard())
+ mLabel(CssmAllocator::standard()), mSelector(CssmAllocator::standard())
{
mKey = key;
initialize();
{
mAnyAllow=false;
mAlwaysAskUser=false;
+
+ CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR defaultSelector
+ = { CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION, 0 };
+ mSelector.copy(&defaultSelector, sizeof(defaultSelector));
AutoAclEntryInfoList aclInfos;
- mKey->getAcl(NULL, aclInfos);
+ mKey->getAcl(aclInfos);
mHandle = CSSM_INVALID_HANDLE;
const AclEntryInfo *theInfo = NULL;
for(uint32 entry=0; entry<aclInfos.size(); entry++)
case CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT:
mAlwaysAskUser=true;
- element = element->next();
- assert(element && element->type() == CSSM_LIST_ELEMENT_DATUM && element->next() == NULL);
- mLabel = element->data();
+ assert(subject.length() == 3);
+ mSelector = subject[1].data();
+ mLabel = subject[2].data();
return;
case CSSM_ACL_SUBJECT_TYPE_THRESHOLD:
// Must be last subList in list.
assert(ix == n - 1);
mAlwaysAskUser=true;
- subElement = subElement->next();
- assert(subElement && subElement->type() == CSSM_LIST_ELEMENT_DATUM && subElement->next() == NULL);
- mLabel = subElement->data();
+ assert(subList.length() == 3);
+ mSelector = subList[1].data();
+ mLabel = subList[2].data();
break;
{
TrackingAllocator allocator(CssmAllocator::standard());
- KeychainAclFactory aclFactory(allocator);
+ // hhs replaced with new aclFactory
+ AclFactory aclFactory;
CssmList &list = *new(allocator) CssmList();
{
CssmList &sublist = *new(allocator) CssmList();
sublist.append(new(allocator) ListElement(CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT));
+ sublist.append(new(allocator) ListElement(mSelector.get()));
sublist.append(new(allocator) ListElement(mLabel.get()));
list.append(new(allocator) ListElement(sublist));
}
CSSM_ACL_AUTHORIZATION_TAG decryptTag = CSSM_ACL_AUTHORIZATION_DECRYPT;
anyDecryptAuthGroup.NumberOfAuthTags = 1;
anyDecryptAuthGroup.AuthTags = &decryptTag;
- const AccessCredentials *promptCred = aclFactory.keychainPromptCredentials();
+ const AccessCredentials *promptCred = aclFactory.promptCred ();
AclEdit edit(mHandle, aclEntry);
- mKey->changeAcl(promptCred, edit);
+ mKey->changeAcl(edit, promptCred);
}
void KeychainACL::anyAllow(bool allow)
void enabled(bool enabled);
bool sameSignature(const char *path); // return true if object at path has same signature
- CssmAutoData calcSignature(const char *path); // generate a signature
+
+protected:
+ void calcSignature(const char *path, CssmOwnedData &signature); // generate a signature
private:
CssmAutoData mSignature;
bool mAlwaysAskUser;
bool mIsCustomACL;
CssmAutoData mLabel;
+ CssmAutoData mSelector;
CSSM_ACL_HANDLE mHandle;
};
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// clclient - client interface to CSSM CLs and their operations
+//
+#include <Security/clclient.h>
+
+using namespace CssmClient;
+
+
+//
+// Manage CL attachments
+//
+CLImpl::CLImpl(const Guid &guid) : AttachmentImpl(guid, CSSM_SERVICE_CL)
+{
+}
+
+CLImpl::CLImpl(const Module &module) : AttachmentImpl(module, CSSM_SERVICE_CL)
+{
+}
+
+CLImpl::~CLImpl()
+{
+}
+
+
+//
+// A BuildCertGroup
+//
+BuildCertGroup::BuildCertGroup(CSSM_CERT_TYPE ctype, CSSM_CERT_ENCODING encoding,
+ CSSM_CERTGROUP_TYPE type, CssmAllocator &alloc)
+ : certificates(NumCerts, GroupList.CertList)
+{
+ clearPod();
+ CertType = ctype;
+ CertEncoding = encoding;
+ CertGroupType = type;
+}
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// clclient - client interface to CSSM CLs and their operations
+//
+#ifndef _H_CDSA_CLIENT_CLCLIENT
+#define _H_CDSA_CLIENT_CLCLIENT 1
+
+#include <Security/cssmclient.h>
+#include <Security/clclient.h>
+#include <Security/cssmcert.h>
+
+
+namespace Security {
+namespace CssmClient {
+
+
+//
+// A CL attachment
+//
+class CLImpl : public AttachmentImpl
+{
+public:
+ CLImpl(const Guid &guid);
+ CLImpl(const Module &module);
+ virtual ~CLImpl();
+
+};
+
+class CL : public Attachment
+{
+public:
+ typedef CLImpl Impl;
+
+ explicit CL(Impl *impl) : Attachment(impl) {}
+ CL(const Guid &guid) : Attachment(new Impl(guid)) {}
+ CL(const Module &module) : Attachment(new Impl(module)) {}
+
+ Impl *operator ->() const { return &impl<Impl>(); }
+ Impl &operator *() const { return impl<Impl>(); }
+};
+
+
+//
+// A self-building CertGroup.
+// This is a CertGroup, but it's NOT A PODWRAPPER (it's larger).
+//
+class BuildCertGroup : public CertGroup {
+public:
+ BuildCertGroup(CSSM_CERT_TYPE ctype, CSSM_CERT_ENCODING encoding,
+ CSSM_CERTGROUP_TYPE type, CssmAllocator &alloc = CssmAllocator::standard());
+
+ CssmVector<CSSM_DATA, CssmData> certificates;
+};
+
+
+} // end namespace CssmClient
+} // end namespace Security
+
+#endif // _H_CDSA_CLIENT_CLCLIENT
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
}
+//
+// Query context operation output sizes.
+//
+uint32 CssmClient::Context::getOutputSize(uint32 inputSize, bool encrypt = true)
+{
+ CSSM_QUERY_SIZE_DATA data;
+ data.SizeInputBlock = inputSize;
+ getOutputSize(data, 1, encrypt);
+ return data.SizeOutputBlock;
+}
+
+void CssmClient::Context::getOutputSize(CSSM_QUERY_SIZE_DATA &sizes, uint32 count, bool encrypt = true)
+{
+ check(CSSM_QuerySize(handle(), encrypt, count, &sizes));
+}
+
+
//
// The override() method of Context is an expert feature. It replaces the entire
// context with a context object provided. It is up to the caller to keep this context
}
+//
+// Manage PassThrough contexts
+//
+
+//
+// Invoke passThrough
+//
+void
+PassThrough::operator() (uint32 passThroughId, const void *inData, void **outData)
+{
+ check(CSSM_CSP_PassThrough(handle(), passThroughId, inData, outData));
+}
+
+void PassThrough::activate()
+{
+ if (!mActive) {
+ check(CSSM_CSP_CreatePassThroughContext(attachment()->handle(), mKey, &mHandle));
+ mActive = true;
+ }
+}
+
+
//
// Manage Digest contexts
//
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
CSPImpl(const Guid &guid);
CSPImpl(const Module &module);
virtual ~CSPImpl();
-
+
// the least inappropriate place for this one
void freeKey(CssmKey &key, const AccessCredentials *cred = NULL, bool permanent = false);
};
public:
CSSM_CC_HANDLE handle() { activate(); return mHandle; }
+
+ uint32 getOutputSize(uint32 inputSize, bool encrypt = true);
+ void getOutputSize(CSSM_QUERY_SIZE_DATA &sizes, uint32 count, bool encrypt = true);
public:
// don't use this section unless you know what you're doing!
{
if (isActive()) {
::Context::Attr attr(type, value);
- check(CSSM_UpdateContextAttributes(handle(), 1, &attr));
+ check(CSSM_UpdateContextAttributes(mHandle, 1, &attr));
}
}
{
if (isActive()) {
::Context::Attr attr(type, value);
- check(CSSM_UpdateContextAttributes(handle(), 1, &attr));
+ check(CSSM_UpdateContextAttributes(mHandle, 1, &attr));
}
}
void add(CSSM_ATTRIBUTE_TYPE type, uint32 value)
{ activate(); set(type, value); }
-
+
protected:
CSSM_ALGORITHMS mAlgorithm; // intended algorithm
CSSM_CC_HANDLE mHandle; // CSSM CC handle
};
+//
+// A PassThough context
+//
+class PassThrough : public Context
+{
+public:
+ PassThrough(const CSP &csp) : Context(csp) { }
+
+public:
+ void operator () (uint32 passThroughId, const void *inData, void **outData);
+
+ const CSSM_KEY *key() const { return mKey; }
+ void key(const CSSM_KEY *k) { mKey = k; set(CSSM_ATTRIBUTE_KEY, k); }
+
+protected:
+ void activate();
+
+protected:
+ const CSSM_KEY *mKey;
+};
+
+
//
// A Digest context
//
}
const char *
-Error::what () const
+Error::what () const throw()
{
return "CSSM client library error";
}
{
// currently, no choices on PVC mode and key hierarchy
CSSM_PVC_MODE pvc = CSSM_PVC_NONE;
- //@@@ should handle PVC_ALREADY... non-error
- check(CSSM_Init(&mVersion, mScope, &mCallerGuid,
- CSSM_KEY_HIERARCHY_NONE, &pvc, NULL));
+ switch (CSSM_RETURN rc = CSSM_Init(&mVersion,
+ mScope, &mCallerGuid,
+ CSSM_KEY_HIERARCHY_NONE, &pvc, NULL)) {
+ case CSSMERR_CSSM_PVC_ALREADY_CONFIGURED:
+ case CSSM_OK:
+ break;
+ default:
+ check(rc);
+ }
mActive = true;
}
}
};
-//
-// A CssmData initialized from a string constant.
-// Note that the trailing null terminator is not part of the Data.
-//
-// @@@ This is obsoleted by CssmPolyData in <cdsa_utilities/cssmdata.h>
-class StringData : public CssmData {
-public:
- StringData(const char *s) : CssmData(const_cast<char *>(s), strlen(s)) { }
- operator char * () const { return CssmData::operator char * (); }
-};
-
-
//
// Exceptions are based on the CssmError utility class. We add our own class of client-side exceptions.
//
public:
Error(int err) : CssmError(err) { }
CSSM_RETURN cssmError() const;
- virtual const char *what () const;
+ virtual const char *what () const throw();
enum {
objectBusy = -1,
};
-//
-// A CssmData bundled up with a data buffer it refers to
-//
-template <size_t size>
-struct DataBuffer : public CssmData {
- unsigned char buffer[size];
- DataBuffer() : CssmData(buffer, size) { }
-};
-
-
//
// The CssmObject abstract class models features common to different Cssm objects.
// It handles a tree hierarchy of objects (parent/children) safely.
void removeChild();
bool isIdle() const { return mChildCount == 0; }
- // {de,}allocate() assume you have locked *this
+ // {de,}activate() assume you have locked *this
virtual void activate() = 0;
virtual void deactivate() = 0;
};
-
-
class Object
{
friend class ObjectImpl;
bool operator !() const { return !mImpl; }
operator bool() const { return mImpl; }
+
+ bool isActive() const { return mImpl && mImpl->isActive(); }
+ CssmAllocator &allocator() const { return mImpl->allocator(); }
bool operator <(const Object &other) const
{ return mImpl && other.mImpl ? *mImpl < *other.mImpl : mImpl < other.mImpl; }
//
-// An Attachment object. This is the parent of all typed attachment classes.
+// An Attachment object. This is the base class of all typed attachment classes.
//
class AttachmentImpl : public ObjectImpl
{
void
DbImpl::deleteDb()
{
+ // Deactivate so the db gets closed if it was open.
+ deactivate();
// This call does not require the receiver to be active.
check(CSSM_DL_DbDelete(dl()->handle(), name(), dbLocation(),
mAccessCredentials));
{
}
+CssmAllocator &
+DbCursorImpl::allocator() const
+{
+ return ObjectImpl::allocator();
+}
+
+void
+DbCursorImpl::allocator(CssmAllocator &alloc)
+{
+ ObjectImpl::allocator(alloc);
+}
+
//
// DbUniqueRecord
DbCursorImpl(const Object &parent, const CSSM_QUERY &query, CssmAllocator &allocator);
DbCursorImpl(const Object &parent, uint32 capacity, CssmAllocator &allocator);
+ virtual CssmAllocator &allocator() const;
+ virtual void allocator(CssmAllocator &alloc);
+
virtual bool next(DbAttributes *attributes, ::CssmDataContainer *data, DbUniqueRecord &uniqueId) = 0;
void abort() { deactivate(); }
};
Db database() const { return parent<Db>(); }
+ void free() { deactivate(); }
+
// Client must call activate() after calling this function if mUniqueId is successfully set.
operator CSSM_DB_UNIQUE_RECORD_PTR *() { if (mActive) free(); return &mUniqueId; }
operator CSSM_DB_UNIQUE_RECORD *() { return mUniqueId; }
operator const CSSM_DB_UNIQUE_RECORD *() const { return mUniqueId; }
- void free() { deactivate(); }
-
void activate();
protected:
}
}
+CssmKeySize
+KeyImpl::sizeInBits() const
+{
+ CssmKeySize size;
+ check(CSSM_QueryKeySizeInBits(csp()->handle(), NULL, this, &size));
+ return size;
+}
+
void
-KeyImpl::getAcl(const char *selectionTag, AutoAclEntryInfoList &aclInfos) const
+KeyImpl::getAcl(AutoAclEntryInfoList &aclInfos, const char *selectionTag) const
{
aclInfos.allocator(allocator());
check(CSSM_GetKeyAcl(csp()->handle(), this, reinterpret_cast<const CSSM_STRING *>(selectionTag), aclInfos, aclInfos));
}
void
-KeyImpl::changeAcl(const CSSM_ACCESS_CREDENTIALS *accessCred,
- const CSSM_ACL_EDIT &aclEdit)
+KeyImpl::changeAcl(const CSSM_ACL_EDIT &aclEdit,
+ const CSSM_ACCESS_CREDENTIALS *accessCred)
{
- check(CSSM_ChangeKeyAcl(csp()->handle(), accessCred, &aclEdit, this));
+ check(CSSM_ChangeKeyAcl(csp()->handle(),
+ AccessCredentials::needed(accessCred), &aclEdit, this));
}
void
}
void
-KeyImpl::changeOwner(const CSSM_ACCESS_CREDENTIALS *accessCred,
- const CSSM_ACL_OWNER_PROTOTYPE &newOwner)
+KeyImpl::changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
+ const CSSM_ACCESS_CREDENTIALS *accessCred)
{
- check(CSSM_ChangeKeyOwner(csp()->handle(), accessCred, this, &newOwner));
+ check(CSSM_ChangeKeyOwner(csp()->handle(),
+ AccessCredentials::needed(accessCred), this, &newOwner));
}
void KeyImpl::activate()
//
// Key
//
-class KeyImpl : public ObjectImpl, public AclClient, public CssmKey
+class KeyImpl : public ObjectImpl, public AclBearer, public CssmKey
{
public:
KeyImpl(const CSP &csp);
CSP csp() const { return parent<CSP>(); }
void deleteKey(const CSSM_ACCESS_CREDENTIALS *cred);
+
+ CssmKeySize sizeInBits() const;
// Acl manipulation
- void getAcl(const char *selectionTag, AutoAclEntryInfoList &aclInfos) const;
- void changeAcl(const CSSM_ACCESS_CREDENTIALS *accessCred,
- const CSSM_ACL_EDIT &aclEdit);
+ void getAcl(AutoAclEntryInfoList &aclInfos, const char *selectionTag = NULL) const;
+ void changeAcl(const CSSM_ACL_EDIT &aclEdit,
+ const CSSM_ACCESS_CREDENTIALS *accessCred);
// Acl owner manipulation
void getOwner(AutoAclOwnerPrototype &owner) const;
- void changeOwner(const CSSM_ACCESS_CREDENTIALS *accessCred,
- const CSSM_ACL_OWNER_PROTOTYPE &newOwner);
+ void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
+ const CSSM_ACCESS_CREDENTIALS *accessCred = NULL);
// Call this after completing the CSSM API call after having called Key::makeNewKey()
void activate();
// Creates an inactive key, client must call activate() after this.
CssmKey *makeNewKey(const CSP &csp) { (*this) = Key(csp); return &(**this); }
+
+ // inquiries
+ CssmKeySize sizeInBits() const { return (*this)->sizeInBits(); }
};
#endif
#include <Security/osxsigner.h>
+#include <Security/cssmdata.h>
#include <Security/debugging.h>
{
Digester digester(*this);
scanContents(digester, target);
- CssmClient::DataBuffer<OSXSignature::hashLength> hash;
+ DataBuffer<OSXSignature::hashLength> hash;
digester(hash);
IFDUMPING("codesign", Debug::dumpData("sign", hash));
return new OSXSignature(hash);
if (const OSXSignature *sig = dynamic_cast<const OSXSignature *>(signature)) {
Digester digester(*this);
scanContents(digester, target);
- CssmClient::DataBuffer<OSXSignature::hashLength> hash;
+ DataBuffer<OSXSignature::hashLength> hash;
digester(hash);
IFDUMPING("codesign", Debug::dumpData("verify", hash));
return (*sig) == hash;
// The OSX standard signer object
//
class OSXSigner : public Signer {
- class OSXSignature;
class Digester; friend class Digester;
public:
+ class OSXSignature;
+
OSXSigner();
OSXSignature *sign(const Signable &target);
bool verify(const Signable &target, const Signature *signature);
#include "securestorage.h"
#include "genkey.h"
-#include "aclsupport.h"
+//#include "aclsupport.h"
+#include <Security/Access.h>
#include <Security/osxsigning.h>
#include <memory>
using namespace CssmClient;
+using namespace KeychainCore;
//
// Manage CSPDL attachments
const CSSM_ACCESS_CREDENTIALS *cred)
{
// Create an encoded dataBlob for this item.
- CssmDataContainer dataBlob;
+ CssmDataContainer dataBlob(allocator());
group->encodeDataBlob(data, cred, dataBlob);
// Insert the record with the new juicy dataBlob.
: KeyImpl(ssDb->csp()), mLabel(ssDb->allocator())
{
if (dataBlob.Length < kLabelSize + kIVSize)
- CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // @@@ Not a SS record
+ CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // Not a SS record
mLabel = CssmData(dataBlob.Data, kLabelSize);
if (*reinterpret_cast<const uint32 *>(mLabel.Data) != kGroupMagic)
- CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // @@@ Not a SS record
+ CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // Not a SS record
// Look up the symmetric key with that label.
DbCursor cursor(new DbDbCursorImpl(ssDb, 0, CssmAllocator::standard()));
DbUniqueRecord keyId;
CssmDataContainer keyData(ssDb->allocator());
if (!cursor->next(NULL, &keyData, keyId))
- CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // @@@ The key is gone
+ CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // The key can't be found
// Set the key part of ourself.
static_cast<CSSM_KEY &>(*this) =
activate();
}
+bool
+SSGroupImpl::isGroup(const CSSM_DATA &dataBlob)
+{
+ return dataBlob.Length >= kLabelSize + kIVSize
+ && *reinterpret_cast<const uint32 *>(dataBlob.Data) == kGroupMagic;
+}
+
const CssmData
SSGroupImpl::label() const
{
throw;
// The user checked to don't ask again checkbox in the rogue app alert. Let's edit the ACL for this key and add the calling application to it.
+#if 1
+ Key key(this); // the underlying key
+ RefPointer<Access> access = new Access(*key); // extract access rights
+ RefPointer<TrustedApplication> thisApp = new TrustedApplication;
+ access->addApplicationToRight(CSSM_ACL_AUTHORIZATION_DECRYPT, thisApp.get()); // add this app
+ access->setAccess(*key, true); // commit
+#else
KeychainACL acl(Key(this));
acl.anyAllow(false);
acl.alwaysAskUser(true);
- auto_ptr<CodeSigning::OSXCode> code(CodeSigning::OSXCode::main());
+ RefPointer<CodeSigning::OSXCode> code(CodeSigning::OSXCode::main());
const char *path = code->canonicalPath().c_str();
CssmData comment(const_cast<char *>(path), strlen(path) + 1);
acl.push_back(TrustedApplication(path, comment));
// Change the acl.
acl.commit();
+#endif
// Retry the decrypt operation.
Decrypt decrypt(csp(), algorithm());
attrs = attributes ? attributes : &noAttrs;
// Get the datablob for this record
- CssmDataContainer dataBlob;
+ CssmDataContainer dataBlob(allocator());
for (;;)
{
if (!DbDbCursorImpl::next(attrs, &dataBlob, uniqueId))
}
}
+ if (!SSGroupImpl::isGroup(dataBlob))
+ {
+ data->Data = dataBlob.Data;
+ data->Length = dataBlob.Length;
+ dataBlob.Data = NULL;
+ dataBlob.Length = 0;
+ return true;
+ }
+
// Get the group for dataBlob
- // @@@ This might fail in which case we should probably not decrypt the
- // data.
SSGroup group(database(), dataBlob);
// Decode the dataBlob, pass in the DL allocator.
{
// Get the datablob for this record
// @@@ Fixme so we don't need to call DbUniqueRecordImpl::get
- CssmDataContainer dataBlob;
+ CssmDataContainer dataBlob(allocator());
DbUniqueRecordImpl::get(NULL, &dataBlob);
- // Get the group for dataBlob
- // @@@ This might fail in which case we should probably not decrypt the
- // data.
- SSGroup group(database(), dataBlob);
-
// @@@ Use transactions.
+ if (SSGroupImpl::isGroup(dataBlob))
+ {
+ // Get the group for dataBlob
+ SSGroup group(database(), dataBlob);
+ // Delete the group
+ // @@@ What if the group is shared?
+ group->deleteKey(cred);
+ }
+
// Delete the record.
DbUniqueRecordImpl::deleteRecord();
- // Delete the group
- // @@@ What if the group is shared?
- group->deleteKey(cred);
}
void
return;
}
- // Get the datablob for this record @@@ Fixme so we don't need to call
- // DbUniqueRecordImpl::get
- CssmDataContainer oldDataBlob;
+ // Get the datablob for this record
+ // @@@ Fixme so we don't need to call DbUniqueRecordImpl::get
+ CssmDataContainer oldDataBlob(allocator());
DbUniqueRecordImpl::get(NULL, &oldDataBlob);
+ if (!SSGroupImpl::isGroup(oldDataBlob))
+ {
+ DbUniqueRecordImpl::modify(recordType, attributes, data, modifyMode);
+ return;
+ }
+
// Get the group for oldDataBlob
- // @@@ This might fail in which case we should probably not decrypt the
- // data.
SSGroup group(database(), oldDataBlob);
// Create a new dataBlob.
- CssmDataContainer dataBlob;
+ CssmDataContainer dataBlob(allocator());
group->encodeDataBlob(data, cred, dataBlob);
DbUniqueRecordImpl::modify(recordType, attributes, &dataBlob, modifyMode);
}
return;
}
- // Get the datablob for this record @@@ Fixme so we don't need to call
- // DbUniqueRecordImpl::get
- CssmDataContainer dataBlob;
+ // Get the datablob for this record
+ // @@@ Fixme so we don't need to call DbUniqueRecordImpl::get
+ CssmDataContainer dataBlob(allocator());
DbUniqueRecordImpl::get(attributes, &dataBlob);
+ if (!SSGroupImpl::isGroup(dataBlob))
+ {
+ data->Data = dataBlob.Data;
+ data->Length = dataBlob.Length;
+ dataBlob.Data = NULL;
+ dataBlob.Length = 0;
+ return;
+ }
+
// Get the group for dataBlob
- // @@@ This might fail in which case we should probably not decrypt the
- // data.
SSGroup group(database(), dataBlob);
// Decode the dataBlob, pass in the DL allocator.
{
// Get the datablob for this record
// @@@ Fixme so we don't need to call DbUniqueRecordImpl::get
- CssmDataContainer dataBlob;
+ CssmDataContainer dataBlob(allocator());
DbUniqueRecordImpl::get(NULL, &dataBlob);
return SSGroup(database(), dataBlob);
}
//template <class _Impl> _Impl &impl() const
//{ return CSP::impl<_Impl>(); }
+ Impl *get() const { return &CSP::impl<Impl>(); }
Impl *operator ->() const { return &CSP::impl<Impl>(); }
Impl &operator *() const { return CSP::impl<Impl>(); }
// Conversion operators must be here
- bool operator !() const { return !&**this; }
- operator bool() const { return &**this; }
+ bool operator !() const { return !get(); }
+ operator bool() const { return get(); }
bool operator <(const CSPDL &other) const
- { return *this && other ? **this < *other : &**this < &*other; }
+ { return *this && other ? **this < *other : get() < other.get(); }
bool operator ==(const CSPDL &other) const
- { return *this && other ? **this == *other : &**this == &*other; }
+ { return *this && other ? **this == *other : get() == other.get(); }
};
SSGroupImpl(const SSDb &ssDb,
const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry);
+ static bool isGroup(const CSSM_DATA &dataBlob);
+
const CssmData label() const;
void decodeDataBlob(const CSSM_DATA &dataBlob,
const CSSM_ACCESS_CREDENTIALS *cred,
SigningContext(const CSP &csp, CSSM_ALGORITHMS alg, CSSM_ALGORITHMS signOnly = CSSM_ALGID_NONE)
: Context(csp, alg), mSignOnly(signOnly) { }
- // preliminary interface
Key key() const { assert(mKey); return mKey; }
void key(const Key &k) { mKey = k; set(CSSM_ATTRIBUTE_KEY, mKey); }
+
+ CSSM_ALGORITHMS signOnlyAlgorithm() const { return mSignOnly; }
+ void signOnlyAlgorithm(CSSM_ALGORITHMS alg) { mSignOnly = alg; }
protected:
void activate();
class Sign : public SigningContext
{
public:
- Sign(const CSP &csp, CSSM_ALGORITHMS alg) : SigningContext(csp, alg) { }
+ Sign(const CSP &csp, CSSM_ALGORITHMS alg, CSSM_ALGORITHMS signOnly = CSSM_ALGID_NONE)
+ : SigningContext(csp, alg, signOnly) { }
// integrated
void sign(const CssmData &data, CssmData &signature) { sign(&data, 1, signature); }
class Verify : public SigningContext
{
public:
- Verify(const CSP &csp, CSSM_ALGORITHMS alg) : SigningContext(csp, alg) { }
+ Verify(const CSP &csp, CSSM_ALGORITHMS alg, CSSM_ALGORITHMS verifyOnly = CSSM_ALGID_NONE)
+ : SigningContext(csp, alg, verifyOnly) { }
// integrated
void verify(const CssmData &data, const CssmData &signature) { verify(&data, 1, signature); }
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// tpclient - client interface to CSSM TPs and their operations
+//
+#include <Security/tpclient.h>
+
+namespace Security {
+namespace CssmClient {
+
+
+//
+// Manage TP attachments
+//
+TPImpl::TPImpl(const Guid &guid)
+ : AttachmentImpl(guid, CSSM_SERVICE_TP), mUseCL(NULL), mUseCSP(NULL),
+ mOwnCL(false), mOwnCSP(false)
+{
+}
+
+TPImpl::TPImpl(const Module &module)
+ : AttachmentImpl(module, CSSM_SERVICE_TP), mUseCL(NULL), mUseCSP(NULL),
+ mOwnCL(false), mOwnCSP(false)
+{
+}
+
+TPImpl::~TPImpl()
+{
+ if (mOwnCL)
+ delete mUseCL;
+ if (mOwnCSP)
+ delete mUseCSP;
+}
+
+
+//
+// Verify a CertGroup
+//
+void TPImpl::certGroupVerify(const CertGroup &certGroup,
+ const TPVerifyContext &context,
+ TPVerifyResult *result)
+{
+ setupCL();
+ setupCSP();
+ check(CSSM_TP_CertGroupVerify(handle(), (*mUseCL)->handle(), (*mUseCSP)->handle(),
+ &certGroup, &context, result));
+}
+
+
+//
+// Initialize auxiliary modules for operation
+//
+void TPImpl::setupCL()
+{
+ if (mUseCL == NULL) {
+ debug("tpclient", "TP is auto-attaching supporting CL");
+ mUseCL = new CL(gGuidAppleX509CL);
+ mOwnCL = true;
+ }
+}
+
+void TPImpl::setupCSP()
+{
+ if (mUseCSP == NULL) {
+ debug("tpclient", "TP is auto-attaching supporting CSP");
+ mUseCSP = new CSP(gGuidAppleCSP);
+ mOwnCSP = true;
+ }
+}
+
+void TPImpl::use(CL &cl)
+{
+ if (mOwnCL)
+ delete mUseCL;
+ mUseCL = &cl;
+ mOwnCL = false;
+}
+
+void TPImpl::use(CSP &csp)
+{
+ if (mOwnCSP)
+ delete mUseCSP;
+ mUseCSP = &csp;
+ mOwnCSP = false;
+}
+
+CL &TPImpl::usedCL()
+{
+ setupCL();
+ return *mUseCL;
+}
+
+CSP &TPImpl::usedCSP()
+{
+ setupCSP();
+ return *mUseCSP;
+}
+
+
+//
+// A TPBuildVerifyContext
+//
+TPBuildVerifyContext::TPBuildVerifyContext(CSSM_TP_ACTION action, CssmAllocator &alloc)
+ : allocator(alloc)
+{
+ // clear out the PODs
+ clearPod();
+ mCallerAuth.clearPod();
+ mDlDbList.clearPod();
+
+ // set initial elements
+ Action = action;
+ callerAuthPtr(&mCallerAuth);
+ mCallerAuth.dlDbList() = &mDlDbList;
+}
+
+
+} // end namespace CssmClient
+} // end namespace Security
+
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// tpclient - client interface to CSSM TPs and their operations
+//
+#ifndef _H_CDSA_CLIENT_TPCLIENT
+#define _H_CDSA_CLIENT_TPCLIENT 1
+
+#include <Security/cssmclient.h>
+#include <Security/clclient.h>
+#include <Security/cspclient.h>
+#include <Security/cssmtrust.h>
+#include <Security/cssmalloc.h>
+#include <Security/cssmdata.h>
+
+
+namespace Security {
+namespace CssmClient {
+
+
+//
+// A TP attachment
+//
+class TPImpl : public AttachmentImpl
+{
+public:
+ TPImpl(const Guid &guid);
+ TPImpl(const Module &module);
+ virtual ~TPImpl();
+
+public:
+ // the CL and CSP used with many TP operations is usually
+ // pretty stable. The system may even figure them out
+ // automatically in the future.
+ void use(CL &cl);
+ void use(CSP &csp);
+ CL &usedCL();
+ CSP &usedCSP();
+
+public:
+ void certGroupVerify(const CertGroup &certGroup, const TPVerifyContext &context,
+ TPVerifyResult *result);
+
+private:
+ void setupCL(); // setup mUseCL
+ void setupCSP(); // setup mUseCSP
+
+private:
+ CL *mUseCL; // use this CL for TP operation
+ CSP *mUseCSP; // use this CSP for TP operation
+ bool mOwnCL, mOwnCSP; // whether we've made our own
+};
+
+
+class TP : public Attachment
+{
+public:
+ typedef TPImpl Impl;
+
+ explicit TP(Impl *impl) : Attachment(impl) {}
+ TP(const Guid &guid) : Attachment(new Impl(guid)) {}
+ TP(const Module &module) : Attachment(new Impl(module)) {}
+
+ Impl *operator ->() const { return &impl<Impl>(); }
+ Impl &operator *() const { return impl<Impl>(); }
+};
+
+
+//
+// A self-building TPVerifyContext.
+// This is a TPVerifyContext, but it's NOT A PODWRAPPER (it's larger).
+//
+// NOTE: This is not a client-side object.
+//
+class TPBuildVerifyContext : public TPVerifyContext {
+public:
+ TPBuildVerifyContext(CSSM_TP_ACTION action = CSSM_TP_ACTION_DEFAULT,
+ CssmAllocator &alloc = CssmAllocator::standard());
+
+ CssmAllocator &allocator;
+
+private:
+ TPCallerAuth mCallerAuth;
+ PolicyInfo mPolicyInfo;
+ CssmDlDbList mDlDbList;
+};
+
+
+} // end namespace CssmClient
+} // end namespace Security
+
+#endif // _H_CDSA_CLIENT_CLCLIENT
//
// Internal utilities
//
-inline CssmData CSPFullPluginSession::makeBuffer(size_t size, CssmAllocator &alloc)
+CssmData CSPFullPluginSession::makeBuffer(size_t size, CssmAllocator &alloc)
{
return CssmData(alloc.malloc(size), size);
}
void CSPFullPluginSession::DigestDataClone(CSSM_CC_HANDLE ccHandle,
CSSM_CC_HANDLE clonedCCHandle)
{
- setContext(clonedCCHandle, getStagedContext(ccHandle, CSSM_ALGCLASS_DIGEST)->clone(*this));
+ CSPContext *cloned = getStagedContext(ccHandle, CSSM_ALGCLASS_DIGEST)->clone(*this);
+ cloned->mDirection = true;
+ cloned->mType = CSSM_ALGCLASS_DIGEST;
+ setContext(clonedCCHandle, cloned);
}
// to explain here; refer to the accompanying documentation.
//
class CSPFullPluginSession : public CSPPluginSession {
+public:
class CSPContext;
class AlgorithmFactory;
-public:
+
CSPFullPluginSession(CSSM_MODULE_HANDLE theHandle,
CssmPlugin &plug,
const CSSM_VERSION &version,
//
// Implement CssmAllocator methods from the PluginSession side
//
-void *DLPluginSession::malloc(size_t size)
+void *DLPluginSession::malloc(size_t size) throw(std::bad_alloc)
{ return PluginSession::malloc(size); }
-void DLPluginSession::free(void *addr)
+void DLPluginSession::free(void *addr) throw()
{ return PluginSession::free(addr); }
-void *DLPluginSession::realloc(void *addr, size_t size)
+void *DLPluginSession::realloc(void *addr, size_t size) throw(std::bad_alloc)
{ return PluginSession::realloc(addr, size); }
CSSM_ATTACH_FLAGS attachFlags,
const CSSM_UPCALLS &upcalls,
DatabaseManager &databaseManager);
-
- void *malloc(size_t size);
- void free(void *addr);
- void *realloc(void *addr, size_t size);
+
+ void *malloc(size_t size) throw(std::bad_alloc);
+ void free(void *addr) throw();
+ void *realloc(void *addr, size_t size) throw(std::bad_alloc);
protected:
CSSM_MODULE_FUNCS_PTR construct();
#include <Security/c++plugin.h>
#include <Security/globalizer.h>
#include <Security/callback.h>
-#include <hash_map>
#include <set>
+#if __GNUC__ > 2
+#include <ext/hash_map>
+using __gnu_cxx::hash_map;
+#else
+#include <hash_map>
+#endif
+
namespace Security
{
"CL" => "cssmcli.h", "TP" => "cssmtpi.h");
$SOURCEDIR=$ARGV[0]; # where all the input files are
-$HTARGETDIR=$ARGV[1]; # where the generated headers go
-$CTARGETDIR=$ARGV[2]; # where the generated sources go
+$APICFG=$ARGV[1]; # configuration file
+$HTARGETDIR=$ARGV[2]; # where the generated headers go
+$CTARGETDIR=$ARGV[3]; # where the generated sources go
-(${D}) = $HTARGETDIR =~ m@([/:])@; # guess directory delimiter
-sub macintosh() { return ${D} eq ':'; }
-
-# XXX The configuration file should be passed in as a command line argument
-if( macintosh() ) {
-$APICFG=":::cdsa:cdsa_pluginlib:generator.cfg"; # configuration file
-}
- else{
- $APICFG="generator.cfg"; # configuration file
- }
$tabs = "\t\t\t"; # argument indentation (noncritical)
$warning = "This file was automatically generated. Do not edit on penalty of futility!";
open(APICFG, $APICFG) or die "Cannot open $APICFG: $^E";
$_=<APICFG>;
close(APICFG);
-tr/\012/\015/ if macintosh;
%optionals = /^\s*optional\s+(\w+)\s+(.*)$/gm;
($typelower = $type) =~ tr/A-Z/a-z/; # lowercase version of type
# start in on the $type header file
- open(SPI, "$SOURCEDIR${D}$header") or die "cannot open $SOURCEDIR${D}$header: $^E";
+ open(SPI, "$SOURCEDIR/$header") or die "cannot open $SOURCEDIR/$header: $^E";
$/=undef; # big gulp mode
$_ = <SPI>; # aaaaah...
close(SPI); # done
- tr/\012/\015/ if macintosh;
# throw away leading and trailing crud (only interested in SPI structure)
s/^.*struct cssm_spi.*{(.*)} CSSM_SPI.*$/$1/s
or die "bad format in $SPI_H{$name}";
#
# Prepare to write header and source files
#
- open(H, ">$HTARGETDIR${D}${type}abstractsession.h") or die "cannot write ${type}abstractsession.h: $^E";
- open(C, ">$CTARGETDIR${D}${type}abstractsession.cpp") or die "cannot write ${type}abstractsession.cpp: $^E";
+ open(H, ">$HTARGETDIR/${type}abstractsession.h") or die "cannot write ${type}abstractsession.h: $^E";
+ open(C, ">$CTARGETDIR/${type}abstractsession.cpp") or die "cannot write ${type}abstractsession.cpp: $^E";
#
# Create header file
//
// Allocation management
//
-void *PluginSession::malloc(size_t size)
+void *PluginSession::malloc(size_t size) throw(std::bad_alloc)
{
if (void *addr = upcalls.malloc_func(handle(), size))
return addr;
CssmError::throwMe(CSSM_ERRCODE_MEMORY_ERROR);
}
-void *PluginSession::realloc(void *oldAddr, size_t size)
+void *PluginSession::realloc(void *oldAddr, size_t size) throw(std::bad_alloc)
{
if (void *addr = upcalls.realloc_func(handle(), oldAddr, size))
return addr;
public:
// implement CssmHeap::Allocator
- void *malloc(size_t size);
- void *realloc(void *addr, size_t size);
- void free(void *addr) { upcalls.free_func(handle(), addr); }
+ void *malloc(size_t size) throw(std::bad_alloc);
+ void *realloc(void *addr, size_t size) throw(std::bad_alloc);
+ void free(void *addr) throw() { upcalls.free_func(handle(), addr); }
const CSSM_VERSION &version() const { return mVersion; }
uint32 subserviceId() const { return mSubserviceId; }
#include <Security/DbContext.h>
#include <Security/cssmdb.h>
#include <Security/cssmapple.h>
+#include <Security/trackingallocator.h>
#include <fcntl.h>
#include <memory>
uint32 aRelationId = aRecordData[0];
// Skip the schema relations for the meta tables themselves.
+ // FIXME: this hard-wires the meta-table relation IDs to be
+ // within {CSSM_DB_RECORDTYPE_SCHEMA_START...
+ // CSSM_DB_RECORDTYPE_SCHEMA_END} (which is {0..4}).
+ // Bogus - the MDS schema relation IDs start at
+ // CSSM_DB_RELATIONID_MDS_START which is 0x40000000.
+ // Ref. Radar 2817921.
if (CSSM_DB_RECORDTYPE_SCHEMA_START <= aRelationId && aRelationId < CSSM_DB_RECORDTYPE_SCHEMA_END)
continue;
rollback(); // XXX Requires write lock. Also if autoCommit was disabled
// this will incorrectly cause the performDelete to throw CSSMERR_DB_DOES_NOT_EXIST.
StLock<Mutex> _(mDbVersionLock);
+
+ // Clean up mModifiedTableMap in case this object gets reused again for
+ // a new create.
+ for_each_map_delete(mModifiedTableMap.begin(), mModifiedTableMap.end());
+ mModifiedTableMap.clear();
+
mDbVersion = NULL;
mAtomicFile.performDelete();
}
return;
try
{
- WriteSection aHeaderSection(CssmAllocator::standard(), HeaderSize);
+ WriteSection aHeaderSection(CssmAllocator::standard(), size_t(HeaderSize));
// Set aHeaderSection to the correct size.
aHeaderSection.size(HeaderSize);
if (!aCursor->next(aTableId, inoutAttributes, inoutData,
inDbContext.mDatabaseSession, aRecordId))
// return a NULL handle, and implicitly delete the cursor
- return NULL;
+ return CSSM_INVALID_HANDLE;
outUniqueRecord = createUniqueRecord(inDbContext, aTableId, aRecordId);
return aCursor.release()->handle(); // We didn't throw so keep the Cursor around.
//#include <err.h>
#include <locale.h>
#include <stdlib.h>
-#include <string.h>
+#include <cstring>
+#include <sys/param.h>
#elif _USE_IO == _USE_IO_MACOS
typedef SInt32 ssize_t;
// If we never had or no longer have an open read file. Open it now.
if (mReadFile == nil)
{
- mReadFile = new OpenFile(mReadFilename, false, false, 0);
+ mReadFile = new OpenFile(mReadFilename, false, false, 0, 0);
mOpenFileMap.insert(OpenFileMap::value_type(mReadFile->versionId(), mReadFile));
}
- // Note that mReadFile->isDirty() might actually return true here, but all that mean is
+ // Note that mReadFile->isDirty() might actually return true here, but all that means is
// that we are looking at data that was commited after we opened the file which might
// happen in a few miliseconds anyway.
// XXX This is a potential infinite loop.
for (;;)
{
- aReadFile = new OpenFile(mReadFilename, true, true, 0);
+ aReadFile = new OpenFile(mReadFilename, true, true, 0, 0);
if (!aReadFile->isDirty())
break;
StLock<Mutex> _(mReadLock);
// Create mReadFilename until the lock has been aquired on a non-dirty file.
- aReadFile = new OpenFile(mReadFilename, false, true, 1);
+ aReadFile = new OpenFile(mReadFilename, false, true, 1, 0666);
// Open mWriteFile for writing.
- mWriteFile = new OpenFile(mWriteFilename, true, false, aReadFile->versionId() + 1);
+ mWriteFile = new OpenFile(mWriteFilename, true, false, aReadFile->versionId() + 1, 0666);
// Insert aReadFile into the map (do this after opening mWriteFile just in case that throws).
mOpenFileMap.insert(OpenFileMap::value_type(-1, aReadFile));
// XXX This is a potential infinite loop.
for (;;)
{
- aReadFile = new OpenFile(mReadFilename, true, true, 0);
+ aReadFile = new OpenFile(mReadFilename, true, true, 0, 0);
if (!aReadFile->isDirty())
break;
StLock<Mutex> _(mReadLock);
// Open mWriteFile for writing.
- mWriteFile = new OpenFile(mWriteFilename, true, false, aReadFile->versionId() + 1);
+ mWriteFile = new OpenFile(mWriteFilename, true, false, aReadFile->versionId() + 1, aReadFile->mode());
// Insert aReadFile into the map (do this after opening mWriteFile just in case that throws).
mOpenFileMap.insert(OpenFileMap::value_type(-1, aReadFile));
// AtomicFile::OpenFile implementation
-AtomicFile::OpenFile::OpenFile(const string &inFilename, bool write, bool lock, VersionId inVersionId) :
+AtomicFile::OpenFile::OpenFile(const string &inFilename, bool write, bool lock, VersionId inVersionId, mode_t mode) :
mUseCount(0),
mVersionId(inVersionId),
mAddress(NULL),
mLength(0)
{
- int flags, mode = 0;
+ int flags;
if (write && lock)
{
flags = O_RDWR;
else if (write && !lock)
{
flags = O_WRONLY|O_CREAT|O_TRUNC;
- mode = 0666;
mState = Write;
}
else if (!write && lock)
{
flags = O_WRONLY|O_CREAT|O_TRUNC|O_EXCL;
- mode = 0666;
mState = Create;
}
else
#endif
}
+mode_t
+AtomicFile::OpenFile::mode()
+{
+ struct stat st;
+ if (::fstat(mFileRef, &st) == -1)
+ UnixError::throwMe(errno);
+ return st.st_mode;
+}
+
+
AtomicFile::VersionId
AtomicFile::OpenFile::readVersionId()
{
void
AtomicFile::OpenFile::mkpath(const std::string &inFilename)
{
- char *path = const_cast<char *>(inFilename.c_str()); // @@@ Const_cast is a lie!!!
+ const char *path = inFilename.c_str();
struct stat sb;
- char *slash;
- mode_t dir_mode = (0777 & ~umask(0)) | S_IWUSR | S_IXUSR;
-
- slash = path;
+ char dirPath[MAXPATHLEN];
+ size_t slash = 0;
for (;;)
{
- slash += strspn(slash, "/");
- slash += strcspn(slash, "/");
+ slash += strspn(path + slash, "/");
+ slash += strcspn(path + slash, "/");
- if (*slash == '\0')
+ if (path[slash] == '\0')
break;
- *slash = '\0';
+ if (slash >= MAXPATHLEN)
+ UnixError::throwMe(ENAMETOOLONG);
+ strncpy(dirPath, path, slash);
+ dirPath[slash] = '\0';
- if (stat(path, &sb))
+ if (stat(dirPath, &sb))
{
- if (errno != ENOENT || mkdir(path, dir_mode))
- UnixError::throwMe(errno);
- /* The mkdir() and umask() calls both honor only the low
- nine bits, so if you try to set a mode including the
- sticky, setuid, setgid bits you lose them. So chmod(). */
- if (chmod(path, dir_mode) == -1)
+ if (errno != ENOENT || mkdir(dirPath, 0777))
UnixError::throwMe(errno);
}
else if (!S_ISDIR(sb.st_mode))
CssmError::throwMe(CSSM_ERRCODE_OS_ACCESS_DENIED); // @@@ Should be is a directory
-
- *slash = '/';
}
}
class OpenFile
{
public:
- OpenFile(const std::string &inFilename, bool write, bool lock, VersionId inVersionId);
+ OpenFile(const std::string &inFilename, bool write, bool lock, VersionId inVersionId, mode_t mode);
~OpenFile();
void close();
void lock();
void unlock();
+ // Return the mode bits of the file
+ mode_t mode();
+
int mUseCount;
FileRef mFileRef;
private:
DatabaseManager::removeIfUnused(Database &inDatabase)
{
StLock<Mutex> _(mDatabaseMapLock);
- if (!inDatabase.hasDbContexts())
+ if (!inDatabase.hasDbContexts()) {
mDatabaseMap.erase(inDatabase.mDbName);
+ delete &inDatabase;
+ }
}
DbContext &
#include <Security/Database.h>
#include <Security/DbContext.h>
#include <memory>
+#include <Security/debugging.h>
+
+/* log open/close events */
+#define DOCDebug(args...) debug("DBOpen", ## args)
+
using namespace std;
const void *inOpenParameters,
CSSM_DB_HANDLE &outDbHandle)
{
+ DOCDebug("DatabaseSession::DbOpen: dbName %s", inDbName);
outDbHandle = CSSM_INVALID_HANDLE; // CDSA 2.0 says to set this if we fail
outDbHandle = insertDbContext(mDatabaseManager.dbOpen(*this,
DbName(inDbName, CssmNetAddress::optional(inDbLocation)),
DatabaseSession::DbClose(CSSM_DB_HANDLE inDbHandle)
{
StLock<Mutex> _(mDbContextMapLock);
+ DOCDebug("DatabaseSession::Close");
DbContextMap::iterator it = mDbContextMap.find(inDbHandle);
if (it == mDbContextMap.end())
CssmError::throwMe(CSSM_ERRCODE_INVALID_DB_HANDLE);
DatabaseSession(DatabaseManager &inDatabaseManager);
virtual ~DatabaseSession();
- void GetDbNames(CSSM_NAME_LIST_PTR &NameList);
- void FreeNameList(CSSM_NAME_LIST &NameList);
+ virtual void GetDbNames(CSSM_NAME_LIST_PTR &NameList);
+ virtual void FreeNameList(CSSM_NAME_LIST &NameList);
void DbDelete(const char *DbName,
const CSSM_NET_ADDRESS *DbLocation,
const AccessCredentials *AccessCred);
const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
const void *OpenParameters,
CSSM_DB_HANDLE &DbHandle);
- void DbOpen(const char *DbName,
+ virtual void DbOpen(const char *DbName,
const CSSM_NET_ADDRESS *DbLocation,
CSSM_DB_ACCESS_TYPE AccessRequest,
const AccessCredentials *AccessCred,
public:
DbQueryKey(const DbConstIndex &index);
- static const uint32 kQueryValue = 0;
+ enum { kQueryValue = 0 };
private:
WriteSection mKeyData;
//
#include "DbValue.h"
+#include <ctype.h>
//
// DbValue
BigNumValue::compare(const uint8 *a, const uint8 *b, int length)
{
for (int diff, i = length - 1; i >= 1; i--)
- if (diff = a[i] - b[i])
+ if ((diff = a[i] - b[i]))
return diff;
// for the last (i.e. first) byte, mask out the sign bit
{
T value(rs, offset);
data.Length = value.size();
- data.Data = reinterpret_cast<uint8 *>(allocator.malloc(data.Length));
- memcpy(data.Data, value.bytes(), data.Length);
+
+ if (data.Length != 0)
+ {
+ data.Data = reinterpret_cast<uint8 *>(allocator.malloc(data.Length));
+ memcpy(data.Data, value.bytes(), data.Length);
+ }
+ else
+ {
+ data.Data = NULL;
+ }
}
void skipValue(const ReadSection &rs, uint32 &offset) const
//
#include "MetaRecord.h"
+#include <Security/trackingallocator.h>
MetaRecord::MetaRecord(CSSM_DB_RECORDTYPE inRecordType) :
mRecordType(inRecordType)
// Return the index (0 though NumAttributes - 1) of the attribute
// represented by inAttributeInfo
+
+#ifndef NDEBUG
+#define LOG_NAME_AS_STRING_FAIL
+#endif
uint32
MetaRecord::attributeIndex(const CSSM_DB_ATTRIBUTE_INFO &inAttributeInfo) const
{
case CSSM_DB_ATTRIBUTE_NAME_AS_STRING:
{
string aName(inAttributeInfo.Label.AttributeName);
+ assert(aName.size() < 500); // MDS leak debug
NameStringMap::const_iterator it = mNameStringMap.find(aName);
- if (it == mNameStringMap.end())
+ if (it == mNameStringMap.end()) {
+ #ifdef LOG_NAME_AS_STRING_FAIL
+ printf("NAME_AS_STRING failure; attrName %s\n",
+ inAttributeInfo.Label.AttributeName);
+ for(it = mNameStringMap.begin();
+ it != mNameStringMap.end();
+ it++) {
+ printf("name %s val %ul\n", it->first.c_str(), it->second);
+ }
+ #endif
CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME);
+ }
anIndex = it->second;
break;
}
// XXX Should be replaced by Atom::Vector
class ReadSection
{
+protected:
+ ReadSection(uint8 *inAddress, size_t inLength) : mAddress(inAddress), mLength(inLength) {}
public:
ReadSection() : mAddress(NULL), mLength(0) {}
ReadSection(const uint8 *inAddress, size_t inLength) :
static uint32 align(uint32 offset) { return (offset + AtomSize - 1) & ~(AtomSize - 1); }
protected:
- ReadSection(uint8 *inAddress, size_t inLength) : mAddress(inAddress), mLength(inLength) {}
uint8 *mAddress;
size_t mLength;
};
~WriteSection() { mAllocator.free(mAddress); }
+private:
+ void grow(size_t inNewCapacity)
+ {
+ size_t aNewCapacity = max(mCapacity * 2, inNewCapacity);
+ mAddress = reinterpret_cast<uint8 *>(mAllocator.realloc(mAddress, aNewCapacity));
+ memset(mAddress + mCapacity, 0, aNewCapacity - mCapacity);
+ mCapacity = aNewCapacity;
+ }
+
+public:
#if BUG_GCC
uint32 size() const { return ReadSection::size(); }
#else
}
private:
- void grow(size_t inNewCapacity)
- {
- size_t aNewCapacity = max(mCapacity * 2, inNewCapacity);
- mAddress = reinterpret_cast<uint8 *>(mAllocator.realloc(mAddress, aNewCapacity));
- memset(mAddress + mCapacity, 0, aNewCapacity - mCapacity);
- mCapacity = aNewCapacity;
- }
-
CssmAllocator &mAllocator;
size_t mCapacity;
};
return new AnyAclSubject();
}
-AnyAclSubject *AnyAclSubject::Maker::make(Reader &, Reader &) const
+AnyAclSubject *AnyAclSubject::Maker::make(Version, Reader &, Reader &) const
{
return new AnyAclSubject();
}
public:
Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_ANY) { }
AnyAclSubject *make(const TypedList &list) const;
- AnyAclSubject *make(Reader &pub, Reader &priv) const;
+ AnyAclSubject *make(Version, Reader &pub, Reader &priv) const;
};
};
}
}
-CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(Reader &pub, Reader &priv) const
+CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(Version version,
+ Reader &pub, Reader &priv) const
{
+ assert(version == 0);
CssmAllocator &alloc = CssmAllocator::standard();
uint32 sigType; pub(sigType);
const void *data; uint32 length; pub.countedData(data, length);
Maker(Signer &sgn)
: AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE), signer(sgn) { }
CodeSignatureAclSubject *make(const TypedList &list) const;
- CodeSignatureAclSubject *make(Reader &pub, Reader &priv) const;
+ CodeSignatureAclSubject *make(Version version, Reader &pub, Reader &priv) const;
Signer &signer;
};
return new CommentAclSubject(comment, commentSize);
}
-CommentAclSubject *CommentAclSubject::Maker::make(Reader &pub, Reader &) const
+CommentAclSubject *CommentAclSubject::Maker::make(Version, Reader &pub, Reader &) const
{
CSSM_LIST *base; pub(base); // get original pointer base
const void *data; uint32 length; pub.countedData(data, length); // data blob
public:
Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_COMMENT) { }
CommentAclSubject *make(const TypedList &list) const;
- CommentAclSubject *make(Reader &pub, Reader &priv) const;
+ CommentAclSubject *make(Version, Reader &pub, Reader &priv) const;
};
private:
return new PasswordAclSubject(CssmAllocator::standard(CssmAllocator::sensitive), *password);
}
-PasswordAclSubject *PasswordAclSubject::Maker::make(Reader &pub, Reader &priv) const
+PasswordAclSubject *PasswordAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const
{
CssmAllocator &alloc = CssmAllocator::standard(CssmAllocator::sensitive);
const void *data; uint32 length; priv.countedData(data, length);
public:
Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_PASSWORD) { }
PasswordAclSubject *make(const TypedList &list) const;
- PasswordAclSubject *make(Reader &pub, Reader &priv) const;
+ PasswordAclSubject *make(Version, Reader &pub, Reader &priv) const;
};
private:
return new ProcessAclSubject(selector);
}
-ProcessAclSubject *ProcessAclSubject::Maker::make(Reader &pub, Reader &priv) const
+ProcessAclSubject *ProcessAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const
{
AclProcessSubjectSelector selector; pub(selector);
return new ProcessAclSubject(selector);
public:
Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_PROCESS) { }
ProcessAclSubject *make(const TypedList &list) const;
- ProcessAclSubject *make(Reader &pub, Reader &priv) const;
+ ProcessAclSubject *make(Version, Reader &pub, Reader &priv) const;
};
private:
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// acl_protectedpw - protected-path password-based ACL subject types.
+//
+#ifdef __MWERKS__
+#define _CPP_ACL_PASSWORD
+#endif
+
+#include <Security/acl_protectedpw.h>
+#include <Security/debugging.h>
+#include <algorithm>
+
+
+//
+// Construct a password ACL subject
+//
+ProtectedPasswordAclSubject::ProtectedPasswordAclSubject(CssmAllocator &alloc, const CssmData &password)
+ : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD, CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD),
+ allocator(alloc), mPassword(alloc, password)
+{ }
+
+ProtectedPasswordAclSubject::ProtectedPasswordAclSubject(CssmAllocator &alloc, CssmManagedData &password)
+ : SimpleAclSubject(CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD, CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD),
+ allocator(alloc), mPassword(alloc, password)
+{ }
+
+
+//
+// Validate a credential set against this subject
+//
+bool ProtectedPasswordAclSubject::validate(const AclValidationContext &context,
+ const TypedList &sample) const
+{
+ if (sample.length() == 1) {
+ return true; //@@@ validate against PP
+ } else if (sample.length() == 2 && sample[1].type() == CSSM_LIST_ELEMENT_DATUM) {
+ const CssmData &password = sample[1];
+ return password == mPassword;
+ } else
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
+}
+
+
+//
+// Make a copy of this subject in CSSM_LIST form
+//
+CssmList ProtectedPasswordAclSubject::toList(CssmAllocator &alloc) const
+{
+ // the password itself is private and not exported to CSSM
+ return TypedList(alloc, CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD);
+}
+
+
+//
+// Create a ProtectedPasswordAclSubject
+//
+ProtectedPasswordAclSubject *ProtectedPasswordAclSubject::Maker::make(const TypedList &list) const
+{
+ CssmAutoData password(CssmAllocator::standard(CssmAllocator::sensitive));
+ if (list.length() == 1) {
+ char pass[] = "secret";
+ CssmData password = CssmData::wrap(pass, 6); //@@@ get password from PP
+ return new ProtectedPasswordAclSubject(CssmAllocator::standard(CssmAllocator::sensitive), password);
+ } else {
+ ListElement *password;
+ crack(list, 1, &password, CSSM_LIST_ELEMENT_DATUM);
+ return new ProtectedPasswordAclSubject(CssmAllocator::standard(CssmAllocator::sensitive), *password);
+ }
+}
+
+ProtectedPasswordAclSubject *ProtectedPasswordAclSubject::Maker::make(Version,
+ Reader &pub, Reader &priv) const
+{
+ CssmAllocator &alloc = CssmAllocator::standard(CssmAllocator::sensitive);
+ const void *data; uint32 length; priv.countedData(data, length);
+ return new ProtectedPasswordAclSubject(alloc, CssmAutoData(alloc, data, length));
+}
+
+
+//
+// Export the subject to a memory blob
+//
+void ProtectedPasswordAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
+{
+ priv.countedData(mPassword);
+}
+
+void ProtectedPasswordAclSubject::exportBlob(Writer &pub, Writer &priv)
+{
+ priv.countedData(mPassword);
+}
+
+
+#ifdef DEBUGDUMP
+
+void ProtectedPasswordAclSubject::debugDump() const
+{
+ Debug::dump("Protected Password ");
+ Debug::dumpData(mPassword.data(), mPassword.length());
+}
+
+#endif //DEBUGDUMP
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// acl_protectedpw - protected-path password-based ACL subject types.
+//
+// This implements "protected path" password-based subject types as per CSSM standard.
+// The actual protected path is not implemented in this class; it's up to the user to provide it.
+//
+#ifndef _ACL_PROTECTED_PASSWORD
+#define _ACL_PROTECTED_PASSWORD
+
+#include <Security/cssmdata.h>
+#include <Security/cssmacl.h>
+#include <string>
+
+
+namespace Security {
+
+class ProtectedPasswordAclSubject : public SimpleAclSubject {
+public:
+ bool validate(const AclValidationContext &baseCtx, const TypedList &sample) const;
+ CssmList toList(CssmAllocator &alloc) const;
+
+ ProtectedPasswordAclSubject(CssmAllocator &alloc, const CssmData &password);
+ ProtectedPasswordAclSubject(CssmAllocator &alloc, CssmManagedData &password);
+
+ CssmAllocator &allocator;
+
+ void exportBlob(Writer::Counter &pub, Writer::Counter &priv);
+ void exportBlob(Writer &pub, Writer &priv);
+
+ IFDUMP(void debugDump() const);
+
+ class Maker : public AclSubject::Maker {
+ public:
+ Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD) { }
+ ProtectedPasswordAclSubject *make(const TypedList &list) const;
+ ProtectedPasswordAclSubject *make(Version, Reader &pub, Reader &priv) const;
+ };
+
+private:
+ CssmAutoData mPassword;
+};
+
+} // end namespace Security
+
+
+#endif //_ACL_PROTECTED_PASSWORD
return new ThresholdAclSubject(totalSubjects, minimumNeeded, elements);
}
-ThresholdAclSubject *ThresholdAclSubject::Maker::make(Reader &pub, Reader &priv) const
+ThresholdAclSubject *ThresholdAclSubject::Maker::make(Version, Reader &pub, Reader &priv) const
{
uint32 totalSubjects; pub(totalSubjects);
uint32 minimumNeeded; pub(minimumNeeded);
AclSubjectVector subSubjects(totalSubjects);
- for (uint32 n = 0; n < totalSubjects; n++) {
- CSSM_ACL_SUBJECT_TYPE type; pub(type);
- subSubjects[n] = ObjectAcl::make(type, pub, priv);
- }
+ for (uint32 n = 0; n < totalSubjects; n++)
+ subSubjects[n] = ObjectAcl::importSubject(pub, priv);
return new ThresholdAclSubject(totalSubjects, minimumNeeded, subSubjects);
}
{
pub(totalSubjects);
pub(minimumNeeded);
- for (uint32 n = 0; n < totalSubjects; n++) {
- AclSubjectPointer &subSubject = elements[n];
- CSSM_ACL_SUBJECT_TYPE type = subSubject->type();
- pub(type);
- subSubject->exportBlob(pub, priv);
- }
+ for (uint32 n = 0; n < totalSubjects; n++)
+ ObjectAcl::exportSubject(elements[n], pub, priv);
}
void ThresholdAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
Debug::dump("Threshold(%ld of %ld)", minimumNeeded, totalSubjects);
for (unsigned int n = 0; n < elements.size(); n++) {
Debug::dump(" [");
+ if (Version v = elements[n]->version())
+ Debug::dump("V=%d ", v);
elements[n]->debugDump();
Debug::dump("]");
}
public:
Maker() : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_THRESHOLD) { }
ThresholdAclSubject *make(const TypedList &list) const;
- ThresholdAclSubject *make(Reader &pub, Reader &priv) const;
+ ThresholdAclSubject *make(Version, Reader &pub, Reader &priv) const;
};
private:
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// CoreFoundation related utilities
+//
+#include <Security/cfutilities.h>
+#include <Security/debugging.h>
+
+
+namespace Security {
+
+
+//
+// Turn a CFString into a UTF8-encoded C++ string
+//
+string cfString(CFStringRef str)
+{
+ // NULL translates (cleanly) to empty
+ if (str == NULL)
+ return "";
+
+ // quick path first
+ if (const char *s = CFStringGetCStringPtr(str, kCFStringEncodingUTF8))
+ return s;
+
+ // need to extract into buffer
+ string ret;
+ CFIndex length = CFStringGetLength(str); // in 16-bit character units
+ char *buffer = new char[6 * length + 1]; // pessimistic
+ if (CFStringGetCString(str, buffer, 6 * length + 1, kCFStringEncodingUTF8))
+ ret = buffer;
+ delete[] buffer;
+ return ret;
+}
+
+
+} // end namespace Security
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+//CoreFoundation related utilities
+//
+#ifndef _H_CFUTILITIES
+#define _H_CFUTILITIES
+
+#include <Security/utilities.h>
+#include <CoreFoundation/CoreFoundation.h>
+#include <algorithm>
+
+
+namespace Security {
+
+
+//
+// Initialize-only self-releasing CF object handler (lightweight).
+// Does not support assignment.
+//
+template <class CFType> class CFRef {
+public:
+ CFRef() : mRef(NULL) { }
+ CFRef(CFType ref) : mRef(ref) { }
+ CFRef(const CFRef &ref) : mRef(ref) { if (ref) CFRetain(ref); }
+ ~CFRef() { if (mRef) CFRelease(mRef); }
+
+ CFRef &operator = (CFType ref)
+ { if (ref) CFRetain(ref); if (mRef) CFRelease(mRef); mRef = ref; return *this; }
+
+ operator CFType () const { return mRef; }
+ operator bool () const { return mRef != NULL; }
+ bool operator ! () const { return mRef == NULL; }
+
+private:
+ CFType mRef;
+};
+
+
+template <class CFType> class CFCopyRef {
+public:
+ CFCopyRef() : mRef(NULL) { }
+ explicit CFCopyRef(CFType ref) : mRef(ref) { if (ref) CFRetain(ref); }
+ CFCopyRef(const CFCopyRef &ref) : mRef(ref) { if (ref) CFRetain(ref); }
+ ~CFCopyRef() { if (mRef) CFRelease(mRef); }
+
+ CFCopyRef &operator = (CFType ref)
+ { if (ref) CFRetain(ref); if (mRef) CFRelease(mRef); mRef = ref; return *this; }
+
+ operator CFType () const { return mRef; }
+ operator bool () const { return mRef != NULL; }
+ bool operator ! () const { return mRef == NULL; }
+
+private:
+ CFType mRef;
+};
+
+
+//
+// A simple function that turns a non-array CFTypeRef into
+// an array of one with that element.
+//
+inline CFArrayRef cfArrayize(CFTypeRef arrayOrItem)
+{
+ if (arrayOrItem == NULL)
+ return NULL; // NULL is NULL
+ else if (CFGetTypeID(arrayOrItem) == CFArrayGetTypeID())
+ return CFArrayRef(arrayOrItem); // already an array
+ else {
+ CFArrayRef array = CFArrayCreate(NULL,
+ (const void **)&arrayOrItem, 1, &kCFTypeArrayCallBacks);
+ CFRelease(arrayOrItem); // was retained by ArrayCreate
+ return array;
+ }
+}
+
+
+//
+// Translate CFDataRef to CssmData. The output shares the input's buffer.
+//
+inline CssmData cfData(CFDataRef data)
+{
+ return CssmData(const_cast<UInt8 *>(CFDataGetBytePtr(data)),
+ CFDataGetLength(data));
+}
+
+
+//
+// Translate CFStringRef to (UTF8-encoded) C++ string
+//
+string cfString(CFStringRef str);
+
+
+//
+// Translate any Data-oid source to a CFDataRef. The contents are copied.
+//
+template <class Data>
+inline CFDataRef makeCFData(const Data &source)
+{
+ return CFDataCreate(NULL, reinterpret_cast<const UInt8 *>(source.data()), source.length());
+}
+
+
+//
+// Translate strings into CFStrings
+//
+inline CFStringRef makeCFString(const char *s)
+{
+ return CFStringCreateWithCString(NULL, s, kCFStringEncodingUTF8);
+}
+
+inline CFStringRef makeCFString(const string &s)
+{
+ return CFStringCreateWithCString(NULL, s.c_str(), kCFStringEncodingUTF8);
+}
+
+
+//
+// Internally used STL adapters. Should probably be in utilities.h.
+//
+template <class Self>
+Self projectPair(const Self &me)
+{ return me; }
+
+template <class First, class Second>
+Second projectPair(const pair<First, Second> &me)
+{ return me.second; }
+
+
+//
+// A CFToVector turns a CFArrayRef of items into a flat
+// C vector of some type, using a conversion function
+// (from CFTypeRef) specified. As a special bonus, if
+// you provide a CFTypeRef (other than CFArrayRef), it
+// will be transparently handled as an array-of-one.
+// The array will be automatically released on destruction
+// of the CFToVector object. Any internal structure shared
+// with the CFTypeRef inputs will be left alone.
+//
+template <class VectorBase, class CFRefType, VectorBase convert(CFRefType)>
+class CFToVector {
+public:
+ CFToVector(CFArrayRef arrayRef);
+ ~CFToVector() { delete[] mVector; }
+ operator uint32 () const { return mCount; }
+ operator VectorBase *() const { return mVector; }
+ bool empty() const { return mCount == 0; }
+
+ VectorBase *begin() const { return mVector; }
+ VectorBase *end() const { return mVector + mCount; }
+
+ VectorBase &operator [] (uint32 ix) const { assert(ix < mCount); return mVector[ix]; }
+
+private:
+ VectorBase *mVector;
+ uint32 mCount;
+};
+
+template <class VectorBase, class CFRefType, VectorBase convert(CFTypeRef)>
+CFToVector<VectorBase, CFRefType, convert>::CFToVector(CFArrayRef arrayRef)
+{
+ if (arrayRef == NULL) {
+ mCount = 0;
+ mVector = NULL;
+ } else {
+ mCount = CFArrayGetCount(arrayRef);
+ mVector = new VectorBase[mCount];
+ for (uint32 n = 0; n < mCount; n++)
+ mVector[n] = convert(CFRefType(CFArrayGetValueAtIndex(arrayRef, n)));
+ }
+}
+
+
+//
+// Generate a CFArray of CFTypeId things generated from iterators.
+// @@@ This should be cleaned up with partial specializations based
+// @@@ on iterator_traits.
+//
+template <class Iterator, class Generator>
+inline CFArrayRef makeCFArray(Generator &generate, Iterator first, Iterator last)
+{
+ // how many elements?
+ size_t size = distance(first, last);
+
+ // do the CFArrayCreate tango
+ auto_array<CFTypeRef> vec(size);
+ for (uint32 n = 0; n < size; n++)
+ vec[n] = generate(projectPair(*first++));
+ assert(first == last);
+ return CFArrayCreate(NULL, (const void **)vec.get(), size, &kCFTypeArrayCallBacks);
+}
+
+template <class Container, class Generator>
+inline CFArrayRef makeCFArray(Generator &generate, const Container &container)
+{
+ return makeCFArray(generate, container.begin(), container.end());
+}
+
+
+} // end namespace Security
+
+#endif //_H_CFUTILITIES
else
return 0;
}
+
+ bool getInt(CSSM_ATTRIBUTE_TYPE type, uint32 &value) const
+ {
+ if (Attr *attr = find(type)) {
+ value = static_cast<uint32>(*attr);
+ return true;
+ } else
+ return false;
+ }
public:
template <class T>
}
public:
- void *operator new (size_t size, CssmAllocator &alloc)
+ void *operator new (size_t size, CssmAllocator &alloc) throw(std::bad_alloc)
{ return alloc.malloc(size); }
- void operator delete (void *addr, size_t, CssmAllocator &alloc)
+ void operator delete (void *addr, size_t, CssmAllocator &alloc) throw()
{ return alloc.free(addr); }
- static void destroy(Context *context, CssmAllocator &alloc)
+ static void destroy(Context *context, CssmAllocator &alloc) throw()
{ alloc.free(context->ContextAttributes); alloc.free(context); }
public:
//
// cssmacl - core ACL management interface
//
-#ifdef __MWERKS__
-#define _CPP_CSSMACL
-#endif
-
#include <Security/cssmacl.h>
#include <Security/debugging.h>
#include <algorithm>
void ObjectAcl::cssmSetInitial(const AclEntryPrototype &proto)
{
owner = OwnerEntry(proto);
- entries.insert(EntryMap::value_type("", proto))->second.handle = nextHandle++;
+ entries.insert(EntryMap::value_type(proto.tag(), proto))->second.handle = nextHandle++;
+ IFDUMPING("acl", debugDump("create/proto"));
}
void ObjectAcl::cssmSetInitial(const AclSubjectPointer &subject)
{
owner = OwnerEntry(subject);
entries.insert(EntryMap::value_type("", subject))->second.handle = nextHandle++;
+ IFDUMPING("acl", debugDump("create/subject"));
}
ObjectAcl::Entry::~Entry()
pubWriter(entryCount);
for (Iterator it = begin(); it != end(); it++)
it->second.exportBlob(pubWriter, privWriter);
+ IFDUMPING("acl", debugDump("exported"));
}
}
+//
+// Import/export helpers for subjects.
+// This is exported to (subject implementation) callers to maintain consistency
+// in binary format handling.
+//
+AclSubject *ObjectAcl::importSubject(Reader &pub, Reader &priv)
+{
+ uint32 typeAndVersion; pub(typeAndVersion);
+ return make(typeAndVersion, pub, priv);
+}
+
+
//
// ACL utility methods
//
unsigned int ObjectAcl::getRange(const char *tag, pair<ConstIterator, ConstIterator> &range) const
{
- if (tag) {
+ if (tag && tag[0]) { // tag restriction in effect
range = entries.equal_range(tag);
uint32 count = entries.count(tag);
if (count == 0)
CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
return count;
- } else {
+ } else { // try all tags
range.first = entries.begin();
range.second = entries.end();
return entries.size();
CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_EDIT_MODE);
}
- IFDUMPING("acl", debugDump("owner-change-to"));
+ IFDUMPING("acl", debugDump("acl-change-to"));
}
void ObjectAcl::cssmGetOwner(AclOwnerPrototype &outOwner)
void ObjectAcl::Entry::importBlob(Reader &pub, Reader &priv)
{
- // delegate is trivial
- pub(delegate);
-
- // now reconstruct the (polymorphic) subject
- CSSM_ACL_SUBJECT_TYPE subjectType; pub(subjectType);
- subject = make(subjectType, pub, priv);
+ uint32 del; pub(del); delegate = del; // 4 bytes delegate flag
+ subject = importSubject(pub, priv);
}
{
Entry::importBlob(pub, priv);
const char *s; pub(s); tag = s;
- pub(authorizesAnything);
+
+ // authorizesAnything is on disk as a 4-byte flag
+ uint32 tmpAuthorizesAnything;
+ pub(tmpAuthorizesAnything);
+ authorizesAnything = tmpAuthorizesAnything;
+
authorizations.erase(authorizations.begin(), authorizations.end());
if (!authorizesAnything) {
uint32 count; pub(count);
return makerFor(list.type()).make(list);
}
-AclSubject *ObjectAcl::make(CSSM_ACL_SUBJECT_TYPE type, Reader &pub, Reader &priv)
+AclSubject *ObjectAcl::make(uint32 typeAndVersion, Reader &pub, Reader &priv)
{
- return makerFor(type).make(pub, priv);
+ // this type is encode as (version << 24) | type
+ return makerFor(typeAndVersion & ~AclSubject::versionMask).make(typeAndVersion >> AclSubject::versionShift, pub, priv);
}
AclSubject::Maker &ObjectAcl::makerFor(CSSM_ACL_SUBJECT_TYPE type)
//
-// Debug dumping support
+// Debug dumping support.
+// Leave the ObjectAcl::debugDump method in (stubbed out)
+// to keep the virtual table layout stable, and to allow
+// proper linking in weird mix-and-match scenarios.
//
-#if defined(DEBUGDUMP)
-
void ObjectAcl::debugDump(const char *what) const
{
+#if defined(DEBUGDUMP)
if (!what)
what = "Dump";
Debug::dump("%p ACL %s: %d entries\n", this, what, int(entries.size()));
Debug::dump("]\n");
}
Debug::dump("%p ACL END\n", this);
+#endif //DEBUGDUMP
+}
+
+void AclSubject::debugDump() const
+{
+#if defined(DEBUGDUMP)
+ switch (type()) {
+ case CSSM_ACL_SUBJECT_TYPE_ANY:
+ Debug::dump("ANY");
+ break;
+ default:
+ Debug::dump("subject type=%d", int(type()));
+ break;
+ }
+#endif //DEBUGDUMP
}
+#if defined(DEBUGDUMP)
+
void ObjectAcl::Entry::debugDump() const
{
+ if (AclSubject::Version v = subject->version())
+ Debug::dump("V=%d ", v);
subject->debugDump();
if (delegate)
Debug::dump(" DELEGATE");
}
}
-void AclSubject::debugDump() const
-{
- switch (type()) {
- case CSSM_ACL_SUBJECT_TYPE_ANY:
- Debug::dump("ANY");
- break;
- default:
- Debug::dump("subject type=%d", int(type()));
- break;
- }
-}
-
#endif //DEBUGDUMP
//
// cssmacl - core ACL management interface.
//
-// Statement of strategy:
-// Beyond the enhanced POD Wrappers for the various CSSM types, we find pure C++ classes
-// that implement ACLs in the local address space. ObjectAcl is the abstract interface
-// to an implementation of a CSSM ACL. It supports the CSSM interfaces for ACL manipulation.
-// @@@ TBA @@@
+// This file contains a set of C++ classes that implement ACLs in the local address space.
+// ObjectAcl is the abstract interface to an implementation of a CSSM ACL. It supports
+// the CSSM interfaces for ACL manipulation. AclSubject is the common parent of all
+// types of ACL Subjects (in the CSSM sense); subclass this to implement a new subject type.
+// AclValidationContext is an extensible, structured way of passing context information
+// from the evaluation environment into particular subjects whose validation is context sensitive.
//
#ifndef _CSSMACL
#define _CSSMACL
#include <string>
#include <limits.h>
-#ifdef _CPP_CSSMACL
-#pragma export on
-#endif
-namespace Security
-{
+namespace Security {
class AclValidationContext;
// Note that it does contain some common code to make everybody's life easier.
//
class AclSubject : public RefCount {
+public:
typedef LowLevelMemoryUtilities::Writer Writer;
typedef LowLevelMemoryUtilities::Reader Reader;
-public:
- AclSubject(uint32 type) : mType(type) { }
+
+ typedef uint8 Version; // binary version marker
+ static const int versionShift = 24; // highest-order byte of type is version
+ static const uint32 versionMask = 0xff000000;
+
+ AclSubject(uint32 type) : mType(type), mVersion(0) { assert(!(type & versionMask)); }
virtual ~AclSubject();
uint32 type() const { return mType; }
virtual void exportBlob(Writer &pub, Writer &priv);
virtual void importBlob(Reader &pub, Reader &priv);
- // debug suupport
- IFDUMP(virtual void debugDump() const);
+ // binary compatibility version management. The version defaults to zero
+ Version version() const { return mVersion; }
+ void version(Version v) { mVersion = v; }
+
+ // debug suupport (dummied out but present for -UDEBUGDUMP)
+ virtual void debugDump() const;
private:
CSSM_ACL_SUBJECT_TYPE mType;
+ Version mVersion;
public:
class Maker {
uint32 type() const { return myType; }
virtual AclSubject *make(const TypedList &list) const = 0;
- virtual AclSubject *make(Reader &pub, Reader &priv) const = 0;
+ virtual AclSubject *make(Version version, Reader &pub, Reader &priv) const = 0;
protected:
// list parsing helpers
void exportBlob(CssmData &publicBlob, CssmData &privateBlob);
void importBlob(const void *publicBlob, const void *privateBlob);
- // debugging support
- IFDUMP(virtual void debugDump(const char *what = NULL) const);
+ // debugging support (always there but stubbed out unless DEBUGDUMP)
+ virtual void debugDump(const char *what = NULL) const;
public:
class Entry {
virtual bool authorizes(AclAuthorization auth) const = 0;
virtual bool validate(const AclValidationContext &ctx) const = 0;
- template <class Action>
- void exportBlob(Action &pub, Action &priv)
- {
- pub(delegate);
- CSSM_ACL_SUBJECT_TYPE type = subject->type(); pub(type);
- subject->exportBlob(pub, priv);
- }
+ template <class Action>
+ void ObjectAcl::Entry::exportBlob(Action &pub, Action &priv)
+ {
+ uint32 del = delegate; pub(del); // 4 bytes delegate flag
+ exportSubject(subject, pub, priv); // subject itself (polymorphic)
+ }
void importBlob(Reader &pub, Reader &priv);
IFDUMP(virtual void debugDump() const);
class AclEntry : public Entry {
public:
- string tag; // entry tag
- AclAuthorizationSet authorizations; // set of authorizations
- bool authorizesAnything; // has the _ANY authorization tag
+ std::string tag; // entry tag
+ AclAuthorizationSet authorizations; // set of authorizations
+ bool authorizesAnything; // has the _ANY authorization tag
//@@@ time range not yet implemented
- uint32 handle; // entry handle
+ uint32 handle; // entry handle
- AclEntry() { } // invalid AclEntry
+ AclEntry() { } // invalid AclEntry
AclEntry(const AclSubjectPointer &subject);
AclEntry(const AclEntryPrototype &proto);
{
Entry::exportBlob(pub, priv);
const char *s = tag.c_str(); pub(s);
- pub(authorizesAnything);
+ uint32 aa = authorizesAnything; pub(aa);
if (!authorizesAnything) {
uint32 count = authorizations.size(); pub(count);
for (AclAuthorizationSet::iterator it = authorizations.begin();
IFDUMP(void debugDump() const);
};
+
+public:
+ // These helpers deal with transferring one subject from/to reader/writer streams.
+ // You'd usually only call those from complex subject implementations (e.g. threshold)
+ template <class Action>
+ static void ObjectAcl::exportSubject(AclSubject *subject, Action &pub, Action &priv)
+ {
+ uint32 typeAndVersion = subject->type() | subject->version() << AclSubject::versionShift;
+ pub(typeAndVersion);
+ subject->exportBlob(pub, priv);
+ }
+ static AclSubject *importSubject(Reader &pub, Reader &priv);
- typedef multimap<string, AclEntry> EntryMap;
+public:
+ typedef std::multimap<string, AclEntry> EntryMap;
typedef EntryMap::iterator Iterator;
typedef EntryMap::const_iterator ConstIterator;
-
+
Iterator begin() { return entries.begin(); }
Iterator end() { return entries.end(); }
ConstIterator begin() const { return entries.begin(); }
ConstIterator end() const { return entries.end(); }
-
+
unsigned int getRange(const char *tag, pair<ConstIterator, ConstIterator> &range) const;
Iterator findEntryHandle(CSSM_ACL_HANDLE handle);
-
+
// construct an AclSubject through the Maker registry (by subject type)
static AclSubject *make(const TypedList &list); // make from CSSM form
- static AclSubject *make(CSSM_ACL_SUBJECT_TYPE type,
+ static AclSubject *make(uint32 typeAndVersion,
Reader &pub, Reader &priv); // make from export form
private:
ResourceControlContext(const AclEntryInput &initial, AccessCredentials *cred = NULL)
{ InitialAclEntry = initial; AccessCred = cred; }
- operator AclEntryInput &() { return AclEntryInput::overlay(InitialAclEntry); }
- AccessCredentials *credentials() { return AccessCredentials::overlay(AccessCred); }
+ AclEntryInput &input() { return AclEntryInput::overlay(InitialAclEntry); }
+ operator AclEntryInput &() { return input(); }
+ AccessCredentials *credentials() const { return AccessCredentials::overlay(AccessCred); }
+ void credentials(const CSSM_ACCESS_CREDENTIALS *creds)
+ { AccessCred = const_cast<CSSM_ACCESS_CREDENTIALS *>(creds); }
};
} // end namespace Security
-#ifdef _CPP_CSSMACL
-#pragma export off
-#endif
-
#endif //_CSSMACL
#include <Security/cssmwalkers.h>
-AuthorizationGroup::AuthorizationGroup(const AclAuthorizationSet &auths, CssmAllocator &alloc)
+AuthorizationGroup::AuthorizationGroup(const AclAuthorizationSet &auths,
+ CssmAllocator &alloc)
{
NumberOfAuthTags = auths.size();
AuthTags = alloc.alloc<CSSM_ACL_AUTHORIZATION_TAG>(NumberOfAuthTags);
copy(auths.begin(), auths.end(), AuthTags); // happens to be sorted
}
+void AuthorizationGroup::destroy(CssmAllocator &alloc)
+{
+ alloc.free(AuthTags);
+}
+
bool AuthorizationGroup::contains(CSSM_ACL_AUTHORIZATION_TAG tag) const
{
return find(AuthTags, &AuthTags[NumberOfAuthTags], tag) != &AuthTags[NumberOfAuthTags];
memset(this, 0, sizeof(*this));
TypedSubject = proto.subject(); Delegate = proto.delegate();
//@@@ set authorization to "is owner" pseudo-auth? See cssmacl.h
-}
+}
+void AclEntryPrototype::tag(const char *tagString)
+{
+ if (tagString == NULL)
+ EntryTag[0] = '\0';
+ else if (strlen(tagString) > CSSM_MODULE_STRING_SIZE)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
+ strcpy(EntryTag, tagString);
+}
+
+
+AclOwnerPrototype *AutoAclOwnerPrototype::make()
+{
+ if (!mAclOwnerPrototype) {
+ mAclOwnerPrototype = new AclOwnerPrototype;
+ mAclOwnerPrototype->clearPod();
+ }
+ return mAclOwnerPrototype;
+}
AutoAclOwnerPrototype::~AutoAclOwnerPrototype()
{
// a nicer name for an authorization tag
typedef CSSM_ACL_AUTHORIZATION_TAG AclAuthorization;
-typedef set<AclAuthorization> AclAuthorizationSet;
+typedef s
td::set<AclAuthorization> AclAuthorizationSet;
//
public:
AuthorizationGroup() { NumberOfAuthTags = 0; }
AuthorizationGroup(AclAuthorization auth);
+
explicit AuthorizationGroup(const AclAuthorizationSet &, CssmAllocator &alloc);
+ void destroy(CssmAllocator &alloc);
bool empty() const { return NumberOfAuthTags == 0; }
unsigned int count() const { return NumberOfAuthTags; }
class AclEntryPrototype : public PodWrapper<AclEntryPrototype, CSSM_ACL_ENTRY_PROTOTYPE> {
public:
- AclEntryPrototype() { memset(this, 0, sizeof(*this)); }
- AclEntryPrototype(const AclOwnerPrototype &proto);
+ AclEntryPrototype() { clearPod(); }
+ explicit AclEntryPrototype(const AclOwnerPrototype &proto);
AclEntryPrototype(const CSSM_LIST &subj, bool delegate = false)
- { memset(this, 0, sizeof(*this)); TypedSubject = subj; Delegate = delegate; }
+ { clearPod(); TypedSubject = subj; Delegate = delegate; }
TypedList &subject() { return TypedList::overlay(TypedSubject); }
const TypedList &subject() const { return TypedList::overlay(TypedSubject); }
bool delegate() const { return Delegate; }
char *tag() { return EntryTag; }
const char *tag() const { return EntryTag; }
+ void tag(const char *tagString);
AuthorizationGroup &authorization() { return AuthorizationGroup::overlay(Authorization); }
const AuthorizationGroup &authorization() const
{ return AuthorizationGroup::overlay(Authorization); }
class AclOwnerPrototype : public PodWrapper<AclOwnerPrototype, CSSM_ACL_OWNER_PROTOTYPE> {
public:
- AclOwnerPrototype() { }
+ AclOwnerPrototype() { clearPod(); }
explicit AclOwnerPrototype(const AclEntryPrototype &proto)
{ TypedSubject = proto.subject(); Delegate = proto.delegate(); }
+ AclOwnerPrototype(const CSSM_LIST &subj, bool delegate = false)
+ { TypedSubject = subj; Delegate = delegate; }
TypedList &subject() { return TypedList::overlay(TypedSubject); }
const TypedList &subject() const { return TypedList::overlay(TypedSubject); }
class AclEntryInput : public PodWrapper<AclEntryInput, CSSM_ACL_ENTRY_INPUT> {
public:
- AclEntryInput() { memset(this, 0, sizeof(*this)); }
+ AclEntryInput() { clearPod(); }
AclEntryInput(const AclEntryPrototype &prot)
{ Prototype = prot; Callback = NULL; CallerContext = NULL; }
NOCOPY(AutoAclOwnerPrototype)
public:
// allocator can be set after construction
- AutoAclOwnerPrototype(CssmAllocator *allocator = NULL) : mAllocator(allocator) { }
+ AutoAclOwnerPrototype(CssmAllocator *allocator = NULL)
+ : mAclOwnerPrototype(NULL), mAllocator(allocator) { }
~AutoAclOwnerPrototype();
- operator CSSM_ACL_OWNER_PROTOTYPE *() { return mAclOwnerPrototype; }
+ operator CSSM_ACL_OWNER_PROTOTYPE *() { return make(); }
+ AclOwnerPrototype &operator * () { return *make(); }
void allocator(CssmAllocator &allocator);
private:
AclOwnerPrototype *mAclOwnerPrototype;
CssmAllocator *mAllocator;
+
+ AclOwnerPrototype *make();
};
const AclEntryInfo &at(uint32 ix) const { return mAclEntryInfo[ix]; }
const AclEntryInfo &operator[](uint32 ix) const
{ assert(ix < mNumberOfAclEntries); return mAclEntryInfo[ix]; }
+ AclEntryInfo &operator[](uint32 ix)
+ { assert(ix < mNumberOfAclEntries); return mAclEntryInfo[ix]; }
- uint32 size() const { return mNumberOfAclEntries; }
+ uint32 size() const { return mNumberOfAclEntries; } // obsolete
+ uint32 count() const { return mNumberOfAclEntries; }
+ AclEntryInfo *entries() const { return mAclEntryInfo; }
private:
AclEntryInfo *mAclEntryInfo;
CssmAllocator *mAllocator;
};
+class AutoAuthorizationGroup : public AuthorizationGroup {
+public:
+ AutoAuthorizationGroup(CssmAllocator &alloc) : allocator(alloc) { }
+ explicit AutoAuthorizationGroup(const AclAuthorizationSet &set,
+ CssmAllocator &alloc) : AuthorizationGroup(set, alloc), allocator(alloc) { }
+ ~AutoAuthorizationGroup() { destroy(allocator); }
+
+ CssmAllocator &allocator;
+};
+
//
// Walkers for the CSSM API structure types
#include <Security/cssmalloc.h>
#include <Security/memutils.h>
#include <Security/globalizer.h>
+#include <Security/trackingallocator.h>
#include <stdlib.h>
#include <errno.h>
using LowLevelMemoryUtilities::increment;
using LowLevelMemoryUtilities::alignUp;
+extern "C" size_t malloc_size(void *);
+
//
// Features of the CssmAllocator root class
//
-bool CssmAllocator::operator == (const CssmAllocator &alloc) const
+bool CssmAllocator::operator == (const CssmAllocator &alloc) const throw()
{
return this == &alloc;
}
// pool). This is trivially achieved here by using singletons.
//
struct DefaultCssmAllocator : public CssmAllocator {
- void *malloc(size_t size);
- void free(void *addr);
- void *realloc(void *addr, size_t size);
+ void *malloc(size_t size) throw(std::bad_alloc);
+ void free(void *addr) throw();
+ void *realloc(void *addr, size_t size) throw(std::bad_alloc);
+};
+
+struct SensitiveCssmAllocator : public DefaultCssmAllocator {
+ void free(void *addr) throw();
+ void *realloc(void *addr, size_t size) throw(std::bad_alloc);
+};
+
+struct DefaultAllocators {
+ DefaultCssmAllocator standard;
+ SensitiveCssmAllocator sensitive;
};
-static ModuleNexus<DefaultCssmAllocator> defaultAllocator;
+static ModuleNexus<DefaultAllocators> defaultAllocators;
-CssmAllocator &CssmAllocator::standard(uint32)
+CssmAllocator &CssmAllocator::standard(uint32 request)
{
- return defaultAllocator();
+ switch (request) {
+ case normal:
+ return defaultAllocators().standard;
+ case sensitive:
+ return defaultAllocators().sensitive;
+ default:
+ CssmError::throwMe(CSSM_ERRCODE_MEMORY_ERROR);
+ }
}
-void *DefaultCssmAllocator::malloc(size_t size)
+void *DefaultCssmAllocator::malloc(size_t size) throw(std::bad_alloc)
{
if (void *result = ::malloc(size))
return result;
throw std::bad_alloc();
}
-void DefaultCssmAllocator::free(void *addr)
+void DefaultCssmAllocator::free(void *addr) throw()
{
::free(addr);
}
-void *DefaultCssmAllocator::realloc(void *addr, size_t newSize)
+void *DefaultCssmAllocator::realloc(void *addr, size_t newSize) throw(std::bad_alloc)
{
if (void *result = ::realloc(addr, newSize))
return result;
throw std::bad_alloc();
}
+void SensitiveCssmAllocator::free(void *addr) throw()
+{
+ memset(addr, 0, malloc_size(addr));
+ DefaultCssmAllocator::free(addr);
+}
+
+void *SensitiveCssmAllocator::realloc(void *addr, size_t newSize) throw(std::bad_alloc)
+{
+ size_t oldSize = malloc_size(addr);
+ if (newSize < oldSize)
+ memset(increment(addr, newSize), 0, oldSize - newSize);
+ return DefaultCssmAllocator::realloc(addr, newSize);
+}
+
TrackingAllocator::~TrackingAllocator()
{
AllocSet::iterator first = mAllocSet.begin(), last = mAllocSet.end();
//
// CssmMemoryFunctionsAllocators
//
-void *CssmMemoryFunctionsAllocator::malloc(size_t size)
+void *CssmMemoryFunctionsAllocator::malloc(size_t size) throw(std::bad_alloc)
{ return functions.malloc(size); }
-void CssmMemoryFunctionsAllocator::free(void *addr)
+void CssmMemoryFunctionsAllocator::free(void *addr) throw()
{ return functions.free(addr); }
-void *CssmMemoryFunctionsAllocator::realloc(void *addr, size_t size)
+void *CssmMemoryFunctionsAllocator::realloc(void *addr, size_t size) throw(std::bad_alloc)
{ return functions.realloc(addr, size); }
calloc_func = relayCalloc;
}
-void *CssmAllocatorMemoryFunctions::relayMalloc(size_t size, void *ref)
+void *CssmAllocatorMemoryFunctions::relayMalloc(size_t size, void *ref) throw(std::bad_alloc)
{ return allocator(ref).malloc(size); }
-void CssmAllocatorMemoryFunctions::relayFree(void *mem, void *ref)
+void CssmAllocatorMemoryFunctions::relayFree(void *mem, void *ref) throw()
{ allocator(ref).free(mem); }
-void *CssmAllocatorMemoryFunctions::relayRealloc(void *mem, size_t size, void *ref)
+void *CssmAllocatorMemoryFunctions::relayRealloc(void *mem, size_t size, void *ref) throw(std::bad_alloc)
{ return allocator(ref).realloc(mem, size); }
-void *CssmAllocatorMemoryFunctions::relayCalloc(uint32 count, size_t size, void *ref)
+void *CssmAllocatorMemoryFunctions::relayCalloc(uint32 count, size_t size, void *ref) throw(std::bad_alloc)
{
// CssmAllocator doesn't have a calloc() method
void *mem = allocator(ref).malloc(size * count);
// functions to safely free our (hidden) pointer without knowing about it.
// An allocator argument of NULL is interpreted as the standard allocator.
//
-void *CssmHeap::operator new (size_t size, CssmAllocator *alloc)
+void *CssmHeap::operator new (size_t size, CssmAllocator *alloc) throw(std::bad_alloc)
{
if (alloc == NULL)
alloc = &CssmAllocator::standard();
return addr;
}
-void CssmHeap::operator delete (void *addr, size_t size, CssmAllocator *alloc)
+void CssmHeap::operator delete (void *addr, size_t size, CssmAllocator *alloc) throw()
{
alloc->free(addr); // as per C++ std, called (only) if construction fails
}
-void CssmHeap::operator delete (void *addr, size_t size)
+void CssmHeap::operator delete (void *addr, size_t size) throw()
{
void *end = increment(addr, alignUp(size, alignof<CssmAllocator *>()));
(*(CssmAllocator **)end)->free(addr);
}
+
+
+//
+// CssmVector
+//
#include <Security/utilities.h>
#include <Security/cssm.h>
#include <cstring>
-#include <set>
#ifdef _CPP_CSSMALLOC
# pragma export on
class CssmAllocator {
public:
virtual ~CssmAllocator();
- virtual void *malloc(size_t) = 0;
- virtual void free(void *) = 0;
- virtual void *realloc(void *, size_t) = 0;
+ virtual void *malloc(size_t) throw(std::bad_alloc) = 0;
+ virtual void free(void *) throw() = 0;
+ virtual void *realloc(void *, size_t) throw(std::bad_alloc) = 0;
//
// Template versions for added expressiveness.
// Note that the integers are element counts, not byte sizes.
//
- template <class T> T *alloc()
+ template <class T> T *alloc() throw(std::bad_alloc)
{ return reinterpret_cast<T *>(malloc(sizeof(T))); }
- template <class T> T *alloc(uint32 count)
+ template <class T> T *alloc(uint32 count) throw(std::bad_alloc)
{ return reinterpret_cast<T *>(malloc(sizeof(T) * count)); }
- template <class T> T *alloc(T *old, uint32 count)
+ template <class T> T *alloc(T *old, uint32 count) throw(std::bad_alloc)
{ return reinterpret_cast<T *>(realloc(old, sizeof(T) * count)); }
- template <class Data> CssmData alloc(const Data &source)
+ template <class Data> CssmData alloc(const Data &source) throw(std::bad_alloc)
{
size_t length = source.length();
return CssmData(memcpy(malloc(length), source.data(), length), length);
// Happier malloc/realloc for any type. Note that these still have
// the original (byte-sized) argument profile.
//
- template <class T> T *malloc(size_t size)
+ template <class T> T *malloc(size_t size) throw(std::bad_alloc)
{ return reinterpret_cast<T *>(malloc(size)); }
- template <class T> T *realloc(void *addr, size_t size)
+ template <class T> T *realloc(void *addr, size_t size) throw(std::bad_alloc)
{ return reinterpret_cast<T *>(realloc(addr, size)); }
-
+
// All right, if you *really* have to have calloc...
- void *calloc(size_t size, unsigned int count)
+ void *calloc(size_t size, unsigned int count) throw(std::bad_alloc)
{
void *addr = malloc(size * count);
memset(addr, 0, size * count);
}
// compare CssmAllocators for identity
- virtual bool operator == (const CssmAllocator &alloc) const;
+ virtual bool operator == (const CssmAllocator &alloc) const throw();
public:
// allocator chooser options
{ *(CSSM_MEMORY_FUNCS *)this = funcs; }
CssmMemoryFunctions() { }
- void *malloc(size_t size) const;
- void free(void *mem) const { free_func(mem, AllocRef); }
- void *realloc(void *mem, size_t size) const;
- void *calloc(uint32 count, size_t size) const;
+ void *malloc(size_t size) const throw(std::bad_alloc);
+ void free(void *mem) const throw() { free_func(mem, AllocRef); }
+ void *realloc(void *mem, size_t size) const throw(std::bad_alloc);
+ void *calloc(uint32 count, size_t size) const throw(std::bad_alloc);
- bool operator == (const CSSM_MEMORY_FUNCS &other) const
+ bool operator == (const CSSM_MEMORY_FUNCS &other) const throw()
{ return !memcmp(this, &other, sizeof(*this)); }
};
-inline void *CssmMemoryFunctions::malloc(size_t size) const
+inline void *CssmMemoryFunctions::malloc(size_t size) const throw(std::bad_alloc)
{
if (void *addr = malloc_func(size, AllocRef))
return addr;
throw std::bad_alloc();
}
-inline void *CssmMemoryFunctions::calloc(uint32 count, size_t size) const
+inline void *CssmMemoryFunctions::calloc(uint32 count, size_t size) const throw(std::bad_alloc)
{
if (void *addr = calloc_func(count, size, AllocRef))
return addr;
throw std::bad_alloc();
}
-inline void *CssmMemoryFunctions::realloc(void *mem, size_t size) const
+inline void *CssmMemoryFunctions::realloc(void *mem, size_t size) const throw(std::bad_alloc)
{
if (void *addr = realloc_func(mem, size, AllocRef))
return addr;
public:
CssmMemoryFunctionsAllocator(const CssmMemoryFunctions &memFuncs) : functions(memFuncs) { }
- void *malloc(size_t size);
- void free(void *addr);
- void *realloc(void *addr, size_t size);
-
- operator const CssmMemoryFunctions & () const { return functions; }
+ void *malloc(size_t size) throw(std::bad_alloc);
+ void free(void *addr) throw();
+ void *realloc(void *addr, size_t size) throw(std::bad_alloc);
+ operator const CssmMemoryFunctions & () const throw() { return functions; }
+
private:
const CssmMemoryFunctions functions;
};
//
// Global C++ allocation hooks to use CssmAllocators
//
-inline void *operator new (size_t size, CssmAllocator &allocator)
+inline void *operator new (size_t size, CssmAllocator &allocator) throw(std::bad_alloc)
{ return allocator.malloc(size); }
//
// Use this to cleanly destroy things.
//
template <class T>
-inline void destroy(T *obj, CssmAllocator &alloc)
+inline void destroy(T *obj, CssmAllocator &alloc) throw()
{
obj->~T();
alloc.free(obj);
}
// untyped (release memory only, no destructor call)
-inline void destroy(void *obj, CssmAllocator &alloc)
+inline void destroy(void *obj, CssmAllocator &alloc) throw()
{
alloc.free(obj);
}
CssmAllocatorMemoryFunctions() { /*IFDEBUG(*/ AllocRef = NULL /*)*/ ; } // later assignment req'd
private:
- static void *relayMalloc(size_t size, void *ref);
- static void relayFree(void *mem, void *ref);
- static void *relayRealloc(void *mem, size_t size, void *ref);
- static void *relayCalloc(uint32 count, size_t size, void *ref);
-
- static CssmAllocator &allocator(void *ref)
+ static void *relayMalloc(size_t size, void *ref) throw(std::bad_alloc);
+ static void relayFree(void *mem, void *ref) throw();
+ static void *relayRealloc(void *mem, size_t size, void *ref) throw(std::bad_alloc);
+ static void *relayCalloc(uint32 count, size_t size, void *ref) throw(std::bad_alloc);
+
+ static CssmAllocator &allocator(void *ref) throw()
{ return *reinterpret_cast<CssmAllocator *>(ref); }
};
//
-// A mixin class to automatically manage your allocator.
+// A mixin class to automagically manage your allocator.
// To allow allocation (of your object) from any instance of CssmAllocator,
// inherit from CssmHeap. Your users can then create heap instances of your thing by
// new (an-allocator) YourClass(...)
//
class CssmHeap {
public:
- void *operator new (size_t size, CssmAllocator *alloc = NULL);
- void operator delete (void *addr, size_t size);
- void operator delete (void *addr, size_t size, CssmAllocator *alloc);
+ void *operator new (size_t size, CssmAllocator *alloc = NULL) throw(std::bad_alloc);
+ void operator delete (void *addr, size_t size) throw();
+ void operator delete (void *addr, size_t size, CssmAllocator *alloc) throw();
};
template <class T1> CssmAutoPtr(CssmAllocator &alloc, CssmAutoPtr<T1> &src)
: allocator(alloc), mine(rc.release()) { assert(allocator == src.allocator); }
- ~CssmAutoPtr() { destroy(mine); }
+ ~CssmAutoPtr() { allocator.free(mine); }
T *get() const throw() { return mine; }
T *release() { T *result = mine; mine = NULL; return result; }
void reset() { allocator.free(mine); mine = NULL; }
-
+
operator T * () const { return mine; }
T *operator -> () const { return mine; }
T &operator * () const { assert(mine); return *mine; }
//
-// A CssmAllocator that keeps track of allocations and can throw everything
-// away unless explicitly committed.
+// A generic helper for the unhappily ubiquitous CSSM-style
+// (count, pointer-to-array) style of arrays.
//
-class TrackingAllocator : public CssmAllocator
-{
+template <class Base, class Wrapper = Base>
+class CssmVector {
public:
- TrackingAllocator(CssmAllocator &inAllocator) : mAllocator(inAllocator) {}
- virtual ~TrackingAllocator();
-
- void *malloc(size_t inSize)
- {
- void *anAddress = mAllocator.malloc(inSize);
- mAllocSet.insert(anAddress);
- return anAddress;
- }
-
- void free(void *inAddress)
- {
- mAllocator.free(inAddress);
- mAllocSet.erase(inAddress);
- }
+ CssmVector(uint32 &cnt, Base * &vec, CssmAllocator &alloc = CssmAllocator::standard())
+ : count(cnt), vector(reinterpret_cast<Wrapper * &>(vec)),
+ allocator(alloc)
+ {
+ count = 0;
+ vector = NULL;
+ }
+
+ ~CssmVector() { allocator.free(vector); }
+
+ uint32 &count;
+ Wrapper * &vector;
+ CssmAllocator &allocator;
- void *realloc(void *inAddress, size_t inNewSize)
- {
- void *anAddress = mAllocator.realloc(inAddress, inNewSize);
- if (anAddress != inAddress)
- {
- mAllocSet.erase(inAddress);
- mAllocSet.insert(anAddress);
- }
-
- return anAddress;
- }
-
- void commit() { mAllocSet.clear(); }
-private:
- typedef std::set<void *> AllocSet;
-
- CssmAllocator &mAllocator;
- AllocSet mAllocSet;
+public:
+ Wrapper &operator [] (uint32 ix)
+ { assert(ix < count); return vector[ix]; }
+
+ void operator += (const Wrapper &add)
+ {
+ vector = reinterpret_cast<Wrapper *>(allocator.realloc(vector, (count + 1) * sizeof(Wrapper)));
+ //@@@???compiler bug??? vector = allocator.alloc<Wrapper>(vector, count + 1);
+ vector[count++] = add;
+ }
};
+
} // end namespace Security
#ifdef _CPP_CSSMALLOC
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// cssmcert - CSSM layer certificate (CL) related objects.
+//
+#include <Security/cssmcert.h>
+#include <Security/debugging.h>
+
+
+namespace Security {
+
+
+//
+// Construct an EncodedCertificate
+//
+EncodedCertificate::EncodedCertificate(CSSM_CERT_TYPE type, CSSM_CERT_ENCODING enc,
+ const CSSM_DATA *data)
+{
+ clearPod();
+ CertType = type;
+ CertEncoding = enc;
+ if (data)
+ CertBlob = *data;
+}
+
+
+//
+// Construct an empty CertGroup.
+//
+CertGroup::CertGroup(CSSM_CERT_TYPE ctype,
+ CSSM_CERT_ENCODING encoding, CSSM_CERTGROUP_TYPE type)
+{
+ clearPod();
+ CertType = ctype;
+ CertEncoding = encoding;
+ CertGroupType = type;
+}
+
+
+//
+// Free all memory in a CertGroup
+//
+void CertGroup::destroy(CssmAllocator &allocator)
+{
+ switch (type()) {
+ case CSSM_CERTGROUP_DATA:
+ // array of CSSM_DATA elements
+ for (uint32 n = 0; n < count(); n++)
+ allocator.free(blobCerts()[n].data());
+ break;
+ case CSSM_CERTGROUP_ENCODED_CERT:
+ for (uint32 n = 0; n < count(); n++)
+ allocator.free(encodedCerts()[n].data());
+ break;
+ case CSSM_CERTGROUP_PARSED_CERT:
+ // CSSM_PARSED_CERTS array -- unimplemented
+ case CSSM_CERTGROUP_CERT_PAIR:
+ // CSSM_CERT_PAIR array -- unimplemented
+ break;
+ }
+}
+
+
+} // end namespace Security
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// cssmcert - CSSM layer certificate (CL) related objects.
+//
+#ifndef _H_CSSMCERT
+#define _H_CSSMCERT
+
+#include <Security/utilities.h>
+#include <Security/cssmalloc.h>
+
+
+namespace Security {
+
+
+//
+// A CSSM_FIELD, essentially an OID/Data pair.
+//
+class CssmField : public PodWrapper<CssmField, CSSM_FIELD> {
+public:
+ CssmField() { }
+ CssmField(const CSSM_OID &oid, const CSSM_DATA &value)
+ { FieldOid = oid; FieldValue = value; }
+
+ CssmField(const CSSM_OID &oid)
+ { FieldOid = oid; FieldValue = CssmData(); }
+
+public:
+ CssmOid &oid() { return CssmOid::overlay(FieldOid); }
+ CssmOid &value() { return CssmOid::overlay(FieldValue); }
+ const CssmOid &oid() const { return CssmOid::overlay(FieldOid); }
+ const CssmOid &value() const { return CssmOid::overlay(FieldValue); }
+
+ bool isComplex() const
+ { return value().length() == CSSM_FIELDVALUE_COMPLEX_DATA_TYPE; }
+};
+
+
+//
+// An encoded certificate
+//
+class EncodedCertificate : public PodWrapper<EncodedCertificate, CSSM_ENCODED_CERT> {
+public:
+ EncodedCertificate(CSSM_CERT_TYPE type = CSSM_CERT_UNKNOWN,
+ CSSM_CERT_ENCODING enc = CSSM_CERT_ENCODING_UNKNOWN,
+ const CSSM_DATA *data = NULL);
+
+ CSSM_CERT_TYPE type() const { return CertType; }
+ CSSM_CERT_ENCODING encoding() const { return CertEncoding; }
+ const CssmData &blob() const { return CssmData::overlay(CertBlob); }
+
+ // CssmDataoid features
+ void *data() const { return blob().data(); }
+ size_t length() const { return blob().length(); }
+};
+
+
+//
+// CertGroups - groups of certificates in a bewildering variety of forms
+//
+class CertGroup : public PodWrapper<CertGroup, CSSM_CERTGROUP> {
+public:
+ CertGroup() { }
+ CertGroup(CSSM_CERT_TYPE ctype, CSSM_CERT_ENCODING encoding, CSSM_CERTGROUP_TYPE type);
+
+public:
+ CSSM_CERT_TYPE certType() const { return CertType; }
+ CSSM_CERT_ENCODING encoding() const { return CertEncoding; }
+ CSSM_CERTGROUP_TYPE type() const { return CertGroupType; }
+ uint32 count() const { return NumCerts; }
+ uint32 &count() { return NumCerts; }
+
+public:
+ // CSSM_CERTGROUP_DATA version
+ CssmData * &blobCerts()
+ { assert(type() == CSSM_CERTGROUP_DATA); return CssmData::overlayVar(GroupList.CertList); }
+ CssmData *blobCerts() const
+ { assert(type() == CSSM_CERTGROUP_DATA); return CssmData::overlay(GroupList.CertList); }
+
+ // CSSM_CERTGROUP_ENCODED_CERT version
+ EncodedCertificate * &encodedCerts()
+ { return EncodedCertificate::overlayVar(GroupList.EncodedCertList); }
+ EncodedCertificate *encodedCerts() const
+ { return EncodedCertificate::overlay(GroupList.EncodedCertList); }
+
+public:
+ // free all memory in this group with the given allocator
+ void destroy(CssmAllocator &allocator);
+};
+
+
+//
+// Walkers
+//
+namespace DataWalkers {
+
+
+
+
+} // end namespace DataWalkers
+} // end namespace Security
+
+#endif //_H_CSSMCERT
public:
CssmSample(const TypedList &list)
{ TypedSample = list; Verifier = NULL; }
- CssmSample(TypedList &list, const CssmSubserviceUid &ver)
+ CssmSample(const TypedList &list, const CssmSubserviceUid &ver)
{ TypedSample = list; Verifier = &ver; }
TypedList &value() { return TypedList::overlay(TypedSample); }
//
class AccessCredentials : public PodWrapper<AccessCredentials, CSSM_ACCESS_CREDENTIALS> {
public:
- AccessCredentials() { memset(this, 0, sizeof(*this)); }
+ AccessCredentials() { clearPod(); }
const char *tag() const { return EntryTag; }
public:
static const AccessCredentials &null; // all null credential
+
+ // turn NULL into a null credential if needed
+ static const AccessCredentials *needed(const CSSM_ACCESS_CREDENTIALS *cred)
+ { return cred ? overlay(cred) : &null; }
};
//
// cssmdata.cpp -- Manager different CssmData types
//
-#ifdef __MWERKS__
-#define _CPP_CDSA_UTILITIES_CSSMDATA
-#endif
#include <Security/cssmdata.h>
-
#include <Security/utilities.h>
+#include <cstring>
+
+
+namespace Security {
+
+
+//
+// Comparing raw CSSM_DATA things
+//
+bool operator == (const CSSM_DATA &d1, const CSSM_DATA &d2)
+{
+ if (&d1 == &d2)
+ return true; // identical
+ if (d1.Length != d2.Length)
+ return false; // can't be
+ if (d1.Data == d2.Data)
+ return true; // points to same data
+ return !memcmp(d1.Data, d2.Data, d1.Length);
+}
//
return Guid(reinterpret_cast<const char *>(mData.Data));
}
+
+
+} // end namespace Security
#include <Security/cssmalloc.h>
#include <Security/refcount.h>
-#ifdef _CPP_CDSA_UTILITIES_CSSMDATA
-#pragma export on
-#endif
-namespace Security
-{
+namespace Security {
+
+
+//
+// A convenient way to make a CssmData from a (const) string.
+// Note that the underlying string is not memory-managed, so it
+// should either be static or of sufficient (immutable) lifetime.
+//
+class StringData : public CssmData {
+public:
+ StringData(const char *s) : CssmData(const_cast<char *>(s), strlen(s)) { }
+};
+
+
+//
+// A CssmData bundled up with a data buffer it refers to
+//
+template <size_t size>
+struct DataBuffer : public CssmData {
+ unsigned char buffer[size];
+ DataBuffer() : CssmData(buffer, size) { }
+};
+
+
+//
+// Comparing CssmDatas for equality.
+// Note: No ordering is established here.
+// Both CSSM_DATAs have to exist.
+//
+bool operator == (const CSSM_DATA &d1, const CSSM_DATA &d2);
+inline bool operator != (const CSSM_DATA &d1, const CSSM_DATA &d2)
+{ return !(d1 == d2); }
+
//
// The following pseudo-code describes what (at minimum) is required for a class
// operator const CssmData &() const ...
// }
//
-// All this can be satisfied, of course, by inheriting form CssmData.
+// All this can be satisfied, of course, by inheriting from CssmData.
//
template <class Data>
CssmAutoData(CssmAllocator &alloc, const Data &source) : CssmOwnedData(alloc, mData)
{ *this = source; }
-
+
+ CssmAutoData(CssmAutoData &source) : CssmOwnedData(source.allocator, mData)
+ { set(source); }
+
explicit CssmAutoData(CssmManagedData &source) : CssmOwnedData(source.allocator, mData)
{ set(source); }
CssmPolyData(const sint32 &t) : CssmData(set(t), sizeof(t)) { }
CssmPolyData(const sint64 &t) : CssmData(set(t), sizeof(t)) { }
CssmPolyData(const double &t) : CssmData(set(t), sizeof(t)) { }
+ CssmPolyData(const StringPtr s) : CssmData (reinterpret_cast<char*>(s + 1), uint32 (s[0])) {}
};
class CssmDateData : public CssmData
bool CssmBuffer::operator < (const CssmBuffer &other) const { return (**this) < (*other); }
};
-} // end namespace Security
-#ifdef _CPP_CSSMDATA
-#pragma export off
-#endif
+} // end namespace Security
#endif // _H_CDSA_UTILITIES_CSSMDATA
//
// Manage the Tower of Babel of CSSM dates and times
//
-#ifdef __MWERKS__
-#define _CPP_CSSMDATES
-#endif
#include <Security/cssmdates.h>
+#include <string>
+//
+// A (private) PODwrapper for CFGregorianDate
+//
+struct Gregorian : public PodWrapper<Gregorian, CFGregorianDate> {
+ Gregorian() { }
+
+ Gregorian(int y, int m, int d, int h = 0, int min = 0, double sec = 0)
+ {
+ year = y; month = m; day = d;
+ hour = h; minute = min; second = sec;
+ }
+
+ Gregorian(CFAbsoluteTime ref)
+ { static_cast<CFGregorianDate &>(*this) = CFAbsoluteTimeGetGregorianDate(ref, NULL); }
+
+ operator CFAbsoluteTime () const
+ { return CFGregorianDateGetAbsoluteTime(*this, NULL); }
+};
+
+
+//
+// The CssmDate PODwrapper
+//
+CssmDate::CssmDate(const char *y, const char *m, const char *d)
+{
+ assign(years(), 4, y);
+ assign(months(), 2, m);
+ assign(days(), 2, d);
+}
+
+CssmDate::CssmDate(int y, int m, int d)
+{
+ // internal format is "yyyymmdd" (no null termination)
+ char str[9];
+ if (8 != snprintf(str, 9, "%4.4d%2.2d%2.2d", y, m, d))
+ CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT);
+ memcpy(this, str, 8);
+}
+
+int CssmDate::year() const
+{ return atoi(string(years(), 4).c_str()); }
+
+int CssmDate::month() const
+{ return atoi(string(months(), 2).c_str()); }
+
+int CssmDate::day() const
+{ return atoi(string(days(), 2).c_str()); }
+
+// right-adjust fill
+void CssmDate::assign(char *dest, int width, const char *src)
+{
+ // pick last width characters of src at most
+ int len = strlen(src);
+ if (len > width)
+ CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT);
+ memset(dest, '0', width - len);
+ memcpy(dest + width - len, src, len);
+}
+
+
+//
+// CssmUniformDate core functions
+//
+
+
+//
+// Uniform conversions with CFDateRef
+//
+CssmUniformDate::CssmUniformDate(CFDateRef ref)
+{
+ mTime = CFDateGetAbsoluteTime(ref);
+}
+
+CssmUniformDate::operator CFDateRef() const
+{
+ return CFDateCreate(NULL, mTime);
+}
+
+
+//
+// Uniform conversions with CssmDates
+//
+CssmUniformDate::CssmUniformDate(const CssmDate &date)
+{
+ mTime = CFGregorianDateGetAbsoluteTime(Gregorian(date.year(), date.month(), date.day()),
+ NULL);
+}
+
+CssmUniformDate::operator CssmDate () const
+{
+ Gregorian greg(mTime);
+ return CssmDate(greg.year, greg.month, greg.day);
+}
+
+
+//
+// Uniform conversions with CssmData (1999-06-30_15:05:39 form)
+//
+CssmUniformDate::CssmUniformDate(const CSSM_DATA &inData)
+{
+ const CssmData &data = CssmData::overlay(inData);
+ if (data.length() != 19)
+ CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT);
+ setFromString(reinterpret_cast<const char *>(inData.Data), "%ld-%d-%d_%d:%d:%lf", 19);
+}
+
+void CssmUniformDate::convertTo(CssmOwnedData &data) const
+{
+ Gregorian greg(mTime);
+ char str[20];
+ if (19 != snprintf(str, 20, "%4.4d-%2.2d-%2.2d_%2.2d:%2.2d:%2.2d",
+ int(greg.year), greg.month, greg.day, greg.hour, greg.minute, int(greg.second)))
+ CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT);
+ data = CssmData(str, 19);
+}
+
+
+//
+// Uniform conversions with CSSM_TIMESTRING (19990630150539 form)
+//
+CssmUniformDate::CssmUniformDate(const char *src)
+{
+ setFromString(src, "%4ld%2d%2d%2d%2d%2lf", 14);
+}
+
+void CssmUniformDate::convertTo(char *dst, size_t length) const
+{
+ if (length < 14)
+ CssmError::throwMe(CSSMERR_CSSM_BUFFER_TOO_SMALL);
+ Gregorian greg(mTime);
+ char str[15];
+ if (14 != snprintf(str, 15, "%4.4d%2.2d%2.2d%2.2d%2.2d%2.2d",
+ int(greg.year), greg.month, greg.day, greg.hour, greg.minute, int(greg.second)))
+ CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT);
+ memcpy(dst, str, length == 14 ? 14 : 15); // null terminate if there's room
+}
+
+
+//
+// Generalized parse-from-string setup
+//
+void CssmUniformDate::setFromString(const char *src, const char *format, size_t fieldWidth)
+{
+ // use a stack buffer
+ char str[20];
+ assert(fieldWidth < sizeof(str));
+
+ // make a copy with proper null terminator
+ memcpy(str, src, fieldWidth);
+ str[fieldWidth] = '\0';
+
+ // parse (with limited checks for bad field formats)
+ long year;
+ int month, day, hour, minute;
+ double second;
+ if (6 != sscanf(str, format,
+ &year, &month, &day, &hour, &minute, &second))
+ CssmError::throwMe(CSSM_ERRCODE_UNKNOWN_FORMAT);
+
+ // success
+ mTime = Gregorian(year, month, day, hour, minute, second);
+}
#define _H_CSSMDATES
#include <Security/utilities.h>
+#include <Security/cssmdata.h>
+#include <CoreFoundation/CFDate.h>
-#ifdef _CPP_CSSMDATES
-#pragma export on
-#endif
-namespace Security
-{
+namespace Security {
-class CssmDate : public PodWrapper<CssmDate, CSSM_DATE>
-{
+
+//
+// A PodWrapper for CSSM_DATE
+//
+class CssmDate : public PodWrapper<CssmDate, CSSM_DATE> {
+public:
+ CssmDate() { }
+ CssmDate(const char *y, const char *m, const char *d);
+ CssmDate(int y, int m, int d);
+
+ const char *years() const { return reinterpret_cast<const char *>(Year); }
+ const char *months() const { return reinterpret_cast<const char *>(Month); }
+ const char *days() const { return reinterpret_cast<const char *>(Day); }
+ char *years() { return reinterpret_cast<char *>(Year); }
+ char *months() { return reinterpret_cast<char *>(Month); }
+ char *days() { return reinterpret_cast<char *>(Day); }
+
+ int year() const;
+ int month() const;
+ int day() const;
+
+private:
+ static void assign(char *dest, int width, const char *src);
};
+inline bool operator == (const CSSM_DATE &d1, const CSSM_DATE &d2)
+{ return !memcmp(&d1, &d2, sizeof(d1)); }
+
+inline bool operator != (const CSSM_DATE &d1, const CSSM_DATE &d2)
+{ return !memcmp(&d1, &d2, sizeof(d1)); }
+
+
+//
+// Yet another CSSM date/time format is CSSM_TIMESTRING. This is
+// defined as "char *", just so you can't use the type system
+// to keep things sane, so we can't really PodWrap it the usual way.
+// What *were* they thinking?
+// The format is allegedly "yyyymmddhhmmss", and the standard says
+// nothing about trailing null characters.
+//
-class CssmStringDate
-{
+
+//
+// A unified date-and-time object.
+// This is based on CFDate objects and converts to various CSSM
+// inspired formats.
+//
+class CssmUniformDate {
public:
- CssmStringDate(CSSM_TIMESTRING str);
+ CssmUniformDate() { }
+
+ // convert to/from CFDateRef
+ CssmUniformDate(CFDateRef ref);
+ operator CFDateRef() const;
+
+ // convert to/from CSSM_DATE
+ CssmUniformDate(const CssmDate &src);
+ CssmUniformDate(const CSSM_DATE &src);
+ operator CssmDate () const;
+
+ // convert to/from DATA format (1999-06-30_15:05:39 form)
+ CssmUniformDate(const CSSM_DATA &src);
+ void convertTo(CssmOwnedData &data) const;
+
+ // convert to/from CSSM_TIMESTRING format (19990630150539)
+ CssmUniformDate(const char *src);
+ void convertTo(char *dest, size_t length) const;
+
+ // native comparisons
+ bool operator < (const CssmUniformDate &other) const { return mTime < other.mTime; }
+ bool operator == (const CssmUniformDate &other) const { return mTime == other.mTime; }
+ bool operator > (const CssmUniformDate &other) const { return mTime > other.mTime; }
+ bool operator <= (const CssmUniformDate &other) const { return mTime <= other.mTime; }
+ bool operator >= (const CssmUniformDate &other) const { return mTime >= other.mTime; }
+ bool operator != (const CssmUniformDate &other) const { return mTime != other.mTime; }
+
private:
- CSSM_TIMESTRING timeString;
+ void setFromString(const char *src, const char *format, size_t fieldLength);
+
+private:
+ CFAbsoluteTime mTime;
};
-} // end namespace Security
-#ifdef _CPP_CSSMDATES
-#pragma export off
-#endif
+} // end namespace Security
#endif //_H_CSSMDATES
{
for (uint32 anIndex = 0; anIndex < NumberOfValues; anIndex++)
{
- if (Value[anIndex].Length)
+ if (Value[anIndex].Data)
{
inAllocator.free(Value[anIndex].Data);
- Value[anIndex].Length = 0;
}
+
+ Value[anIndex].Length = 0;
}
inAllocator.free(Value);
ArrayBuilder<CssmDbAttributeData>::clear();
}
+
+
+static bool CompareAttributeInfos (const CSSM_DB_ATTRIBUTE_INFO &a, const CSSM_DB_ATTRIBUTE_INFO &b)
+{
+ // check the format of the names
+ if (a.AttributeNameFormat != b.AttributeNameFormat)
+ {
+ return false;
+ }
+
+ switch (a.AttributeNameFormat)
+ {
+ case CSSM_DB_ATTRIBUTE_NAME_AS_STRING:
+ {
+ return strcmp (a.Label.AttributeName, b.Label.AttributeName) == 0;
+ }
+
+ case CSSM_DB_ATTRIBUTE_NAME_AS_OID:
+ {
+ if (a.Label.AttributeOID.Length != b.Label.AttributeOID.Length)
+ {
+ return false;
+ }
+
+ return memcmp (a.Label.AttributeOID.Data, b.Label.AttributeOID.Data, a.Label.AttributeOID.Length) == 0;
+ }
+
+
+ case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER:
+ {
+ return a.Label.AttributeID == b.Label.AttributeID;
+ }
+ }
+
+ return true; // just to keep the compiler from complaining
+}
+
+
+
+CssmDbAttributeData* CssmAutoDbRecordAttributeData::findAttribute (const CSSM_DB_ATTRIBUTE_INFO &info)
+{
+ // walk through the data, looking for an attribute of the same type
+ int i;
+ for (i = 0; i < size (); ++i)
+ {
+ CssmDbAttributeData& d = at (i);
+ CSSM_DB_ATTRIBUTE_INFO &inInfo = d.info ();
+
+ if (CompareAttributeInfos (info, inInfo))
+ {
+ return &d;
+ }
+ }
+
+ // found nothing?
+ return NULL;
+}
+
+
+
+CssmDbAttributeData& CssmAutoDbRecordAttributeData::getAttributeReference (const CSSM_DB_ATTRIBUTE_INFO &info)
+{
+ // Either find an existing reference to an attribute in the list, or make a new one.
+ CssmDbAttributeData *anAttr = findAttribute (info);
+ if (anAttr) // was this already in the list?
+ {
+ // clean it up
+ anAttr->deleteValues (mValueAllocator);
+ }
+ else
+ {
+ // make a new one
+ anAttr = &add();
+ }
+
+ return *anAttr;
+}
+
+
+
CssmDbAttributeData &
CssmAutoDbRecordAttributeData::add(const CSSM_DB_ATTRIBUTE_INFO &info)
{
- CssmDbAttributeData &anAttr = add();
+ CssmDbAttributeData& anAttr = getAttributeReference (info);
anAttr.info(info);
return anAttr;
}
CssmDbAttributeData &
CssmAutoDbRecordAttributeData::add(const CSSM_DB_ATTRIBUTE_INFO &info, const CssmPolyData &value)
{
- CssmDbAttributeData &anAttr = add();
+ CssmDbAttributeData &anAttr = getAttributeReference (info);
anAttr.set(info, value, mValueAllocator);
return anAttr;
}
CssmDbAttributeData(const CSSM_DB_ATTRIBUTE_INFO &info)
{ Info = info; NumberOfValues = 0; Value = NULL; }
- CSSM_DB_ATTRIBUTE_FORMAT format() const { return info().format(); }
-
CssmDbAttributeInfo &info() { return CssmDbAttributeInfo::overlay(Info); }
const CssmDbAttributeInfo &info() const { return CssmDbAttributeInfo::overlay(Info); }
void info (const CSSM_DB_ATTRIBUTE_INFO &inInfo) { Info = inInfo; }
+ CSSM_DB_ATTRIBUTE_FORMAT format() const { return info().format(); }
+
uint32 size() const { return NumberOfValues; }
template <class T>
{
if (size() < 1) CssmError::throwMe(CSSMERR_DL_MISSING_VALUE);
assert(format() == CSSM_DB_ATTRIBUTE_FORMAT_STRING);
- return string(reinterpret_cast<const char *>(Value[0].Data), Value[0].Length);
+ return Value[0].Length ? string(reinterpret_cast<const char *>(Value[0].Data), Value[0].Length) : string();
}
operator bool() const
{
operator CssmAllocator &() const { return mValueAllocator; }
private:
CssmAllocator &mValueAllocator;
+
+ CssmDbAttributeData* findAttribute (const CSSM_DB_ATTRIBUTE_INFO &info);
+ CssmDbAttributeData& getAttributeReference (const CSSM_DB_ATTRIBUTE_INFO &info);
};
class CssmSelectionPredicate : public PodWrapper<CssmSelectionPredicate, CSSM_SELECTION_PREDICATE> {
public:
CssmSelectionPredicate() { /*IFDEBUG(*/ memset(this, 0, sizeof(*this)) /*)*/ ; }
- CssmSelectionPredicate(CSSM_DB_OPERATOR inDbOperator)
- { dbOperator(inDbOperator); Attribute.NumberOfValues = 0; Attribute.Value = NULL; }
CSSM_DB_OPERATOR dbOperator() const { return DbOperator; }
void dbOperator(CSSM_DB_OPERATOR dbOperator) { DbOperator = dbOperator; }
+ CssmSelectionPredicate(CSSM_DB_OPERATOR inDbOperator)
+ { dbOperator(inDbOperator); Attribute.NumberOfValues = 0; Attribute.Value = NULL; }
+
CssmDbAttributeData &attribute() { return CssmDbAttributeData::overlay(Attribute); }
const CssmDbAttributeData &attribute() const { return CssmDbAttributeData::overlay(Attribute); }
// Operators
bool operator <(const DLDbIdentifier &other) const
- { return mImpl && other.mImpl ? *mImpl < *other.mImpl : &*mImpl < &*other.mImpl; }
+ { return mImpl && other.mImpl ? *mImpl < *other.mImpl : mImpl.get() < other.mImpl.get(); }
bool operator ==(const DLDbIdentifier &other) const
- { return mImpl && other.mImpl ? *mImpl == *other.mImpl : &*mImpl == &*other.mImpl; }
+ { return mImpl && other.mImpl ? *mImpl == *other.mImpl : mImpl.get() == other.mImpl.get(); }
// Accessors
const CssmSubserviceUid &ssuid() const { return mImpl->ssuid(); }
#define _H_CSSMERRNO
#include <Security/utilities.h>
+#include <Security/cssmapple.h> /* for cssmPerror() */
+#include <string>
#ifdef _CPP_CSSMERRNO
#pragma export on
#endif
-#ifdef __cplusplus
-
-#include <string>
-
namespace Security
{
-extern "C" void cssmPerror(const char *how, CSSM_RETURN error);
string cssmErrorString(CSSM_RETURN error);
string cssmErrorString(const CssmCommonError &error);
} // end namespace Security
-#else // C, not C++
-
-void cssmPerror(const char *how, CSSM_RETURN error);
-
-#endif
-
#ifdef _CPP_CSSMERRNO
#pragma export off
#endif
#endif
#include <Security/cssmlist.h>
+#include <Security/cssmdata.h>
//
Element.Word = data;
}
-ListElement::ListElement(CssmAllocator &alloc, string s)
+ListElement::ListElement(CssmAllocator &alloc, const CssmData &data)
+{
+ ElementType = CSSM_LIST_ELEMENT_DATUM;
+ WordID = 0;
+ Element.Word = CssmAutoData(alloc, data).release();
+}
+
+ListElement::ListElement(CssmAllocator &alloc, const string &s)
{
ElementType = CSSM_LIST_ELEMENT_DATUM;
WordID = 0;
- size_t length = s.size();
- Element.Word = CssmData(memcpy(alloc.alloc<char>(length), s.data(), length), length);
+ Element.Word = CssmAutoData(alloc, s.data(), s.size()).release();
}
ListElement::ListElement(const CssmList &list)
append(elem2);
}
+TypedList::TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1, ListElement *elem2, ListElement *elem3)
+{
+ append(new(alloc) ListElement(type));
+ append(elem1);
+ append(elem2);
+ append(elem3);
+}
+
+TypedList::TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1, ListElement *elem2, ListElement *elem3, ListElement *elem4)
+{
+ append(new(alloc) ListElement(type));
+ append(elem1);
+ append(elem2);
+ append(elem3);
+ append(elem4);
+}
+
//
// Verify that a TypedList is "proper", i.e. has a first element of WORDID form
//
class ListElement : public PodWrapper<ListElement, CSSM_LIST_ELEMENT> {
public:
- // list element chaining
+ // type control
CSSM_LIST_ELEMENT_TYPE type() const { return ElementType; }
+ bool is(CSSM_LIST_ELEMENT_TYPE t) const { return type() == t; }
+
+ // list element chaining
ListElement * &next() { return ListElement::overlayVar(NextElement); }
ListElement *next() const { return ListElement::overlay(NextElement); }
ListElement *last();
// CssmData personality
ListElement(const CssmData &data);
- ListElement(CssmAllocator &alloc, string stringData);
+ ListElement(CssmAllocator &alloc, const CssmData &data);
+ ListElement(CssmAllocator &alloc, const std::string &stringData);
CssmData &data();
+ string toString() const { return data().toString(); }
const CssmData &data() const;
ListElement &operator = (const CssmData &data);
operator CssmData &() { return data(); }
- operator string () const { return data(); }
+ operator std::string () const { return toString(); }
bool operator == (const CssmData &other) const { return data() == other; }
bool operator != (const CssmData &other) const { return data() != other; }
TypedList(const CSSM_LIST &list) { *(CSSM_LIST *)this = list; }
TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type);
TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1);
- TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1, ListElement *elem2);
+ TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1,
+ ListElement *elem2);
+ TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1,
+ ListElement *elem2, ListElement *elem3);
+ TypedList(CssmAllocator &alloc, CSSM_WORDID_TYPE type, ListElement *elem1,
+ ListElement *elem2, ListElement *elem3, ListElement *elem4);
bool isProper() const; // format check (does not throw)
static TypedList &overlay(CSSM_LIST &list)
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// cssmtrust - CSSM layer Trust (TP) related objects.
+//
+#include <Security/cssmtrust.h>
+#include <Security/debugging.h>
+
+
+namespace Security {
+
+
+//
+// Cleanly release the memory in a TPEvidenceInfo
+//
+void TPEvidenceInfo::destroy(CssmAllocator &allocator)
+{
+ // status code array
+ if (codes() > 0 && StatusCodes)
+ allocator.free(StatusCodes);
+
+ //@@@ need to free unique id if present
+}
+
+
+} // end namespace Security
--- /dev/null
+/*
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// cssmtrust - CSSM layer Trust (TP) related objects.
+//
+#ifndef _H_CSSMTRUST
+#define _H_CSSMTRUST
+
+#include <Security/utilities.h>
+#include <Security/cssmcert.h>
+#include <Security/cssmcred.h>
+
+
+namespace Security {
+
+
+//
+// A TP "POLICYINFO" structure, essentially an OID/Data pair.
+//
+class PolicyInfo : public PodWrapper<PolicyInfo, CSSM_TP_POLICYINFO> {
+public:
+ uint32 count() const { return NumberOfPolicyIds; }
+ uint32 &count() { return NumberOfPolicyIds; }
+ CssmField *policies() const { return CssmField::overlay(PolicyIds); }
+ CssmField * &policies() { return CssmField::overlayVar(PolicyIds); }
+ void *control() const { return PolicyControl; }
+
+ CssmField &operator [] (uint32 ix)
+ { assert(ix < count()); return policies()[ix]; }
+
+ void setPolicies(uint32 n, CSSM_FIELD *p)
+ { count() = n; policies() = CssmField::overlay(p); }
+};
+
+
+//
+// A CSSM_DL_DB_LIST wrapper.
+// Note that there is a DLDBList class elsewhere that is quite
+// unrelated to this structure.
+//
+class CssmDlDbHandle : public PodWrapper<CssmDlDbHandle, CSSM_DL_DB_HANDLE> {
+public:
+ CssmDlDbHandle(CSSM_DL_HANDLE dl, CSSM_DB_HANDLE db)
+ { DLHandle = dl; DBHandle = db; }
+
+ CSSM_DL_HANDLE dl() const { return DLHandle; }
+ CSSM_DB_HANDLE db() const { return DBHandle; }
+
+ operator bool() const { return DLHandle && DBHandle; }
+};
+
+
+class CssmDlDbList : public PodWrapper<CssmDlDbList, CSSM_DL_DB_LIST> {
+public:
+ uint32 count() const { return NumHandles; }
+ uint32 &count() { return NumHandles; }
+ CssmDlDbHandle *handles() const { return CssmDlDbHandle::overlay(DLDBHandle); }
+ CssmDlDbHandle * &handles() { return CssmDlDbHandle::overlayVar(DLDBHandle); }
+
+ CssmDlDbHandle &operator [] (uint32 ix) const
+ { assert(ix < count()); return CssmDlDbHandle::overlay(DLDBHandle[ix]); }
+
+ void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list)
+ { count() = n; handles() = CssmDlDbHandle::overlay(list); }
+};
+
+
+//
+// TP caller authentication contexts
+//
+class TPCallerAuth : public PodWrapper<TPCallerAuth, CSSM_TP_CALLERAUTH_CONTEXT> {
+public:
+ CSSM_TP_STOP_ON stopCriterion() const { return VerificationAbortOn; }
+ void stopCriterion(CSSM_TP_STOP_ON stop) { VerificationAbortOn = stop; }
+
+ CSSM_TIMESTRING time() const { return VerifyTime; }
+ void time(CSSM_TIMESTRING newTime) { VerifyTime = newTime; }
+
+ PolicyInfo &policies() { return PolicyInfo::overlay(Policy); }
+ const PolicyInfo &policies() const { return PolicyInfo::overlay(Policy); }
+ void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
+
+ AccessCredentials *creds() const
+ { return AccessCredentials::optional(CallerCredentials); }
+ void creds(AccessCredentials *newCreds) { CallerCredentials = newCreds; }
+
+ uint32 anchorCount() const { return NumberOfAnchorCerts; }
+ uint32 &anchorCount() { return NumberOfAnchorCerts; }
+ CssmData *anchors() const { return CssmData::overlay(AnchorCerts); }
+ CssmData * &anchors() { return CssmData::overlayVar(AnchorCerts); }
+
+ CssmDlDbList *dlDbList() const { return CssmDlDbList::overlay(DBList); }
+ CssmDlDbList * &dlDbList() { return CssmDlDbList::overlayVar(DBList); }
+};
+
+
+//
+// TP Verify Contexts - a monster collection of possibly useful stuff
+// when verifying a certificate against trust policies
+//
+class TPVerifyContext : public PodWrapper<TPVerifyContext, CSSM_TP_VERIFY_CONTEXT> {
+public:
+ CSSM_TP_ACTION action() const { return Action; }
+ CssmData &actionData() { return CssmData::overlay(ActionData); }
+ const CssmData &actionData() const { return CssmData::overlay(ActionData); }
+
+ // set and reference the CallerAuth component
+ TPCallerAuth &callerAuth() const { return TPCallerAuth::required(Cred); }
+ operator TPCallerAuth &() const { return callerAuth(); }
+ TPCallerAuth *callerAuthPtr() const { return TPCallerAuth::optional(Cred); }
+ void callerAuthPtr(CSSM_TP_CALLERAUTH_CONTEXT *p) { Cred = p; }
+
+ // forward CallerAuth operations
+
+ CSSM_TP_STOP_ON stopCriterion() const { return callerAuth().stopCriterion(); }
+ void stopCriterion(CSSM_TP_STOP_ON stop) { return callerAuth().stopCriterion(stop); }
+ PolicyInfo &policies() const { return callerAuth().policies(); }
+ void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
+ CSSM_TIMESTRING time() const { return callerAuth().time(); }
+ void time(CSSM_TIMESTRING newTime) { return callerAuth().time(newTime); }
+ AccessCredentials *creds() const { return callerAuth().creds(); }
+ void creds(AccessCredentials *newCreds) const { return callerAuth().creds(newCreds); }
+ uint32 anchorCount() const { return callerAuth().anchorCount(); }
+ uint32 &anchorCount() { return callerAuth().anchorCount(); }
+ CssmData *anchors() const { return callerAuth().anchors(); }
+ CssmData * &anchors() { return callerAuth().anchors(); }
+ void anchors(uint32 count, CSSM_DATA *vector)
+ { anchorCount() = count; anchors() = CssmData::overlay(vector); }
+ void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list)
+ { callerAuth().dlDbList()->setDlDbList(n, list); }
+};
+
+
+//
+// The result of a (raw) TP trust verification call
+//
+class TPEvidence : public PodWrapper<TPEvidence, CSSM_EVIDENCE> {
+public:
+ CSSM_EVIDENCE_FORM form() const { return EvidenceForm; }
+ void *data() const { return Evidence; }
+ operator void *() const { return data(); }
+
+ template <class T>
+ T *as() const { return reinterpret_cast<T *>(Evidence); }
+};
+
+class TPVerifyResult : public PodWrapper<TPVerifyResult, CSSM_TP_VERIFY_CONTEXT_RESULT> {
+public:
+ uint32 count() const { return NumberOfEvidences; }
+ const TPEvidence &operator [] (uint32 ix) const
+ { assert(ix < count()); return TPEvidence::overlay(Evidence[ix]); }
+};
+
+
+//
+// A PodWrapper for Apple's TP supporting-evidence structure
+//
+class TPEvidenceInfo : public PodWrapper<TPEvidenceInfo, CSSM_TP_APPLE_EVIDENCE_INFO> {
+public:
+ CSSM_TP_APPLE_CERT_STATUS status() const { return StatusBits; }
+ CSSM_TP_APPLE_CERT_STATUS status(CSSM_TP_APPLE_CERT_STATUS flags) const
+ { return status() & flags; }
+
+ uint32 index() const { return Index; }
+ const CssmDlDbHandle &dldb() const { return CssmDlDbHandle::overlay(DlDbHandle); }
+ CSSM_DB_UNIQUE_RECORD_PTR recordId() const { return UniqueRecord; }
+
+ uint32 codes() const { return NumStatusCodes; }
+ CSSM_RETURN operator [] (uint32 ix)
+ { assert(ix < NumStatusCodes); return StatusCodes[ix]; }
+
+ void destroy(CssmAllocator &allocator);
+};
+
+
+//
+// Walkers
+//
+namespace DataWalkers {
+
+
+
+
+} // end namespace DataWalkers
+} // end namespace Security
+
+#endif //_H_CSSMTRUST
CSSM_CRYPTO_DATA *walk(Action &operate, CSSM_CRYPTO_DATA * &data)
{ return walk(operate, CssmCryptoData::overlayVar(data)); }
+template <class Action>
+CSSM_PKCS5_PBKDF2_PARAMS *walk(Action &operate, CSSM_PKCS5_PBKDF2_PARAMS * &data)
+{
+ operate(data);
+ walk(operate, data->Passphrase);
+ return data;
+}
+
} // end namespace DataWalkers
//
// demon - support code for writing UNIXoid demons
//
-#ifdef __MWERKS__
-# define _CPP_DEMON
-#endif
-
#include <Security/daemon.h>
#include <Security/logging.h>
+#include <Security/debugging.h>
#include <sys/types.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
-namespace Security
-{
+namespace Security {
+namespace Daemon {
-namespace Daemon
-{
//
// Daemonize this process, the UNIX way.
}
-} // end namespace Daemon
+//
+// Re-execute myself.
+// This is a pretty bad hack for libraries that are pretty broken and (essentially)
+// don't work after a fork() unless you also exec().
+//
+// WARNING: Don't even THINK of doing this in a setuid-anything program.
+//
+bool executeSelf(char **argv)
+{
+ static const char reExecEnv[] = "_RE_EXECUTE";
+ if (getenv(reExecEnv)) { // was re-executed
+ debug("daemon", "self-execution complete");
+ unsetenv(reExecEnv);
+ return true;
+ } else {
+ setenv(reExecEnv, "go", 1);
+ debug("daemon", "self-executing (ouch!)");
+ execv(argv[0], argv);
+ perror("re-execution");
+ Syslog::error("Re-execution attempt failed");
+ return false;
+ }
+}
+
+} // end namespace Daemon
} // end namespace Security
#include <Security/utilities.h>
-#ifdef _CPP_DEMON
-#pragma export on
-#endif
-
-namespace Security
-{
-
-namespace Daemon
-{
+namespace Security {
+namespace Daemon {
bool incarnate();
+bool executeSelf(char **argv);
} // end namespace Daemon
-
} // end namespace Security
-#ifdef _CPP_DEMON
-#pragma export off
-#endif
-
#endif //_H_DEMON
#include <Security/debugsupport.h>
#include <Security/globalizer.h>
#include <cstdarg>
+#include <ctype.h>
#define SYSLOG_NAMES // compile syslog name tables
#include <syslog.h>
+#if !defined(USE_CXXABI)
+#define USE_CXXABI 0 // only available in gcc3 >v1100
+#endif
+
+#if USE_CXXABI
+# include <cxxabi.h> // for name demangling
+#endif //USE_CXXABI
+
+
namespace Security {
namespace Debug {
-#if !defined(NDEBUG)
+#if defined(NDEBUG)
+
+void Scope::operator () (const char *, ...) { }
+#else // NDEBUG
//
// Main debug functions (global and in-scope)
} else {
dump("0x");
for (const char *p = addr; p < end; p++)
- dump("%2.2x", *p);
+ dump("%2.2x", static_cast<unsigned char>(*p));
}
#endif //NDEBUG_STUBS
}
}
+//
+// Turn a C++ typeid into a nice type name.
+// This uses the C++ ABI where available.
+//
+string makeTypeName(const type_info &type)
+{
+#if USE_CXXABI
+ int status;
+ char *cname = abi::__cxa_demangle(type.name(), NULL, NULL, &status);
+ string name = cname; // save the value
+ ::free(cname); // yes, really (ABI rule)
+ return name;
+#else
+ return type.name(); // can't demangle; just return internal name
+#endif
+}
+
+
//
// Target initialization
//
#if !defined(NDEBUG_STUBS)
-Target::Target() : showScope(false), showThread(false), showPid(false), sink(NULL)
+Target::Target()
+ : showScope(false), showThread(false), showPid(false),
+ sink(NULL)
{
// put into singleton slot if first
if (singleton == NULL)
singleton = this;
+
+ // insert terminate handler
+ if (!previousTerminator) // first time we do this
+ previousTerminator = set_terminate(terminator);
}
Target::~Target()
//
void Target::dump(const char *format, va_list args)
{
- sink->dump(format, args);
+ char buffer[messageConstructionSize]; // building the message here
+ vsnprintf(buffer, sizeof(buffer), format, args);
+ for (char *p = buffer; *p; p++)
+ if (!isprint(*p) && !isspace(*p) || *p == '\r')
+ *p = '?';
+ sink->dump(buffer);
}
bool Target::dump(const char *scope)
return dumpSelector(scope);
}
+
//
// Selector objects.
//
Target::Sink::~Sink()
{ }
-void Target::Sink::dump(const char *, va_list)
+void Target::Sink::dump(const char *)
{ }
void Target::Sink::configure(const char *)
{ }
+//
+// The terminate handler installed when a Target is created
+//
+terminate_handler Target::previousTerminator;
+
+void Target::terminator()
+{
+ debug("exception", "uncaught exception terminates program");
+ previousTerminator();
+ debug("exception", "prior termination handler failed to abort; forcing abort");
+ abort();
+}
+
+
//
// File sinks (write to file via stdio)
//
putc('\n', file);
}
-void FileSink::dump(const char *format, va_list args)
+void FileSink::dump(const char *text)
{
StLock<Mutex> locker(lock, false);
if (lockIO)
locker.lock();
- vfprintf(file, format, args);
+ fputs(text, file);
}
void FileSink::configure(const char *options)
syslog(priority, "%s", buffer);
}
-void SyslogSink::dump(const char *format, va_list args)
+void SyslogSink::dump(const char *text)
{
// add to dump buffer
- vsnprintf(dumpPtr, dumpBuffer + dumpBufferSize - dumpPtr, format, args);
+ snprintf(dumpPtr, dumpBuffer + dumpBufferSize - dumpPtr, "%s", text);
// take off full lines and submit
char *p = dumpBase;
#include <Security/utilities.h>
#include <cstdarg>
-
-#ifdef _CPP_DEBUGGING
-#pragma export on
-#endif
+#include <typeinfo>
namespace Security {
namespace Debug {
};
+//
+// Given an object of any type, produce the proper name of its type.
+//
+string makeTypeName(const type_info &info);
+
+template <class Object>
+string typeName(const Object &obj)
+{
+ return makeTypeName(typeid(obj));
+}
+
+
#else // NDEBUG
//
// If NDEBUG is defined, we try to make all debugging functions weightless
//
+
+#if __GNUC__ > 2
inline void debug(const char *, const char *, ...) { }
+#else
+// @@@ Hack to work around the fact that gcc2 can't inline empty varargs functions.
+extern "C" inline void debug() { }
+#endif
+
inline void vdebug(const char *, const char *, va_list) { }
inline bool debugging(const char *) { return false; }
class Scope {
public:
Scope(const char *) { }
- void operator () (const char *, ...) { }
+
+ // @@@ Hack to work around the fact that gcc can't inline empty varargs functions.
+ //void operator () (const char *, ...) { }
+ void operator () (const char *, ...);
};
inline bool dumping(const char *) { return false; }
-inline void dump(const char *, ...) { }
+
+// @@@ Hack to work around the fact that gcc can't inline empty varargs functions.
+//inline void dump(const char *, ...) { }
+extern "C" inline void dump() { }
+
inline void dumpData(const void *, size_t) { }
void dumpData(const char *, const void *, size_t);
template <class Data> inline void dumpData(const Data &) { }
# define IFDUMP(code) /* no-op */
# define IFDUMPING(scope,code) /* no-op */
+// no debug typeName; don't call this if NDEBUG
+
#endif // NDEBUG
} // end namespace Debug
-
} // end namespace Security
// We intentionally leak a few functions into the global namespace
using Security::Debug::debug;
-#ifdef _CPP_DEBUGGING
-#pragma export off
-#endif
-
#endif //_H_DEBUGGING
public:
virtual ~Sink();
virtual void put(const char *buffer, unsigned int length) = 0;
- virtual void dump(const char *format, va_list args);
+ virtual void dump(const char *buffer);
virtual void configure(const char *argument);
};
// current output support
Sink *sink;
+ static terminate_handler previousTerminator; // for chaining
+ static void terminator();
+
// the default Target
static Target *singleton;
};
public:
FileSink(FILE *f) : file(f), addDate(false), lockIO(true), lock(false) { }
void put(const char *, unsigned int);
- void dump(const char *format, va_list args);
+ void dump(const char *text);
void configure(const char *);
private:
public:
SyslogSink(int pri) : priority(pri), dumpBase(dumpBuffer), dumpPtr(dumpBuffer) { }
void put(const char *, unsigned int);
- void dump(const char *format, va_list args);
+ void dump(const char *text);
void configure(const char *);
private:
int priority;
- static const size_t dumpBufferSize = 1024;
+ // a sliding buffer to hold partial line output
+ static const size_t dumpBufferSize = 1024; // make this about 2 * maximum line length of dumps
char dumpBuffer[dumpBufferSize];
char *dumpBase, *dumpPtr;
};
} // end namespace Security
-#ifdef _CPP_DEBUGGING
-#pragma export off
-#endif
#endif //_H_DEBUGSUPPORT
//
#include <Security/devrandom.h>
+using namespace UnixPlusPlus;
+
namespace Security {
+//
+// The common (shared) open file descriptor to /dev/random
+//
+ModuleNexus<FileDesc> DevRandomGenerator::mDevRandom;
+
+
//
// DevRandomGenerator objects immediately open their file descriptors
//
DevRandomGenerator::DevRandomGenerator(bool writable)
{
- mDevRandom.open("/dev/random", writable ? O_RDWR : O_RDONLY);
+ FileDesc &fd = mDevRandom();
+ if (!fd) {
+ fd.open("/dev/random", writable ? O_RDWR : O_RDONLY);
+ } else if (writable && !fd.isWritable()) {
+ FileDesc newFd("/dev/random", O_RDWR);
+ fd.close();
+ fd = newFd;
+ }
}
//
void DevRandomGenerator::random(void *data, size_t length)
{
- mDevRandom.read(data, length);
+ mDevRandom().read(data, length);
}
//
void DevRandomGenerator::addEntropy(const void *data, size_t length)
{
- mDevRandom.write(data, length);
+ mDevRandom().write(data, length);
}
#include <Security/utilities.h>
#include <Security/unix++.h>
+#include <Security/globalizer.h>
namespace Security {
void addEntropy(const void *data, size_t length);
private:
- UnixPlusPlus::FileDesc mDevRandom;
+ static ModuleNexus<UnixPlusPlus::FileDesc> mDevRandom;
};
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ * digestobject.h - generic virtual Digest base class
+ */
+
+#ifndef _DIGEST_OBJECT_H_
+#define _DIGEST_OBJECT_H_
+
+#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
+#include <Security/cssmalloc.h>
+
+/* common virtual digest class */
+class DigestObject {
+public:
+ DigestObject() : mInitFlag(false), mIsDone(false) { }
+ virtual ~DigestObject() { }
+
+ /*
+ * The remaining functions must be implemented by subclass.
+ */
+ /* init is reusable */
+ virtual void digestInit() = 0;
+
+ /* add some data */
+ virtual void digestUpdate(
+ const void *data,
+ size_t len) = 0;
+
+ /* obtain digest (once only per init, update, ... cycle) */
+ virtual void digestFinal(
+ void *digest) = 0; /* RETURNED, alloc'd by caller */
+
+ /* sublass-specific copy */
+ virtual DigestObject *digestClone() const = 0;
+
+ virtual size_t digestSizeInBytes() const = 0;
+
+protected:
+ bool mInitFlag;
+ bool mIsDone;
+
+ bool initFlag() { return mInitFlag; }
+ void setInitFlag(bool flag) { mInitFlag = flag; }
+ bool isDone() { return mIsDone; }
+ void setIsDone(bool done) { mIsDone = done; }
+};
+
+/*
+ * NullDigest.h - nop digest for use with raw signature algorithms.
+ * NullDigest(someData) = someData.
+ */
+class NullDigest : public DigestObject
+{
+public:
+ NullDigest() : mInBuf(NULL), mInBufSize(0)
+ {
+ }
+
+ void digestInit()
+ {
+ /* reusable - reset */
+ if(mInBufSize) {
+ assert(mInBuf != NULL);
+ memset(mInBuf, 0, mInBufSize);
+ CssmAllocator::standard().free(mInBuf);
+ mInBufSize = 0;
+ mInBuf = NULL;
+ }
+ }
+
+ ~NullDigest()
+ {
+ digestInit();
+ }
+
+ void digestUpdate(
+ const void *data,
+ size_t len)
+ {
+ mInBuf = CssmAllocator::standard().realloc(mInBuf, mInBufSize + len);
+ memmove((uint8 *)mInBuf + mInBufSize, data, len);
+ mInBufSize += len;
+ }
+
+ virtual void digestFinal(
+ void *digest)
+ {
+ memmove(digest, mInBuf, mInBufSize);
+ }
+
+ virtual DigestObject *digestClone() const
+ {
+ NullDigest *cloned = new NullDigest;
+ cloned->digestUpdate(mInBuf, mInBufSize);
+ return cloned;
+ }
+
+ /* unique to NullDigest - just obtain current data ptr, no copy */
+ virtual const void *digestPtr() { return mInBuf; }
+
+ size_t digestSizeInBytes() const
+ {
+ return mInBufSize;
+ }
+
+private:
+ void *mInBuf;
+ size_t mInBufSize;
+};
+
+#endif /* _DIGEST_OBJECT_H_ */
$APPLE_ERR_H="cssmapple.h";
$SOURCEDIR=$ARGV[0]; # directory with inputs
-
-(${D}) = $SOURCEDIR =~ m@([/:])@; # guess directory delimiter
-sub macintosh() { return ${D} eq ':'; }
-
-if( macintosh() ){
-$TARGETDIR=$ARGV[2]; # directory for outputs
-}
- else{
$TARGETDIR=$ARGV[1];
-}
-$TABLES="$TARGETDIR${D}errorcodes.gen"; # error name tables
+$TABLES="$TARGETDIR/errorcodes.gen"; # error name tables
$tabs = "\t\t\t"; # argument indentation (noncritical)
$warning = "This file was automatically generated. Do not edit on penalty of futility!";
#
# Parse CSSM error header and build table of all named codes
#
-open(ERR, "$SOURCEDIR${D}$ERR_H") or die "Cannot open $ERR_H: $^E";
-open(APPLE_ERR, "$SOURCEDIR${D}$APPLE_ERR_H") or die "Cannot open $APPLE_ERR_H: $^E";
+open(ERR, "$SOURCEDIR/$ERR_H") or die "Cannot open $ERR_H: $^E";
+open(APPLE_ERR, "$SOURCEDIR/$APPLE_ERR_H") or die "Cannot open $APPLE_ERR_H: $^E";
$/=undef; # big gulp mode
$errors = <ERR> . <APPLE_ERR>;
-$errors =~ tr/\012/\015/ if macintosh;
close(ERR); close(APPLE_ERR);
@fullErrors = $errors =~ /^\s+CSSMERR_([A-Z_]+)/gm;
//
// @@@ Assumption: {bool,T*} atomic unless PTHREAD_STRICT
//
-#ifdef __MWERKS__
-#define _CPP_GLOBALIZER
-#endif
#include <Security/globalizer.h>
+#include <Security/debugging.h>
#include <cstdlib>
//
// The Error class thrown if Nexus operations fail
//
-GlobalNexus::Error::~Error()
+GlobalNexus::Error::~Error() throw()
{
}
// WARNING:
// This code makes the following non-portable assumptions:
// (a) NULL == 0 (binary representation of NULL pointer is zero value)
-// Pointers acquired from new have at least their LSB zero (are at
-// (b) least two-byte aligned).
+// (b) Pointers acquired from new have at least their LSB zero (are at
+// least two-byte aligned).
// It seems like it's been a while since anyone made a machine/runtime that
// violated either of those. But you have been warned.
//
} catch (...) {
debug("nexus", "ModuleNexus %p construction failed", this);
mutex->unlock();
- sync--;
- //@@@ set up for retry here?
+ if (--sync == 0) {
+ delete mutex;
+ pointer = 0;
+ }
throw;
}
} else {
- mutex = reinterpret_cast<Mutex *>(pointer & ~0x1);
+ mutex = reinterpret_cast<Mutex *>(initialPointer & ~0x1);
mutex->lock(); // we'll wait here
}
mutex->unlock();
#include <Security/threading.h>
#include <memory>
-#ifdef _CPP_GLOBALIZER
-# pragma export on
-#endif
+namespace Security {
-namespace Security
-{
//
// GlobalNexus is the common superclass of all globality scopes.
//
class GlobalNexus {
public:
- class Error : public exception {
+ class Error : public std::exception {
public:
- virtual ~Error();
+ virtual ~Error() throw();
const char * const message;
Error(const char *m) : message(m) { }
- const char *what() const { return message; }
+ const char *what() const throw() { return message; }
};
};
static void *make() { return new Type; }
};
+template <class Type>
+class CleanModuleNexus : public ModuleNexus<Type> {
+public:
+ ~CleanModuleNexus()
+ {
+ debug("nexus", "ModuleNexus %p destroyed object 0x%x", this, pointer);
+ delete reinterpret_cast<Type *>(pointer);
+ }
+};
+
#else // !_HAVE_ATOMIC_OPERATIONS
template <class Type>
void reset() { delete mSingleton; mSingleton = NULL; }
-private:
+protected:
Type *mSingleton; // pointer to singleton static initialized to NULL
Mutex mLock; // construction lock
};
-#endif // _HAVE_ATOMIC_OPERATIONS
-
template <class Type>
class CleanModuleNexus : public ModuleNexus<Type> {
public:
~CleanModuleNexus()
{
- debug("nexus", "ModuleNexus %p destroyed object 0x%x", this, pointer);
- delete reinterpret_cast<Type *>(pointer);
+ debug("nexus", "ModuleNexus %p destroyed object 0x%x", this, mSingleton);
+ delete mSingleton;
}
};
+#endif // _HAVE_ATOMIC_OPERATIONS
+
//
// A thread-scope nexus is tied to a particular native thread AND
//
// handleobject - give an object a process-global unique handle
//
-#ifdef __MWERKS__
-#define _CPP_HANDLEOBJECT
-#endif
#include <Security/handleobject.h>
{ }
+//
+// HandleObject destructor (virtual)
+//
+HandleObject::~HandleObject()
+{
+ State &st = state();
+ StLock<Mutex> _(st);
+ st.erase(this);
+}
+
+
//
// Assign a HandleObject's (new) Handle.
//
void HandleObject::State::make(HandleObject *obj)
{
- StLock<Mutex> _(mLock);
+ StLock<Mutex> _(*this);
for (;;) {
Handle handle = reinterpret_cast<uint32>(obj) ^ (++sequence << 19);
if (handleMap[handle] == NULL) {
//
void HandleObject::State::erase(HandleObject *obj)
{
- StLock<Mutex> _(mLock);
if (obj->validHandle())
handleMap.erase(obj->handle());
}
+void HandleObject::State::erase(HandleMap::iterator &it)
+{
+ if (it->second->validHandle())
+ handleMap.erase(it);
+}
+
//
-// This is the main locator driver. It translates an object handle
-// into an object pointer, on the way atomically locking it and/or
-// removing it from the handle map for atomic deletion.
+// Observing proper map locking, locate a handle in the global handle map
+// and return a pointer to its object. Throw CssmError(error) if it cannot
+// be found, or it is corrupt.
//
-HandleObject *HandleObject::State::locate(CSSM_HANDLE h, LocateMode mode, CSSM_RETURN error)
+HandleObject *HandleObject::State::find(CSSM_HANDLE h, CSSM_RETURN error)
{
- for (;;) {
- {
- StLock<Mutex> _(mLock);
- HandleMap::iterator it = handleMap.find(h);
- if (it == handleMap.end())
- CssmError::throwMe(error);
- HandleObject *obj = it->second;
- if (obj == NULL || obj->handle() != h)
- CssmError::throwMe(error);
- if (mode == findTarget)
- return obj; // that's all, folks
- // atomic find-and-lock requested (implicit in remove operation)
- if (obj->tryLock()) {
- // got object lock - assured of exit path
- if (mode == removeTarget) {
- debug("handleobj", "killing %p", obj);
- handleMap.erase(h);
- obj->clearHandle();
- }
- return obj;
- }
- // obj is busy; relinquish maplock and try again later
- debug("handleobj", "object %p (handle 0x%lx) is busy - backing off",
- obj, h);
- }
-#if _USE_THREADS == _USE_NO_THREADS
- assert(false); // impossible; tryLock above always succeeds
-#else // real threads
- Thread::yield();
-#endif // real threads
- }
+ StLock<Mutex> _(*this);
+ HandleMap::const_iterator it = handleMap.find(h);
+ if (it == handleMap.end())
+ CssmError::throwMe(error);
+ HandleObject *obj = it->second;
+ if (obj == NULL || obj->handle() != h)
+ CssmError::throwMe(error);
+ return obj;
+}
+
+
+//
+// Look up the handle given in the global handle map.
+// If not found, or if the object is corrupt, throw an exception.
+// Otherwise, hold the State lock and return an iterator to the map entry.
+// Caller must release the State lock in a timely manner.
+//
+HandleObject::HandleMap::iterator HandleObject::State::locate(CSSM_HANDLE h, CSSM_RETURN error)
+{
+ StLock<Mutex> locker(*this);
+ HandleMap::iterator it = handleMap.find(h);
+ if (it == handleMap.end())
+ CssmError::throwMe(error);
+ HandleObject *obj = it->second;
+ if (obj == NULL || obj->handle() != h)
+ CssmError::throwMe(error);
+ locker.release();
+ return it;
}
#include <Security/utilities.h>
#include <Security/threading.h>
#include <Security/globalizer.h>
-#include <hash_map>
+#if __GNUC__ > 2
+#include <ext/hash_map>
+using __gnu_cxx::hash_map;
+#else
+#include <hash_map>
+#endif
namespace Security
{
//
class HandleObject : public HandledObject {
NOCOPY(HandleObject)
- class State; friend class State;
- template <class Subtype> friend Subtype &findHandle(CSSM_HANDLE, CSSM_RETURN);
- template <class Subtype> friend Subtype &findHandleAndLock(CSSM_HANDLE, CSSM_RETURN);
- template <class Subtype> friend Subtype &killHandle(CSSM_HANDLE, CSSM_RETURN);
+ class State;
+
public:
HandleObject() { state().make(this); }
- virtual ~HandleObject() { state().erase(this); }
+ virtual ~HandleObject();
+
+public:
+ template <class Subtype>
+ static Subtype &find(CSSM_HANDLE handle, CSSM_RETURN error);
+
+ template <class Subtype>
+ static Subtype &findAndLock(CSSM_HANDLE handle, CSSM_RETURN error);
+
+ template <class Subtype>
+ static Subtype &findAndKill(CSSM_HANDLE handle, CSSM_RETURN error);
protected:
virtual void lock();
virtual bool tryLock();
-private:
- enum LocateMode { lockTarget, findTarget, removeTarget };
-
private:
typedef hash_map<CSSM_HANDLE, HandleObject *> HandleMap;
- class State {
+ class State : public Mutex {
public:
State();
void make(HandleObject *obj);
- HandleObject *locate(Handle h, LocateMode mode, CSSM_RETURN error);
+ HandleObject *find(Handle h, CSSM_RETURN error);
+ HandleMap::iterator locate(Handle h, CSSM_RETURN error);
void erase(HandleObject *obj);
+ void erase(HandleMap::iterator &it);
private:
HandleMap handleMap;
uint32 sequence;
- Mutex mLock;
};
static ModuleNexus<State> state;
// Type-specific ways to access the HandleObject map in various ways
//
template <class Subclass>
-Subclass &findHandle(CSSM_HANDLE handle,
- CSSM_RETURN error = CSSMERR_CSSM_INVALID_ADDIN_HANDLE)
+inline Subclass &HandleObject::find(CSSM_HANDLE handle, CSSM_RETURN error)
{
- Subclass *sub;
- if (!(sub = dynamic_cast<Subclass *>(HandleObject::state().locate(handle, HandleObject::findTarget, error))))
- CssmError::throwMe(error);
- return *sub;
+ Subclass *sub;
+ if (!(sub = dynamic_cast<Subclass *>(state().find(handle, error))))
+ CssmError::throwMe(error);
+ return *sub;
}
template <class Subclass>
-Subclass &findHandleAndLock(CSSM_HANDLE handle,
- CSSM_RETURN error = CSSMERR_CSSM_INVALID_ADDIN_HANDLE)
+inline Subclass &HandleObject::findAndLock(CSSM_HANDLE handle,
+ CSSM_RETURN error)
{
- Subclass *sub;
- if (!(sub = dynamic_cast<Subclass *>(HandleObject::state().locate(handle, HandleObject::lockTarget, error))))
- CssmError::throwMe(error);
- return *sub;
+ for (;;) {
+ HandleMap::iterator it = state().locate(handle, error);
+ StLock<Mutex> _(state(), true); // locate() locked it
+ Subclass *sub;
+ if (!(sub = dynamic_cast<Subclass *>(it->second)))
+ CssmError::throwMe(error); // bad type
+ if (it->second->tryLock()) // try to lock it
+ return *sub; // okay, go
+ Thread::yield(); // object lock failed, backoff and retry
+ }
}
template <class Subclass>
-Subclass &killHandle(CSSM_HANDLE handle,
- CSSM_RETURN error = CSSMERR_CSSM_INVALID_ADDIN_HANDLE)
+inline Subclass &HandleObject::findAndKill(CSSM_HANDLE handle,
+ CSSM_RETURN error)
{
- Subclass *sub;
- if (!(sub = dynamic_cast<Subclass *>(HandleObject::state().locate(handle, HandleObject::removeTarget, error))))
- CssmError::throwMe(error);
- return *sub;
+ for (;;) {
+ HandleMap::iterator it = state().locate(handle, error);
+ StLock<Mutex> _(state(), true); // locate() locked it
+ Subclass *sub;
+ if (!(sub = dynamic_cast<Subclass *>(it->second)))
+ CssmError::throwMe(error); // bad type
+ if (it->second->tryLock()) { // try to lock it
+ state().erase(it); // kill the handle
+ return *sub; // okay, go
+ }
+ Thread::yield(); // object lock failed, backoff and retry
+ }
}
+
+//
+// Compatibility with old (global function) accessors
+//
+template <class Subclass>
+inline Subclass &findHandle(CSSM_HANDLE handle,
+ CSSM_RETURN error = CSSMERR_CSSM_INVALID_ADDIN_HANDLE)
+{ return HandleObject::find<Subclass>(handle, error); }
+
+template <class Subclass>
+inline Subclass &findHandleAndLock(CSSM_HANDLE handle,
+ CSSM_RETURN error = CSSMERR_CSSM_INVALID_ADDIN_HANDLE)
+{ return HandleObject::findAndLock<Subclass>(handle, error); }
+
+template <class Subclass>
+inline Subclass &killHandle(CSSM_HANDLE handle,
+ CSSM_RETURN error = CSSMERR_CSSM_INVALID_ADDIN_HANDLE)
+{ return HandleObject::findAndKill<Subclass>(handle, error); }
+
+
} // end namespace Security
#endif //_H_HANDLEOBJECT
// headermap - represent Internet-standard headers
//
#include "headermap.h"
+#include <ctype.h>
+using namespace std;
namespace Security {
//
class HeaderMap {
static const int maxKeyLength = 80;
- typedef map<string, string> Map;
+ typedef std::map<std::string, std::string> Map;
public:
HeaderMap() { }
virtual ~HeaderMap() { }
- virtual void merge(string key, string &old, string newValue);
+ virtual void merge(std::string key, std::string &old, std::string newValue);
void add(const char *key, const char *value);
void add(const char *line); // Key: value
void remove(const char *key);
const char *find(const char *key, const char *def = NULL) const;
- string &operator [] (const char *key);
+ std::string &operator [] (const char *key);
typedef Map::const_iterator ConstIterator;
ConstIterator begin() const { return mMap.begin(); }
Iterator begin() { return mMap.begin(); }
Iterator end() { return mMap.end(); }
- string collect(const char *lineEnding = "\r\n") const;
+ std::string collect(const char *lineEnding = "\r\n") const;
size_t collectLength(const char *lineEnding = "\r\n") const;
private:
struct CanonicalKey {
CanonicalKey(const char *key, char end = '\0');
operator const char *() const { return mValue; }
- operator string () const { return mValue; }
+ operator std::string () const { return mValue; }
private:
char mValue[maxKeyLength];
};
//
#include "inetreply.h"
#include <Security/debugging.h>
-
+#include <ctype.h>
namespace Security {
namespace IPPlusPlus {
{
}
-Error::~Error()
+Error::~Error() throw()
{
}
void Error::check(kern_return_t status)
{
- if (status != KERN_SUCCESS) {
-#if !defined(NDEBUG)
- // issue a diagnostic log for any discovered mach-level error
- switch (status) {
- case BOOTSTRAP_UNKNOWN_SERVICE:
- debug("error", "mach error: BOOTSTRAP_UNKNOWN_SERVICE"); break;
- case BOOTSTRAP_NAME_IN_USE:
- debug("error", "mach error: BOOTSTRAP_NAME_IN_USE"); break;
- case BOOTSTRAP_NOT_PRIVILEGED:
- debug("error", "mach error: BOOTSTRAP_NOT_PRIVILEGED"); break;
- case BOOTSTRAP_SERVICE_ACTIVE:
- debug("error", "mach error: BOOTSTRAP_SERVICE_ACTIVE"); break;
- default:
- debug("error", "mach error: %s (%d)", mach_error_string(status), status); break;
- }
-#endif NDEBUG
+ if (status != KERN_SUCCESS)
Error::throwMe(status);
+}
+
+void Error::throwMe(kern_return_t err)
+{
+ throw Error(err);
+}
+
+
+#if !defined(NDEBUG)
+void Error::debugDiagnose(const void *id) const
+{
+ const char *name;
+ switch (error) {
+ default:
+ name = mach_error_string(error); break;
+ case BOOTSTRAP_UNKNOWN_SERVICE:
+ name = "BOOTSTRAP_UNKNOWN_SERVICE"; break;
+ case BOOTSTRAP_NAME_IN_USE:
+ name = "BOOTSTRAP_NAME_IN_USE"; break;
+ case BOOTSTRAP_NOT_PRIVILEGED:
+ name = "BOOTSTRAP_NOT_PRIVILEGED"; break;
+ case BOOTSTRAP_SERVICE_ACTIVE:
+ name = "BOOTSTRAP_SERVICE_ACTIVE"; break;
}
+ debug("exception", "%p Mach Error %s (%d) osStatus %ld",
+ id, name, error, osStatus());
+}
+#endif //NDEBUG
+
+
+//
+// Memory management
+//
+void *allocate(size_t size)
+{
+ vm_address_t address;
+ check(vm_allocate(mach_task_self(), &address, size, true));
+ return reinterpret_cast<void *>(address);
+}
+
+void deallocate(vm_address_t address, size_t size)
+{
+ check(vm_deallocate(mach_task_self(), address, size));
}
-void Error::throwMe(kern_return_t err) { throw Error(err); }
//
// Port functions
check(::mach_port_get_refs(self(), mPort, right, &count));
return count;
}
+mach_port_t Port::requestNotify(mach_port_t notify, mach_msg_id_t type, mach_port_mscount_t sync)
+{
+ mach_port_t previous;
+ check(mach_port_request_notification(self(), mPort, type, sync, notify,
+ MACH_MSG_TYPE_MAKE_SEND_ONCE, &previous));
+ debug("port", "%d request notify(%d) to %d (sync=%d)", port(), type, notify, sync);
+ return previous;
+}
+
+mach_port_t Port::cancelNotify(mach_msg_id_t type)
+{
+ // Mach won't let us unset the DPN port if we are already dead
+ // (EVEN if the DPN has already been sent!) So just ignore that case...
+ if (isDead())
+ return MACH_PORT_NULL;
+ debug("port", "%d cancel DPN", port());
+ return requestNotify(MACH_PORT_NULL, type);
+}
+
+
+//
+// PortSet features
+//
+set<Port> PortSet::members() const
+{
+ mach_port_array_t members;
+ mach_msg_type_number_t count;
+ check(::mach_port_get_set_status(self(), mPort, &members, &count));
+ try {
+ set<Port> result;
+ copy(members, members+count, inserter(result, result.begin()));
+ vm_deallocate(self(), vm_address_t(members), count * sizeof(members[0]));
+ return result;
+ } catch (...) {
+ vm_deallocate(self(), vm_address_t(members), count * sizeof(members[0]));
+ throw;
+ }
+}
+
+
+bool PortSet::contains(Port member) const
+{
+ set<Port> memberSet = members();
+ return memberSet.find(member) != memberSet.end();
+}
//
mach_port_t Bootstrap::checkInOptional(const char *name) const
{
mach_port_t port;
- kern_return_t err = ::bootstrap_check_in(mPort, makeName(name), &port);
- if (err == BOOTSTRAP_UNKNOWN_SERVICE || err == BOOTSTRAP_NOT_PRIVILEGED)
+ switch (kern_return_t err = ::bootstrap_check_in(mPort, makeName(name), &port)) {
+ case BOOTSTRAP_SERVICE_ACTIVE:
+ case BOOTSTRAP_UNKNOWN_SERVICE:
+ case BOOTSTRAP_NOT_PRIVILEGED:
return 0;
- check(err);
+ default:
+ check(err);
+ }
return port;
}
void Bootstrap::registerAs(mach_port_t port, const char *name) const
{
+ debug("bootstrap", "creating service port %d in %d:%s", port, this->port(), name);
check(::bootstrap_register(mPort, makeName(name), port));
}
ReceivePort::ReceivePort(const char *name, const Bootstrap &bootstrap)
{
mPort = bootstrap.checkInOptional(name);
- if (!mPort)
- {
+ if (!mPort) {
allocate();
+ // Bootstrap registration requires a send right to (copy) send.
+ // Make a temporary one, send it, then take it away again, to avoid
+ // messing up the caller's send right accounting.
insertRight(MACH_MSG_TYPE_MAKE_SEND);
bootstrap.registerAs(mPort, name);
+ modRefs(MACH_PORT_RIGHT_SEND, -1);
}
}
}
-void Message::send(mach_msg_option_t options,
+bool Message::check(kern_return_t status)
+{
+ switch (status) {
+ case KERN_SUCCESS:
+ return true;
+ case MACH_RCV_TIMED_OUT:
+ case MACH_SEND_TIMED_OUT:
+ return false;
+ default:
+ Error::throwMe(status);
+ }
+}
+
+
+bool Message::send(mach_msg_option_t options,
mach_msg_timeout_t timeout,
mach_port_name_t notify)
{
- check(mach_msg_overwrite_trap(*this,
+ return check(mach_msg_overwrite(*this,
options | MACH_SEND_MSG,
length(),
0, MACH_PORT_NULL,
NULL, 0));
}
-void Message::receive(mach_port_t receivePort,
+bool Message::receive(mach_port_t receivePort,
mach_msg_option_t options,
mach_msg_timeout_t timeout,
mach_port_name_t notify)
{
- check(mach_msg_overwrite_trap(*this,
+ return check(mach_msg_overwrite(*this,
options | MACH_RCV_MSG,
length(),
mSize, receivePort,
NULL, 0));
}
-void Message::sendReceive(mach_port_t receivePort,
+bool Message::sendReceive(mach_port_t receivePort,
mach_msg_option_t options,
mach_msg_timeout_t timeout,
mach_port_name_t notify)
{
- check(mach_msg_overwrite_trap(*this,
+ return check(mach_msg_overwrite(*this,
options | MACH_SEND_MSG | MACH_RCV_MSG,
length(),
mSize, receivePort,
void Port::dump(const char *descr)
{
- fprintf(stderr, "[%s(%d)", descr ? descr : "port", mPort);
- mach_port_type_t type;
- kern_return_t err = mach_port_type(self(), mPort, &type);
- if (err != KERN_SUCCESS) {
- fprintf(stderr, " !%s", mach_error_string(err));
- } else {
- if (type & MACH_PORT_TYPE_SEND) fprintf(stderr, " send(%d)", getRefs(MACH_PORT_RIGHT_SEND));
- if (type & MACH_PORT_TYPE_RECEIVE) fprintf(stderr, " rcv");
- if (type & MACH_PORT_TYPE_SEND_ONCE) fprintf(stderr, " once");
- if (type & MACH_PORT_TYPE_PORT_SET) fprintf(stderr, " set");
- if (type & MACH_PORT_TYPE_DEAD_NAME) fprintf(stderr, " dead");
- if (type & MACH_PORT_TYPE_DNREQUEST) fprintf(stderr, " dnreq");
- }
- fprintf(stderr, "]\n");
+ if (mPort == MACH_PORT_NULL) {
+ Debug::dump("[%s==NULL]\n", descr ? descr : "port");
+ } else {
+ Debug::dump("[%s(%d)", descr ? descr : "port", mPort);
+ mach_port_type_t type;
+ if (kern_return_t err = mach_port_type(self(), mPort, &type)) {
+ Debug::dump(" !%s", mach_error_string(err));
+ } else {
+ if (type & MACH_PORT_TYPE_SEND)
+ Debug::dump(" send(%d)", getRefs(MACH_PORT_RIGHT_SEND));
+ if (type & MACH_PORT_TYPE_RECEIVE)
+ Debug::dump(" rcv");
+ if (type & MACH_PORT_TYPE_SEND_ONCE)
+ Debug::dump(" once(%d)", getRefs(MACH_PORT_RIGHT_SEND));
+ if (type & MACH_PORT_TYPE_PORT_SET)
+ Debug::dump(" set");
+ if (type & MACH_PORT_TYPE_DEAD_NAME)
+ Debug::dump(" dead(%d)", getRefs(MACH_PORT_RIGHT_SEND));
+ if (type & MACH_PORT_TYPE_DNREQUEST)
+ Debug::dump(" dnreq");
+ // handle unknown/unexpected type flags
+ if (type & ~(MACH_PORT_TYPE_SEND|MACH_PORT_TYPE_RECEIVE|MACH_PORT_TYPE_SEND_ONCE|
+ MACH_PORT_TYPE_PORT_SET|MACH_PORT_TYPE_DEAD_NAME|MACH_PORT_TYPE_DNREQUEST))
+ Debug::dump(" type(0x%x)", type);
+ }
+ Debug::dump("]\n");
+ }
}
mach_msg_type_number_t nServices, nServers, nActive;
check(bootstrap_info(mPort, &services, &nServices,
&servers, &nServers, &active, &nActive));
- fprintf(stderr, "[port %d] %d services\n", mPort, nServices);
+ Port::dump();
+ Debug::dump(" %d services\n", nServices);
for (mach_msg_type_number_t n = 0; n < nServices; n++)
- fprintf(stderr, "%s\n", services[n]);
+ Debug::dump("%s\n", services[n]);
}
#endif //DEBUGDUMP
#include <Security/globalizer.h>
#include <mach/mach.h>
#include <servers/bootstrap.h>
+#include <set>
// yes, we use some UNIX (non-mach) headers...
#include <sys/types.h>
// actually, kern_return_t can be just about any subsystem type return code
Error(kern_return_t err);
public:
- virtual ~Error();
+ virtual ~Error() throw();
virtual CSSM_RETURN cssmError() const;
virtual OSStatus osStatus() const;
static void check(kern_return_t err);
static void throwMe(kern_return_t err) __attribute__((noreturn));
+
+private:
+ IFDEBUG(void debugDiagnose(const void *id) const);
};
// generic return code checker
{ Error::check(status); }
+//
+// Simple vm_allocate/deallocate glue
+//
+void *allocate(size_t size);
+void deallocate(vm_address_t addr, size_t size);
+
+inline void deallocate(const void *addr, size_t size)
+{ deallocate(reinterpret_cast<vm_address_t>(addr), size); }
+
+
//
// An encapsulation of a Mach 3 port
//
mach_port_urefs_t getRefs(mach_port_right_t right);
// port notification interface
- mach_port_t requestNotify(mach_port_t notify, mach_msg_id_t type, mach_port_mscount_t sync = 1)
- {
- mach_port_t previous;
- check(mach_port_request_notification(self(), mPort, type, sync, notify,
- MACH_MSG_TYPE_MAKE_SEND_ONCE, &previous));
- return previous;
- }
+ mach_port_t requestNotify(mach_port_t notify, mach_msg_id_t type, mach_port_mscount_t sync = 1);
+ mach_port_t cancelNotify(mach_msg_id_t type);
IFDUMP(void dump(const char *name = NULL));
void operator -= (const Port &port)
{ check(mach_port_move_member(self(), port, MACH_PORT_NULL)); }
+
+ set<Port> members() const;
+ bool contains(Port member) const; // relatively slow
};
//
class ReceivePort : public Port {
public:
- ReceivePort() { allocate(); }
+ ReceivePort() { allocate(); }
ReceivePort(const char *name, const Bootstrap &bootstrap);
- ~ReceivePort() { destroy(); }
+ ~ReceivePort() { destroy(); }
};
};
+//
+// A Mach-level memory guard.
+// This will vm_deallocate its argument when it gets destroyed.
+//
+class VMGuard {
+public:
+ VMGuard(void *addr, size_t length) : mAddr(addr), mLength(length) { }
+ ~VMGuard() { deallocate(mAddr, mLength); }
+
+private:
+ void *mAddr;
+ size_t mLength;
+};
+
+
//
// Message buffers for Mach messages.
// This class is for relatively simple uses.
void remotePort(mach_port_t p) { mBuffer->Head.msgh_remote_port = p; }
public:
- void send(mach_msg_option_t options = 0,
+ bool send(mach_msg_option_t options = 0,
mach_msg_timeout_t timeout = MACH_MSG_TIMEOUT_NONE,
mach_port_name_t notify = MACH_PORT_NULL);
- void receive(mach_port_t receivePort,
+ bool receive(mach_port_t receivePort,
mach_msg_option_t options = 0,
mach_msg_timeout_t timeout = MACH_MSG_TIMEOUT_NONE,
mach_port_name_t notify = MACH_PORT_NULL);
- void sendReceive(mach_port_t receivePort,
+ bool sendReceive(mach_port_t receivePort,
mach_msg_option_t options = 0,
mach_msg_timeout_t timeout = MACH_MSG_TIMEOUT_NONE,
mach_port_name_t notify = MACH_PORT_NULL);
void destroy() { mach_msg_destroy(*this); }
+
+private:
+ bool check(kern_return_t status);
private:
mig_reply_error_t *mBuffer;
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
/*
* IDENTIFICATION:
- * stub generated Wed Mar 29 13:49:14 2000
- * with a MiG generated Sat Feb 5 17:40:06 PST 2000 by root@salzburg
- *
- * NOTE: This file was originally generated by MIG, but has since been hand-massaged
- * to the point where re-generating it is not advised.
+ * stub generated Fri Mar 1 18:02:22 2002
+ * with a MiG generated Thu Feb 21 15:16:47 PST 2002 by root@blur
+ * OPTIONS:
*/
/* Module notify */
#include <mach/port.h>
#include <mach/std_types.h>
+#include <mach/mig.h>
#ifndef mig_internal
#define mig_internal static
return;\
}
+/* typedefs for all requests */
+
+ typedef struct {
+ mach_msg_header_t Head;
+ NDR_record_t NDR;
+ mach_port_name_t name;
+ } __Request__mach_notify_port_deleted_t;
+
+ typedef struct {
+ mach_msg_header_t Head;
+ /* start of the kernel processed data */
+ mach_msg_body_t msgh_body;
+ mach_msg_port_descriptor_t rights;
+ /* end of the kernel processed data */
+ } __Request__mach_notify_port_destroyed_t;
+
+ typedef struct {
+ mach_msg_header_t Head;
+ NDR_record_t NDR;
+ mach_port_mscount_t mscount;
+ } __Request__mach_notify_no_senders_t;
+
+ typedef struct {
+ mach_msg_header_t Head;
+ } __Request__mach_notify_send_once_t;
+
+ typedef struct {
+ mach_msg_header_t Head;
+ NDR_record_t NDR;
+ mach_port_name_t name;
+ } __Request__mach_notify_dead_name_t;
+
+
/* typedefs for all replies */
typedef struct {
mach_msg_trailer_t trailer;
} Request;
- typedef __Reply__mach_notify_port_deleted_t Reply;
- typedef struct {
- mach_msg_header_t Head;
- NDR_record_t NDR;
- mach_port_name_t name;
- } __Request;
+ typedef __Request__mach_notify_port_deleted_t __Request;
+ typedef __Reply__mach_notify_port_deleted_t Reply;
/*
* typedef struct {
* mach_msg_header_t Head;
mach_msg_trailer_t trailer;
} Request;
- typedef __Reply__mach_notify_port_destroyed_t Reply;
- typedef struct {
- mach_msg_header_t Head;
- /* start of the kernel processed data */
- mach_msg_body_t msgh_body;
- mach_msg_port_descriptor_t rights;
- /* end of the kernel processed data */
- } __Request;
+ typedef __Request__mach_notify_port_destroyed_t __Request;
+ typedef __Reply__mach_notify_port_destroyed_t Reply;
/*
* typedef struct {
* mach_msg_header_t Head;
mach_msg_trailer_t trailer;
} Request;
- typedef __Reply__mach_notify_no_senders_t Reply;
- typedef struct {
- mach_msg_header_t Head;
- NDR_record_t NDR;
- mach_port_mscount_t mscount;
- } __Request;
+ typedef __Request__mach_notify_no_senders_t __Request;
+ typedef __Reply__mach_notify_no_senders_t Reply;
/*
* typedef struct {
* mach_msg_header_t Head;
mach_msg_trailer_t trailer;
} Request;
- typedef __Reply__mach_notify_send_once_t Reply;
- typedef struct {
- mach_msg_header_t Head;
- } __Request;
+ typedef __Request__mach_notify_send_once_t __Request;
+ typedef __Reply__mach_notify_send_once_t Reply;
/*
* typedef struct {
* mach_msg_header_t Head;
mach_msg_trailer_t trailer;
} Request;
- typedef __Reply__mach_notify_dead_name_t Reply;
- typedef struct {
- mach_msg_header_t Head;
- NDR_record_t NDR;
- mach_port_name_t name;
- } __Request;
+ typedef __Request__mach_notify_dead_name_t __Request;
+ typedef __Reply__mach_notify_dead_name_t Reply;
/*
* typedef struct {
* mach_msg_header_t Head;
__AfterRcvSimple(72, "mach_notify_dead_name")
}
+/* union of all requests */
+
+union __RequestUnion__cdsa_notify_subsystem {
+ __Request__mach_notify_port_deleted_t Request_mach_notify_port_deleted;
+ __Request__mach_notify_port_destroyed_t Request_mach_notify_port_destroyed;
+ __Request__mach_notify_no_senders_t Request_mach_notify_no_senders;
+ __Request__mach_notify_send_once_t Request_mach_notify_send_once;
+ __Request__mach_notify_dead_name_t Request_mach_notify_dead_name;
+};
+
/* union of all replies */
-union __ReplyUnion {
+union __ReplyUnion__cdsa_notify_subsystem {
__Reply__mach_notify_port_deleted_t Reply_mach_notify_port_deleted;
__Reply__mach_notify_port_destroyed_t Reply_mach_notify_port_destroyed;
__Reply__mach_notify_no_senders_t Reply_mach_notify_no_senders;
};
-extern boolean_t notify_server(
+extern boolean_t cdsa_notify_server(
mach_msg_header_t *InHeadP,
mach_msg_header_t *OutHeadP);
/* Description of this subsystem, for use in direct RPC */
const struct cdsa_notify_subsystem {
- struct subsystem * subsystem; /* Reserved for system use */
+ mig_server_routine_t server; /* Server routine */
mach_msg_id_t start; /* Min routine number */
mach_msg_id_t end; /* Max routine number + 1 */
unsigned int maxsize; /* Max msg size */
- vm_address_t base_addr; /* Base ddress */
+ vm_address_t reserved; /* Reserved */
struct routine_descriptor /*Array of routine descriptors */
routine[9];
- struct routine_arg_descriptor /*Array of arg descriptors */
- arg_descriptor[6];
} cdsa_notify_subsystem = {
-#define ARGDES(n) \
- (struct routine_arg_descriptor *)&cdsa_notify_subsystem.arg_descriptor[n]
- 0,
+ notify_server_routine,
64,
73,
- sizeof(union __ReplyUnion),
- (vm_address_t)&cdsa_notify_subsystem,
+ sizeof(union __ReplyUnion__cdsa_notify_subsystem),
+ (vm_address_t)0,
{
{0, 0, 0, 0, 0, 0},
- { (mig_impl_routine_t) cdsa_mach_notify_port_deleted,
- (mig_stub_routine_t) _Xmach_notify_port_deleted, 2, 1, ARGDES(0), sizeof(__Reply__mach_notify_port_deleted_t) },
+ { (mig_impl_routine_t) 0,
+ (mig_stub_routine_t) _Xmach_notify_port_deleted, 2, 0, (routine_arg_descriptor_t)0, sizeof(__Reply__mach_notify_port_deleted_t)},
{0, 0, 0, 0, 0, 0},
{0, 0, 0, 0, 0, 0},
{0, 0, 0, 0, 0, 0},
- { (mig_impl_routine_t) cdsa_mach_notify_port_destroyed,
- (mig_stub_routine_t) _Xmach_notify_port_destroyed, 2, 2, ARGDES(1), sizeof(__Reply__mach_notify_port_destroyed_t) },
- { (mig_impl_routine_t) cdsa_mach_notify_no_senders,
- (mig_stub_routine_t) _Xmach_notify_no_senders, 2, 1, ARGDES(3), sizeof(__Reply__mach_notify_no_senders_t) },
- { (mig_impl_routine_t) cdsa_mach_notify_send_once,
- (mig_stub_routine_t) _Xmach_notify_send_once, 1, 1, ARGDES(4), sizeof(__Reply__mach_notify_send_once_t) },
- { (mig_impl_routine_t) cdsa_mach_notify_dead_name,
- (mig_stub_routine_t) _Xmach_notify_dead_name, 2, 1, ARGDES(5), sizeof(__Reply__mach_notify_dead_name_t) },
- },
-
- {
- {
- 0 | MACH_RPC_PORT | MACH_RPC_MOVE_SEND_ONCE,
- 4,
- 1,
- 0,
- },
- {
- 0 | MACH_RPC_PORT | MACH_RPC_MOVE_SEND_ONCE,
- 4,
- 1,
- 0,
- },
- {
- 0 | MACH_RPC_PORT | MACH_RPC_IN ,
- 4,
- 1,
- 4,
- },
- {
- 0 | MACH_RPC_PORT | MACH_RPC_MOVE_SEND_ONCE,
- 4,
- 1,
- 0,
- },
- {
- 0 | MACH_RPC_PORT | MACH_RPC_MOVE_SEND_ONCE,
- 4,
- 1,
- 0,
- },
- {
- 0 | MACH_RPC_PORT | MACH_RPC_MOVE_SEND_ONCE,
- 4,
- 1,
- 0,
- },
- },
-
+ { (mig_impl_routine_t) 0,
+ (mig_stub_routine_t) _Xmach_notify_port_destroyed, 2, 0, (routine_arg_descriptor_t)0, sizeof(__Reply__mach_notify_port_destroyed_t)},
+ { (mig_impl_routine_t) 0,
+ (mig_stub_routine_t) _Xmach_notify_no_senders, 2, 0, (routine_arg_descriptor_t)0, sizeof(__Reply__mach_notify_no_senders_t)},
+ { (mig_impl_routine_t) 0,
+ (mig_stub_routine_t) _Xmach_notify_send_once, 1, 0, (routine_arg_descriptor_t)0, sizeof(__Reply__mach_notify_send_once_t)},
+ { (mig_impl_routine_t) 0,
+ (mig_stub_routine_t) _Xmach_notify_dead_name, 2, 0, (routine_arg_descriptor_t)0, sizeof(__Reply__mach_notify_dead_name_t)},
+ }
};
mig_external boolean_t cdsa_notify_server
return TRUE;
}
-mig_external mig_routine_t cdsa_notify_server_routine
+mig_external mig_routine_t notify_server_routine
(mach_msg_header_t *InHeadP)
{
register int msgh_id;
// machrunloopserver - C++ shell for writing Mach 3 servers called by CFRunLoop
//
#include "machrunloopserver.h"
+#include <Security/cfutilities.h>
#include <mach/mach_error.h>
-#include <CoreFoundation/CoreFoundation.h>
#include <Security/debugging.h>
// MIG dispatch handled the call. Send reply back to caller.
// This boilerplate stolen from mach_msg_server, since MIG can't seem to
// generate send-only code for replies (without explicit simpleroutines).
- if (kern_return_t err = mach_msg_overwrite_trap(replyBuffer,
+ if (kern_return_t err = mach_msg_overwrite(replyBuffer,
(MACH_MSGH_BITS_REMOTE(replyBuffer->msgh_bits) == MACH_MSG_TYPE_MOVE_SEND_ONCE) ?
MACH_SEND_MSG : MACH_SEND_MSG|MACH_SEND_TIMEOUT,
replyBuffer->msgh_size, 0, MACH_PORT_NULL,
//
-// Utility access
+// Add and remove extra listening ports.
+// Messages directed to those ports are dispatched through the main handler.
+// To get automatic call-out to another handler, use the Handler class.
//
-void MachServer::notifyIfDead(Port port) const
+void MachServer::add(Port receiver)
{
- port.requestNotify(mServerPort, MACH_NOTIFY_DEAD_NAME, true);
+ debug("machsrv", "adding port %d to primary dispatch", receiver.port());
+ mPortSet += receiver;
+}
+
+void MachServer::remove(Port receiver)
+{
+ debug("machsrv", "removing port %d from primary dispatch", receiver.port());
+ mPortSet -= receiver;
+}
+
+
+//
+// Register for mach port notifications
+//
+void MachServer::notifyIfDead(Port port, bool doNotify) const
+{
+ if (doNotify)
+ port.requestNotify(mServerPort, MACH_NOTIFY_DEAD_NAME, true);
+ else
+ port.cancelNotify(MACH_NOTIFY_DEAD_NAME);
+}
+
+void MachServer::notifyIfUnused(Port port, bool doNotify) const
+{
+ if (doNotify)
+ port.requestNotify(port, MACH_NOTIFY_NO_SENDERS, true);
+ else
+ port.cancelNotify(MACH_NOTIFY_NO_SENDERS);
}
//
// Initiate service.
// This call will take control of the current thread and use it to service
-// incoming requests. The thread will not be released until an error happens.
+// incoming requests. The thread will not be released until an error happens, which
+// will cause an exception to be thrown. In other words, this never returns normally.
// We may also be creating additional threads to service concurrent requests
// as appropriate.
-// @@@ Additional threads are not being reaped at this point.
// @@@ Msg-errors in additional threads are not acted upon.
//
void MachServer::run(size_t maxSize, mach_msg_options_t options)
//
// This is the core of a server thread at work. It takes over the thread until
-// something makes it exit normally. Then it returns. Errors cause exceptions.
+// (a) an error occurs, throwing an exception
+// (b) low-load timeout happens, causing a normal return (doTimeout only)
// This code is loosely based on mach_msg_server.c, but is drifting away for
// various reasons of flexibility and resilience.
//
Message bufRequest(mMaxSize);
Message bufReply(mMaxSize);
- // all exits from runServerThread are through exceptions or "goto exit"
+ // all exits from runServerThread are through exceptions
try {
// register as a worker thread
debug("machsrv", "%p starting service on port %d", this, int(mServerPort));
// receive next IPC request (or wait for timeout)
switch (mach_msg_return_t mr = indefinite ?
- mach_msg_overwrite_trap(bufRequest,
+ mach_msg_overwrite(bufRequest,
MACH_RCV_MSG | mMsgOptions,
0, mMaxSize, mPortSet,
MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL,
(mach_msg_header_t *) 0, 0)
:
- mach_msg_overwrite_trap(bufRequest,
+ mach_msg_overwrite(bufRequest,
MACH_RCV_MSG | MACH_RCV_TIMEOUT | mMsgOptions,
0, mMaxSize, mPortSet,
mach_msg_timeout_t(timeout.mSeconds()), MACH_PORT_NULL,
debug("machsrvreq",
"servicing port %d request id=%d",
bufRequest.localPort().port(), bufRequest.msgId());
- if (bufRequest.localPort() == mServerPort) { // primary
+
+ // try subsidiary handlers first
+ bool handled = false;
+ for (HandlerSet::const_iterator it = mHandlers.begin();
+ it != mHandlers.end(); it++)
+ if (bufRequest.localPort() == (*it)->port()) {
+ (*it)->handle(bufRequest, bufReply);
+ handled = true;
+ }
+ if (!handled) {
+ // unclaimed, send to main handler
handle(bufRequest, bufReply);
- } else {
- for (HandlerSet::const_iterator it = mHandlers.begin();
- it != mHandlers.end(); it++)
- if (bufRequest.localPort() == (*it)->port())
- (*it)->handle(bufRequest, bufReply);
}
+
debug("machsrvreq", "request complete");
{ StLock<Mutex> _(managerLock); idleCount++; }
}
* To avoid falling off the kernel's fast RPC path unnecessarily,
* we only supply MACH_SEND_TIMEOUT when absolutely necessary.
*/
- switch (mach_msg_return_t mr = mach_msg_overwrite_trap(bufReply,
+ switch (mach_msg_return_t mr = mach_msg_overwrite(bufReply,
(MACH_MSGH_BITS_REMOTE(bufReply.bits()) ==
MACH_MSG_TYPE_MOVE_SEND_ONCE) ?
MACH_SEND_MSG | mMsgOptions :
void MachServer::notifyPortDestroyed(Port) { }
-void cdsa_mach_notify_send_once(mach_port_t)
-{ MachServer::active().notifySendOnce(); }
+void cdsa_mach_notify_send_once(mach_port_t port)
+{ MachServer::active().notifySendOnce(port); }
+
+void MachServer::notifySendOnce(Port) { }
-void MachServer::notifySendOnce() { }
+void cdsa_mach_notify_no_senders(mach_port_t port, mach_port_mscount_t count)
+{ MachServer::active().notifyNoSenders(port, count); }
-void cdsa_mach_notify_no_senders(mach_port_t)
-{ /* legacy handler - not used by system */ }
+void MachServer::notifyNoSenders(Port, mach_port_mscount_t) { }
} // end namespace MachPlusPlus
#include <Security/globalizer.h>
#include <Security/cssmalloc.h>
#include <Security/tqueue.h>
-
+#include <set>
namespace Security {
namespace MachPlusPlus {
void cdsa_mach_notify_port_destroyed(mach_port_t, mach_port_name_t port);
void cdsa_mach_notify_port_deleted(mach_port_t, mach_port_name_t port);
void cdsa_mach_notify_send_once(mach_port_t);
- void cdsa_mach_notify_no_senders(mach_port_t); // legacy
+ void cdsa_mach_notify_no_senders(mach_port_t, mach_port_mscount_t);
};
void run(size_t maxSize = 4096, mach_msg_options_t options = 0);
Time::Interval timeout() const { return workerTimeout; }
- void timeout(Time::Interval t) { workerTimeout = t; }
- uint32 maxThreads() const { return maxWorkerCount; }
- void maxThreads(uint32 n) { maxWorkerCount = n; }
+ void timeout(Time::Interval t) { workerTimeout = t; }
+ uint32 maxThreads() const { return maxWorkerCount; }
+ void maxThreads(uint32 n) { maxWorkerCount = n; }
+
+ Port primaryServicePort() const { return mServerPort; }
+
+ // listen on additional ports (dispatching to the main handler)
+ void add(Port receiver);
+ void remove(Port receiver);
// the currently active server in this thread (there can only be one)
static MachServer &active()
{ assert(perThread().server); return *perThread().server; }
- // request dead-port notification if this port dies (override notifyDeadName)
- virtual void notifyIfDead(Port port) const;
+ // request port status notifications (override virtual methods below to receive)
+ virtual void notifyIfDead(Port port, bool doNotify = true) const;
+ virtual void notifyIfUnused(Port port, bool doNotify = true) const;
// register (CssmAllocator-derived) memory to be released after reply is sent
void releaseWhenDone(CssmAllocator &alloc, void *memory);
virtual void notifyDeadName(Port port);
virtual void notifyPortDeleted(Port port);
virtual void notifyPortDestroyed(Port port);
- virtual void notifySendOnce();
+ virtual void notifySendOnce(Port port);
+ virtual void notifyNoSenders(Port port, mach_port_mscount_t);
// don't mess with this unless you know what you're doing
Bootstrap bootstrap; // bootstrap port we registered with
friend void cdsa_mach_notify_port_destroyed(mach_port_t, mach_port_name_t port);
friend void cdsa_mach_notify_port_deleted(mach_port_t, mach_port_name_t port);
friend void cdsa_mach_notify_send_once(mach_port_t);
+ friend void cdsa_mach_notify_no_senders(mach_port_t, mach_port_mscount_t);
};
} // end namespace MachPlusPlus
-
} // end namespace Security
#endif //_H_MACHSERVER
//
// osxsigning - MacOS X's standard signable objects.
//
-#ifdef __MWERKS__
-#define _CPP_OSXSIGNING
-#endif
-
#include <Security/osxsigning.h>
+#include <Security/cfutilities.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#define _OSXSIGNING
#include <Security/codesigning.h>
+#include <Security/refcount.h>
#include <Security/cspclient.h>
#include <limits.h>
#include <string>
#endif
-namespace Security
-{
+namespace Security {
+namespace CodeSigning {
-namespace CodeSigning
-{
//
// A Signable with OS X support calls added
//
-class OSXCode : public Signable {
+class OSXCode : public RefCount, public Signable {
public:
// encoding and decoding as a UTF-8 string
virtual string encode() const = 0;
natural_t messageType, void *argument)
{
PowerWatcher *me = (PowerWatcher *)refCon;
+ enum { allow, refuse, ignore } reaction;
switch (messageType) {
case kIOMessageSystemWillSleep:
debug("powerwatch", "system will sleep");
me->systemWillSleep();
+ reaction = allow;
break;
case kIOMessageSystemHasPoweredOn:
debug("powerwatch", "system has powered on");
me->systemIsWaking();
+ reaction = ignore;
break;
case kIOMessageSystemWillPowerOff:
debug("powerwatch", "system will power off");
me->systemWillPowerDown();
+ reaction = allow;
break;
-
-#if !defined(NDEBUG)
case kIOMessageSystemWillNotPowerOff:
debug("powerwatch", "system will not power off");
+ reaction = ignore;
break;
case kIOMessageCanSystemSleep:
debug("powerwatch", "can system sleep");
+ reaction = allow;
break;
case kIOMessageSystemWillNotSleep:
debug("powerwatch", "system will not sleep");
+ reaction = ignore;
break;
case kIOMessageCanSystemPowerOff:
debug("powerwatch", "can system power off");
+ reaction = allow;
break;
default:
debug("powerwatch",
"type 0x%x message received (ignored)", messageType);
+ reaction = ignore;
break;
-#endif //NDEBUG
}
- // always confirm
- IOAllowPowerChange(me->mKernelPort, long(argument));
+ // handle acknowledgments
+ switch (reaction) {
+ case allow:
+ debug("powerwatch", "calling IOAllowPowerChange");
+ IOAllowPowerChange(me->mKernelPort, long(argument));
+ break;
+ case refuse:
+ debug("powerwatch", "calling IOCancelPowerChange");
+ IOCancelPowerChange(me->mKernelPort, long(argument));
+ break;
+ case ignore:
+ debug("powerwatch", "sending no response");
+ break;
+ }
}
/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
/*
-
Based on code donated by Perry Kiehtreiber
-
*/
-
-#ifndef _H_REFCOUNT
-#define _H_REFCOUNT
+#ifndef _SECURITY_REFCOUNT_H_
+#define _SECURITY_REFCOUNT_H_
#include <Security/threading.h>
RefPointer& operator = (T * p) { setPointer(p); return *this; }
// dereference operations
+ T* get () const { return ptr; } // mimic auto_ptr
operator T * () const { return ptr; }
T * operator -> () const { return ptr; }
T & operator * () const { return *ptr; }
T *ptr;
};
-} // end namespace Security
+template <class T>
+bool operator <(const RefPointer<T> &r1, const RefPointer<T> &r2)
+{
+ T *p1 = r1.get(), *p2 = r2.get();
+ return p1 && p2 ? *p1 < *p2 : p1 < p2;
+}
+template <class T>
+bool operator ==(const RefPointer<T> &r1, const RefPointer<T> &r2)
+{
+ T *p1 = r1.get(), *p2 = r2.get();
+ return p1 && p2 ? *p1 == *p2 : p1 == p2;
+}
+
+template <class T>
+bool operator !=(const RefPointer<T> &r1, const RefPointer<T> &r2)
+{
+ T *p1 = r1.get(), *p2 = r2.get();
+ return p1 && p2 ? *p1 != *p2 : p1 != p2;
+}
+
+} // end namespace Security
-#endif //_H_REFCOUNT
+#endif // !_SECURITY_REFCOUNT_H_
// each of which can perform I/O. Obviously this is geared towards the UNIX facility.
//
class Selector {
- class Client; friend class Client;
public:
+ class Client; friend class Client;
+
Selector();
virtual ~Selector();
public:
class Client {
+ public:
typedef Selector::Type Type;
friend class Selector;
- public:
+
Client() : mSelector(NULL) { }
virtual void notify(int fd, Type type) = 0;
virtual ~Client() { }
// You can express "no socks server" (direct connect) with a NULL pointer (or version==0).
//
class SocksServer {
+public:
class Support; friend class Support;
private:
IPSockAddress addr(*it, port);
connect(me, addr);
return;
- } catch (UnixError &err) {
+ } catch (const UnixError &err) {
errno = err.error;
}
}
IPSockAddress addr(*it, port);
connect(me, addr);
return;
- } catch (UnixError &err) {
+ } catch (const UnixError &err) {
errno = err.error;
}
}
bool isActive() const { return mActive; }
void lock() { if(!mActive) { (me.*_lock)(); mActive = true; }}
void unlock() { if(mActive) { (me.*_unlock)(); mActive = false; }}
+ void release() { assert(mActive); mActive = false; }
operator const Lock &() const { return me; }
class Thread {
NOCOPY(Thread)
-public:
- Thread() { } // constructor
- virtual ~Thread(); // virtual destructor
- void run(); // begin running the thread
-
-public:
- static void yield(); // unstructured short-term processor yield
-
public:
class Identity {
friend class Thread;
+
+ Identity(pthread_t id) : mIdent(id) { }
public:
Identity() { }
private:
pthread_t mIdent;
-
- Identity(pthread_t id) : mIdent(id) { }
};
+public:
+ Thread() { } // constructor
+ virtual ~Thread(); // virtual destructor
+ void run(); // begin running the thread
+
+public:
+ static void yield(); // unstructured short-term processor yield
+
protected:
virtual void action() = 0; // the action to be performed
private:
Identity() { }
};
+
+public:
+ void yield() { assert(false); }
protected:
virtual void action() = 0; // implement action of thread
}
template <class Time>
-inline ScheduleQueue<Time>::Event *ScheduleQueue<Time>::pop(Time now)
+inline typename ScheduleQueue<Time>::Event *ScheduleQueue<Time>::pop(Time now)
{
if (!empty()) {
Event *top = first.fwd;
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// trackingallocator - CssmAllocator that keeps track of allocations
+//
+#ifndef _H_TRACKINGALLOCATOR
+#define _H_TRACKINGALLOCATOR
+
+#include <Security/cssmalloc.h>
+#include <set>
+
+namespace Security
+{
+
+//
+// A CssmAllocator that keeps track of allocations and can throw everything
+// away unless explicitly committed.
+//
+class TrackingAllocator : public CssmAllocator
+{
+public:
+ TrackingAllocator(CssmAllocator &inAllocator) : mAllocator(inAllocator) {}
+ virtual ~TrackingAllocator();
+
+ void *malloc(size_t inSize) throw(std::bad_alloc)
+ {
+ void *anAddress = mAllocator.malloc(inSize);
+ mAllocSet.insert(anAddress);
+ return anAddress;
+ }
+
+ void free(void *inAddress) throw()
+ {
+ mAllocator.free(inAddress);
+ mAllocSet.erase(inAddress);
+ }
+
+ void *realloc(void *inAddress, size_t inNewSize) throw(std::bad_alloc)
+ {
+ void *anAddress = mAllocator.realloc(inAddress, inNewSize);
+ if (anAddress != inAddress)
+ {
+ mAllocSet.erase(inAddress);
+ mAllocSet.insert(anAddress);
+ }
+
+ return anAddress;
+ }
+
+ void commit() { mAllocSet.clear(); }
+private:
+ typedef std::set<void *> AllocSet;
+
+ CssmAllocator &mAllocator;
+ AllocSet mAllocSet;
+};
+
+} // end namespace Security
+
+#endif //_H_TRACKINGALLOCATOR
size_t read(void *addr, size_t length);
size_t write(const void *addr, size_t length);
bool atEnd() const { return mAtEnd; } // valid after zero-length read only
-
+
+ // more convenient I/O
+ template <class T> size_t read(T &obj) { return read(&obj, sizeof(obj)); }
+ template <class T> size_t write(const T &obj) { return write(&obj, sizeof(obj)); }
+
// seeking
off_t seek(off_t position, int whence = SEEK_SET);
void setFlag(int flag, bool on = true) const;
void clearFlag(int flag) const { setFlag(flag, false); }
+ int openMode() const { return flags() & O_ACCMODE; }
+ bool isWritable() const { return openMode() != O_RDONLY; }
+ bool isReadable() const { return openMode() != O_WRONLY; }
+
// ioctl support
int ioctl(int cmd, void *arg) const;
template <class Arg> Arg iocget(int cmd) const
};
+//
+// A (plain) FileDesc that auto-closes
+//
+class AutoFileDesc : public FileDesc {
+public:
+ AutoFileDesc() { }
+ AutoFileDesc(int fd) : FileDesc(fd) { }
+
+ AutoFileDesc(const char *path, int flag = O_RDONLY, mode_t mode = 0666)
+ : FileDesc(path, flag, mode) { }
+
+ ~AutoFileDesc() { close(); }
+};
+
+
} // end namespace UnixPlusPlus
} // end namespace Security
string URL::resourceSpec() const
{
- Boolean isAbsolute;
return mkstr(CFURLCopyResourceSpecifier(ref));
}
//
// Utilities
//
-#ifdef __MWERKS__
-#define _CPP_UTILITIES
-#endif
-
#include <Security/utilities.h>
+
+#include <Security/cssmerrno.h>
#include <Security/debugging.h>
+#include <typeinfo>
#include <stdio.h>
//
-// The base of the exception hierarchy
+// The base of the exception hierarchy.
+// Note that the debug output here depends on a particular
+// implementation feature of gcc; to wit, that the exception object
+// is created and then copied (at least once) via its copy constructor.
+// If your compiler does not invoke the copy constructor, you won't get
+// debug output, but nothing worse should happen.
//
CssmCommonError::CssmCommonError()
+ IFDEBUG(: mCarrier(true))
{
- debug("exception", "constructing exception at %p", this);
}
CssmCommonError::CssmCommonError(const CssmCommonError &source)
{
- debug("exception", "constructing exception at %p from %p", this, &source);
+#if !defined(NDEBUG)
+ source.debugDiagnose(this);
+ mCarrier = source.mCarrier;
+ source.mCarrier = false;
+#endif //NDEBUG
}
-CssmCommonError::~CssmCommonError()
+CssmCommonError::~CssmCommonError() throw ()
{
- debug("exception", "destroying exception at %p", this);
+#if !defined(NDEBUG)
+ if (mCarrier)
+ debug("exception", "%p handled", this);
+#endif //NDEBUG
}
OSStatus CssmCommonError::osStatus() const
CSSM_RETURN CssmCommonError::cssmError(CSSM_RETURN base) const
{ return CssmError::merge(cssmError(), base); }
+// default debugDiagnose gets what it can (virtually)
+void CssmCommonError::debugDiagnose(const void *id) const
+{
+#if !defined(NDEBUG)
+ debug("exception", "%p %s %s/0x%lx osstatus %ld",
+ id, Debug::typeName(*this).c_str(),
+ cssmErrorString(cssmError()).c_str(), cssmError(),
+ osStatus());
+#endif //NDEBUG
+}
+
//
// CssmError exceptions
//
CssmError::CssmError(CSSM_RETURN err) : error(err) { }
-const char *CssmError::what() const { return "CSSM exception"; }
+const char *CssmError::what() const throw ()
+{ return "CSSM exception"; }
CSSM_RETURN CssmError::cssmError() const { return error; }
UnixError::UnixError(int err) : error(err) { }
-const char *UnixError::what() const
+const char *UnixError::what() const throw ()
{ return "UNIX error exception"; }
CSSM_RETURN UnixError::cssmError() const
// @@@ This is a hack for the Network protocol state machine
UnixError UnixError::make(int err) { return UnixError(err); }
+#if !defined(NDEBUG)
+void UnixError::debugDiagnose(const void *id) const
+{
+ debug("exception", "%p UnixError %s (%d) osStatus %ld",
+ id, strerror(error), error, osStatus());
+}
+#endif //NDEBUG
+
//
// MacOSError exceptions
//
MacOSError::MacOSError(int err) : error(err) { }
-const char *MacOSError::what() const
+const char *MacOSError::what() const throw ()
{ return "MacOS error"; }
CSSM_RETURN MacOSError::cssmError() const
}
+//
+// CssmData out of line members
+//
+string CssmData::toString() const
+{
+ return data() ?
+ string(reinterpret_cast<const char *>(data()), length())
+ :
+ string();
+}
+
+
//
// GUID <-> string conversions.
// Note that we DO check for {} on input and insist on rigid formatting.
//
// Exception hierarchy
//
-class CssmCommonError : public exception {
+class CssmCommonError : public std::exception {
protected:
CssmCommonError();
CssmCommonError(const CssmCommonError &source);
public:
- virtual ~CssmCommonError();
+ virtual ~CssmCommonError() throw ();
virtual CSSM_RETURN cssmError() const = 0;
virtual CSSM_RETURN cssmError(CSSM_RETURN base) const;
virtual OSStatus osStatus() const;
+
+protected:
+ virtual void debugDiagnose(const void *id) const; // used internally for debug logging
+
+private:
+ IFDEBUG(mutable bool mCarrier); // primary carrier of exception flow
};
class CssmError : public CssmCommonError {
const CSSM_RETURN error;
virtual CSSM_RETURN cssmError() const;
virtual OSStatus osStatus() const;
- virtual const char *what () const;
+ virtual const char *what () const throw ();
static CSSM_RETURN merge(CSSM_RETURN error, CSSM_RETURN base);
+ static void check(CSSM_RETURN error) { if (error != CSSM_OK) throwMe(error); }
static void throwMe(CSSM_RETURN error) __attribute__((noreturn));
};
const int error;
virtual CSSM_RETURN cssmError() const;
virtual OSStatus osStatus() const;
- virtual const char *what () const;
+ virtual const char *what () const throw ();
static void check(int result) { if (result == -1) throwMe(); }
static void throwMe(int err = errno) __attribute__((noreturn));
// @@@ This is a hack for the Network protocol state machine
static UnixError make(int err = errno);
+
+private:
+ IFDEBUG(void debugDiagnose(const void *id) const);
};
class MacOSError : public CssmCommonError {
const int error;
virtual CSSM_RETURN cssmError() const;
virtual OSStatus osStatus() const;
- virtual const char *what () const;
+ virtual const char *what () const throw ();
static void check(OSStatus status) { if (status != noErr) throwMe(status); }
static void throwMe(int err) __attribute__((noreturn));
#define BEGIN_API try {
#define END_API(base) } \
catch (const CssmCommonError &err) { return err.cssmError(CSSM_ ## base ## _BASE_ERROR); } \
-catch (std::bad_alloc) { return CssmError::merge(CSSM_ERRCODE_MEMORY_ERROR, CSSM_ ## base ## _BASE_ERROR); } \
+catch (const std::bad_alloc &) { return CssmError::merge(CSSM_ERRCODE_MEMORY_ERROR, CSSM_ ## base ## _BASE_ERROR); } \
catch (...) { return CssmError::merge(CSSM_ERRCODE_INTERNAL_ERROR, CSSM_ ## base ## _BASE_ERROR); } \
return CSSM_OK;
#define END_API0 } catch (...) { return; }
{ return overlay(data); }
static const Wrapper *optional(const POD *data)
{ return overlay(data); }
+
+ // general helpers for all PodWrappers
+ void clearPod()
+ { memset(static_cast<POD *>(this), 0, sizeof(POD)); }
};
void clear()
{ Data = NULL; Length = 0; }
- operator string () const // convert to string type (no trailing null)
- { return string(reinterpret_cast<const char *>(data()), length()); }
+ string toString () const; // convert to string type (no trailing null)
operator bool () const { return Data != NULL; }
bool operator ! () const { return Data == NULL; }
//
// Other PodWrappers for stuff that is barely useful...
//
+class CssmKeySize : public PodWrapper<CssmKeySize, CSSM_KEY_SIZE> {
+public:
+ CssmKeySize() { }
+ CssmKeySize(uint32 nom, uint32 eff) { LogicalKeySizeInBits = nom; EffectiveKeySizeInBits = eff; }
+ CssmKeySize(uint32 size) { LogicalKeySizeInBits = EffectiveKeySizeInBits = size; }
+
+ uint32 logical() const { return LogicalKeySizeInBits; }
+ uint32 effective() const { return EffectiveKeySizeInBits; }
+ operator uint32 () const { return effective(); }
+};
+
+inline bool operator == (const CSSM_KEY_SIZE &s1, const CSSM_KEY_SIZE &s2)
+{
+ return s1.LogicalKeySizeInBits == s2.LogicalKeySizeInBits
+ && s1.EffectiveKeySizeInBits == s2.EffectiveKeySizeInBits;
+}
+
+inline bool operator != (const CSSM_KEY_SIZE &s1, const CSSM_KEY_SIZE &s2)
+{ return !(s1 == s2); }
+
+
class QuerySizeData : public PodWrapper<QuerySizeData, CSSM_QUERY_SIZE_DATA> {
public:
+ QuerySizeData() { }
QuerySizeData(uint32 in) { SizeInputBlock = in; SizeOutputBlock = 0; }
uint32 inputSize() const { return SizeInputBlock; }
uint32 outputSize() const { return SizeOutputBlock; }
};
+inline bool operator == (const CSSM_QUERY_SIZE_DATA &s1, const CSSM_QUERY_SIZE_DATA &s2)
+{
+ return s1.SizeInputBlock == s2.SizeInputBlock
+ && s1.SizeOutputBlock == s2.SizeOutputBlock;
+}
+
+inline bool operator != (const CSSM_QUERY_SIZE_DATA &s1, const CSSM_QUERY_SIZE_DATA &s2)
+{ return !(s1 == s2); }
+
+
class CSPOperationalStatistics :
public PodWrapper<CSPOperationalStatistics, CSSM_CSP_OPERATIONAL_STATISTICS> {
public:
};
-//
-// CoreFoundation support.
-// This will move into a separate file.
-//
-
-//
-// Initialize-only self-releasing CF object handler (lightweight).
-// Does not support assignment.
-//
-template <class CFType> class CFRef {
-public:
- CFRef() : mRef(NULL) { }
- CFRef(CFType ref) : mRef(ref) { }
- CFRef(const CFRef &ref) : mRef(ref) { if (ref) CFRetain(ref); }
- ~CFRef() { if (mRef) CFRelease(mRef); }
-
- CFRef &operator = (CFType ref)
- { if (ref) CFRetain(ref); if (mRef) CFRelease(mRef); mRef = ref; return *this; }
-
- operator CFType () const { return mRef; }
- operator bool () const { return mRef != NULL; }
- bool operator ! () const { return mRef == NULL; }
-
-private:
- CFType mRef;
-};
-
-template <class CFType> class CFCopyRef {
-public:
- CFCopyRef() : mRef(NULL) { }
- explicit CFCopyRef(CFType ref) : mRef(ref) { if (ref) CFRetain(ref); }
- CFCopyRef(const CFCopyRef &ref) : mRef(ref) { if (ref) CFRetain(ref); }
- ~CFCopyRef() { if (mRef) CFRelease(mRef); }
-
- CFCopyRef &operator = (CFType ref)
- { if (ref) CFRetain(ref); if (mRef) CFRelease(mRef); mRef = ref; return *this; }
-
- operator CFType () const { return mRef; }
- operator bool () const { return mRef != NULL; }
- bool operator ! () const { return mRef == NULL; }
-
-private:
- CFType mRef;
-};
-
// Help with container of something->pointer cleanup
template <class In>
static inline void for_each_delete(In first, In last)
typedef size_t size_type;
typedef ptrdiff_t difference_type;
- typedef reverse_iterator<const_iterator> const_reverse_iterator;
+ typedef std::reverse_iterator<const_iterator> const_reverse_iterator;
public:
const_iterator begin() const { return _M_start; }
const_iterator end() const { return _M_finish; }
const _Tp *_M_finish;
};
+
} // end namespace Security
-#ifdef _CPP_UTILITIES
-#pragma export off
-#endif
+
+//
+// Strictly as a transition measure, include cfutilities.h here
+//
+#include "cfutilities.h"
+
#endif //_H_UTILITIES
// Automatically use the Security namespace for everything that includes the utility_config header.
using namespace Security;
+// Make sure that namespace std exists
+namespace std
+{
+} // end namespace std
+
+// Automatically use the std namespace for everything that includes the utility_config header.
+using namespace std;
+
#endif //_H_UTILITY_CONFIG
static const bool needsSize = false;
private:
- set<void *> freeSet;
+ std::set<void *> freeSet;
};
return w;
}
+
template <class T>
T *copy(const T *obj, void *addr)
{
return copy(obj, alloc.malloc(size));
}
+template <class T>
+void copy(const T *obj, CssmAllocator &alloc, CssmData &data)
+{
+ if (obj == NULL) {
+ data.Length = 0;
+ return;
+ }
+ if (data.data() == NULL) {
+ size_t length = size(obj);
+ data = CssmData(alloc.malloc(length), length);
+ } else
+ assert(size(obj) <= data.length());
+ copy(obj, data.data());
+}
+
+
template <class T>
void relocate(T *obj, T *base)
{
}
}
+
template <class T>
T *chunkCopy(const T *obj, CssmAllocator &alloc = CssmAllocator::standard())
{
{87191ca1-0fc9-11d4-849a000502b52122} d *AppleDL
-{87191ca2-0fc9-11d4-849a000502b52122} c *AppleCSP
+{87191ca2-0fc9-11d4-849a000502b52122} cm *AppleCSP
{87191ca3-0fc9-11d4-849a000502b52122} cd *AppleCSPDL
-{87191ca4-0fc9-11d4-849a000502b52122} C *AppleX509CL
-{87191ca5-0fc9-11d4-849a000502b52122} t *AppleX509TP
+{87191ca4-0fc9-11d4-849a000502b52122} Cm *AppleX509CL
+{87191ca5-0fc9-11d4-849a000502b52122} tm *AppleX509TP
}
private:
- typedef StandardAttachment<type, Table>::NameMap NameMap;
+ typedef typename StandardAttachment<type, Table>::NameMap NameMap;
NameMap nameMap;
};
: AttachmentMaker(type)
{
for (unsigned n = 0; n < sizeof(nameTable) / sizeof(nameTable[0]); n++)
- nameMap.insert(NameMap::value_type(nameTable[n], n));
+ nameMap.insert(typename NameMap::value_type(nameTable[n], n));
}
//
#include "manager.h"
#include "cssmcontext.h"
-
//
// Construct an Attachment object.
// This constructor does almost all the work: it initializes the Attachment
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>CDSAVersion</key>
+ <string>2.0</string>
+ <key>Desc</key>
+ <string>Apple Standard CSSM</string>
+ <key>MdsFileDescription</key>
+ <string>Built-in CSSM Common info</string>
+ <key>MdsFileType</key>
+ <string>CSSM</string>
+ <key>ModuleID</key>
+ <string>{87191ca0-0fc9-11d4-849a000502b52122}</string>
+ <key>ModuleName</key>
+ <string>Security.framework</string>
+ <key>NativeServices</key>
+ <string>CSSM_SERVICE_CSSM|CSSM_SERVICE_CSP|CSSM_SERVICE_DL|CSSM_SERVICE_CL|CSSM_SERVICE_TP|CSSM_SERVICE_AC</string>
+ <key>ProductVersion</key>
+ <string>2.0</string>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
walk(copier, *slot);
if (CSSM_RETURN err = validateChange(CSSM_CONTEXT_EVENT_UPDATE)) {
*slot = oldSlot;
- attachment.free(data);
CssmError::throwMe(err);
}
} catch (...) {
virtual ~HandleContext();
CSPAttachment &attachment;
+
+ using Context::find; // guard against HandleObjec::find
void mergeAttributes(const CSSM_CONTEXT_ATTRIBUTE *attributes, uint32 count);
CSSM_RETURN validateChange(CSSM_CONTEXT_EVENT event);
- void *operator new (size_t size, CssmAllocator &alloc)
+ void *operator new (size_t size, CssmAllocator &alloc) throw(std::bad_alloc)
{ return alloc.malloc(size); }
- void operator delete (void *addr, size_t, CssmAllocator &alloc)
+ void operator delete (void *addr, size_t, CssmAllocator &alloc) throw()
{ return alloc.free(addr); }
- static void destroy(HandleContext *context, CssmAllocator &alloc)
+ static void destroy(HandleContext *context, CssmAllocator &alloc) throw()
{ context->~HandleContext(); alloc.free(context); }
class Maker; // deluxe builder
+#if __GNUC__ > 2
+private:
+ void operator delete (void *addr) throw() { assert(0); }
+#endif
+
protected:
// Locking protocol, courtesy of HandleObject.
// This locks the underlying attachment.
#define _CPP_CSSMMDS
#endif
#include "cssmmds.h"
+#include <ctype.h>
ModuleNexus<MdsComponent::MDS> MdsComponent::mds;
try {
if (Guid(guid) != mMyGuid)
continue; // no match this line
- } catch (CssmCommonError &error) {
+ } catch (const CssmCommonError &error) {
if (error.cssmError() == CSSM_ERRCODE_INVALID_GUID)
CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR); // invalid file guid => MDS error
throw; // pass all other errors
"CL" => "cssmcli.h", "TP" => "cssmtpi.h");
@OIDS_H=("oidscert.h", "oidscrl.h", "oidsattr.h", "oidsalg.h");
-$SOURCEDIR=$ARGV[0]; # directory with inputs
+$SOURCEDIR=$ARGV[0]; # directory with inputs
+$APICFG=$ARGV[1]; # configuration file
+$TARGETDIR=$ARGV[2]; # directory for outputs
-(${D}) = $SOURCEDIR =~ m@([/:])@; # guess directory delimiter
-sub macintosh() { return ${D} eq ':'; }
-# XXX The configuration file should be passed in as a command line argument
-if( macintosh() ){
- $TARGETDIR=$ARGV[2]; # directory for outputs
- $APICFG=":::cdsa:cdsa:generator.cfg"; # configuration file
-}
-else{
- $TARGETDIR=$ARGV[1]; # directory for outputs
- $APICFG="generator.cfg"; # configuration file
-}
-
-
-$TRANSITION="$TARGETDIR${D}transition.gen"; # C++ code for transition layer
-$TABLES="$TARGETDIR${D}funcnames.gen"; # function name tables
-$REPORT="$TARGETDIR${D}generator.rpt"; # report file
-$EXPORTS="$TARGETDIR${D}cssmexports.gen"; # Exports file
+$TRANSITION="$TARGETDIR/transition.gen"; # C++ code for transition layer
+$TABLES="$TARGETDIR/funcnames.gen"; # function name tables
+$REPORT="$TARGETDIR/generator.rpt"; # report file
+$EXPORTS="$TARGETDIR/cssmexports.gen"; # Exports file
$tabs = "\t\t\t"; # argument indentation (noncritical)
$warning = "This file was automatically generated. Do not edit on penalty of futility!";
#
$/=undef; # big gulp mode
foreach $_ (@API_H) {
- open(API_H, "$SOURCEDIR${D}$_") or die "Cannot open $SOURCEDIR${D}$_: $^E";
+ open(API_H, "$SOURCEDIR/$_") or die "Cannot open $SOURCEDIR/$_: $^E";
$_ = <API_H>; # glglgl... aaaaah
- tr/\012/\015/ if macintosh;
%formals = /CSSM_RETURN CSSMAPI\s*([A-Za-z_]+)\s+\(([^)]*)\);/gs;
while (($name, $args) = each %formals) {
$args =~ s/^.*[ *]([A-Za-z_]+,?)$/$tabs$1/gm; # remove type declarators
#
$/=undef; # slurp files
while (($key, $file) = each %SPI_H) {
- open(SPI_H, "$SOURCEDIR${D}$file") or die "Cannot open $SOURCEDIR${D}$file: $^E";
+ open(SPI_H, "$SOURCEDIR/$file") or die "Cannot open $SOURCEDIR/$file: $^E";
$spi{$key} = <SPI_H>;
- $spi{$key} =~ tr/\012/\015/ if macintosh;
};
close(SPI_H);
open(APICFG, $APICFG) or die "Cannot open $APICFG: $^E";
$_=<APICFG>;
close(APICFG);
-tr/\012/\015/ if macintosh;
%config = /^\s*(\w+)\s+(.*)$/gm;
# OID-related data symbols
$/=undef;
foreach $_ (@OIDS_H) {
- open(OIDS_H, "$SOURCEDIR${D}$_") or die "Cannot open $SOURCEDIR${D}$_: $^E";
+ open(OIDS_H, "$SOURCEDIR/$_") or die "Cannot open $SOURCEDIR/$_: $^E";
$_ = <OIDS_H>; # glglgl... aaaaah
- tr/\012/\015/ if macintosh;
s/\/\*.*\*\///gm; # remove comments
foreach $name (/\s+(CSSMOID_[A-Za-z0-9_]+)/gs) {
#include "cssmmds.h"
#include <Security/callback.h>
#include <Security/modloader.h>
-#include <hash_map>
#include <set>
+#if __GNUC__ > 2
+#include <ext/hash_map>
+using __gnu_cxx::hash_map;
+#else
+#include <hash_map>
+#endif
+
//
// This type represents a loaded plugin module of some kind. For each CssmManager
OID_SHA1WithRSA[] = { OID_PKCS_1, 5 },
OID_DHKeyAgreement[] = { OID_PKCS_3, 1 },
OID_OIW_DSA[] = { OID_OIW_ALGORITHM, 12 },
- OID_OIW_DSAWithSHA1[] = { OID_OIW_ALGORITHM, 27 };
-
+ OID_OIW_DSAWithSHA1[] = { OID_OIW_ALGORITHM, 27 },
+ OID_OIW_SHA1[] = { OID_OIW_ALGORITHM, 26 };
+
const CSSM_OID
CSSMOID_MD2 = {OID_RSA_HASH_LENGTH+1, (uint8 *)OID_MD2},
CSSMOID_MD4 = {OID_RSA_HASH_LENGTH+1, (uint8 *)OID_MD4},
CSSMOID_SHA1WithRSA = {OID_PKCS_1_LENGTH+1, (uint8 *)OID_SHA1WithRSA},
CSSMOID_DH = {OID_PKCS_3_LENGTH+1, (uint8 *)OID_DHKeyAgreement},
CSSMOID_DSA = {OID_OIW_ALGORITHM_LENGTH+1, (uint8 *)OID_OIW_DSA},
- CSSMOID_SHA1WithDSA = {OID_OIW_ALGORITHM_LENGTH+1, (uint8 *)OID_OIW_DSAWithSHA1} ;
+ CSSMOID_SHA1WithDSA = {OID_OIW_ALGORITHM_LENGTH+1, (uint8 *)OID_OIW_DSAWithSHA1},
+ CSSMOID_SHA1 = {OID_OIW_ALGORITHM_LENGTH+1, (uint8 *)OID_OIW_SHA1};
/* iSignTP OBJECT IDENTIFIER ::=
/* AppleSSLPolicy := {appleTrustPolicy 3 } */
APPLE_TP_SSL[] = {APPLE_TP_OID, 3},
+/* AppleLocalCertGenPolicy := {appleTrustPolicy 4 } */
+APPLE_TP_LOCAL_CERT_GEN[] = {APPLE_TP_OID, 4},
+
+/* AppleCSRGenPolicy := {appleTrustPolicy 5 } */
+APPLE_TP_CSR_GEN[] = {APPLE_TP_OID, 5},
+
/*
* fee OBJECT IDENTIFIER ::=
* { appleSecurityAlgorithm 1 }
CSSMOID_APPLE_ISIGN = {APPLE_TP_OID_LENGTH+1, (uint8 *)APPLE_TP_ISIGN},
CSSMOID_APPLE_X509_BASIC = {APPLE_TP_OID_LENGTH+1, (uint8 *)APPLE_TP_X509_BASIC},
CSSMOID_APPLE_TP_SSL = {APPLE_TP_OID_LENGTH+1, (uint8 *)APPLE_TP_SSL},
+CSSMOID_APPLE_TP_LOCAL_CERT_GEN =
+ {APPLE_TP_OID_LENGTH+1, (uint8 *)APPLE_TP_LOCAL_CERT_GEN},
+CSSMOID_APPLE_TP_CSR_GEN = {APPLE_TP_OID_LENGTH+1, (uint8 *)APPLE_TP_CSR_GEN},
CSSMOID_APPLE_FEE = {APPLE_ALG_OID_LENGTH+1, (uint8 *)APPLE_FEE},
CSSMOID_APPLE_ASC = {APPLE_ALG_OID_LENGTH+1, (uint8 *)APPLE_ASC},
CSSMOID_APPLE_FEE_MD5 = {APPLE_ALG_OID_LENGTH+1, (uint8 *)APPLE_FEE_MD5},
CSPDL_SOURCES_DIR = $(SRCROOT)/AppleCSPDL
CDSA_UTILITIES_DIR = $(SRCROOT)/cdsa/cdsa_utilities
CDSA_PLUGINLIB_DIR = $(SRCROOT)/cdsa/cdsa_pluginlib
-GEN_SOURCE_DIR = $(SYMROOT)/derived_src
-GEN_HEADER_DIR = $(SYMROOT)/include/Security
+GEN_SOURCE_DIR = $(BUILT_PRODUCTS_DIR)/derived_src
+GEN_HEADER_DIR = $(BUILT_PRODUCTS_DIR)/include/Security
GEN_ERRORCODES = $(CDSA_UTILITIES_DIR)/generator.pl
ERRORCODES_GEN = $(patsubst %,$(GEN_SOURCE_DIR)/%,errorcodes.gen)
$(ERRORCODES_GEN): $(ERRORCODES_DEPENDS)
mkdir -p $(GEN_SOURCE_DIR)
- (cd $(CDSA_UTILITIES_DIR);\
- $(PERL) ./generator.pl $(CDSA_HEADERS_DIR) $(GEN_SOURCE_DIR))
+ $(PERL) $(CDSA_UTILITIES_DIR)/generator.pl $(CDSA_HEADERS_DIR) $(GEN_SOURCE_DIR)
$(APIGLUE_GEN): $(APIGLUE_DEPENDS)
mkdir -p $(GEN_SOURCE_DIR)
- (cd $(CDSA_SOURCES_DIR);\
- $(PERL) ./generator.pl $(CDSA_HEADERS_DIR) $(GEN_SOURCE_DIR))
+ $(PERL) $(CDSA_SOURCES_DIR)/generator.pl $(CDSA_HEADERS_DIR) $(CDSA_SOURCES_DIR)/generator.cfg $(GEN_SOURCE_DIR)
$(SPIGLUE_GEN): $(SPIGLUE_DEPENDS)
mkdir -p $(GEN_HEADER_DIR)
mkdir -p $(GEN_SOURCE_DIR)
- (cd $(CDSA_PLUGINLIB_DIR);\
- $(PERL) ./generator.pl $(CDSA_HEADERS_DIR) $(GEN_HEADER_DIR) $(GEN_SOURCE_DIR))
+ $(PERL) $(CDSA_PLUGINLIB_DIR)/generator.pl $(CDSA_HEADERS_DIR) $(CDSA_PLUGINLIB_DIR)/generator.cfg $(GEN_HEADER_DIR) $(GEN_SOURCE_DIR)
$(SCHEMA_GEN): $(SCHEMA_DEPENDS)
mkdir -p $(GEN_SOURCE_DIR)
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: MDSAttrParser.cpp
+
+ Contains: Classes to parse XML plists and fill in MDS DBs with the
+ attributes found there.
+
+ Copyright: (c) 2001 Apple Computer, Inc., all rights reserved.
+*/
+
+#include "MDSAttrParser.h"
+#include "MDSAttrUtils.h"
+#include "MDSDictionary.h"
+#include <Security/cssmerrno.h>
+#include <Security/utilities.h>
+#include <Security/logging.h>
+#include <Security/mds_schema.h>
+
+namespace Security
+{
+
+MDSAttrParser::MDSAttrParser(
+ const char *bundlePath,
+ MDSSession &dl,
+ CSSM_DB_HANDLE objectHand,
+ CSSM_DB_HANDLE cdsaDirHand) :
+ mBundle(NULL),
+ mPath(NULL),
+ mDl(dl),
+ mObjectHand(objectHand),
+ mCdsaDirHand(cdsaDirHand)
+{
+ /* Only task here is to cook up a CFBundle for the specified path */
+ unsigned pathLen = strlen(bundlePath);
+ CFURLRef url = CFURLCreateFromFileSystemRepresentation(NULL,
+ (unsigned char *)bundlePath,
+ pathLen,
+ false);
+ if(url == NULL) {
+ Syslog::alert("CFURLCreateFromFileSystemRepresentation(%s) failure", mPath);
+ CssmError::throwMe(CSSMERR_DL_INVALID_DB_NAME);
+ }
+
+ /* FIXME - this leaks 28 bytes each time thru, even though we CFRelease the
+ * mBundle in out destructor. I think this is a CF leak. */
+ mBundle = CFBundleCreate(NULL, url);
+ CFRelease(url);
+ if(mBundle == NULL) {
+ Syslog::alert("CFBundleCreate(%s) failure", mPath);
+ CssmError::throwMe(CSSMERR_DL_INVALID_DB_NAME);
+ }
+ mPath = new char[pathLen + 1];
+ strcpy(mPath, bundlePath);
+}
+
+MDSAttrParser::~MDSAttrParser()
+{
+ CF_RELEASE(mBundle);
+ delete [] mPath;
+}
+
+/*********************
+ Main public function.
+
+Parsing bundle {
+ get all *.mdsinfo files;
+ for each mdsinfo {
+ get contents of that file as dictionary;
+ switch (ModuleType) {
+ case CSSM:
+ parse this mdsinfo --> MDS_OBJECT_RECORDTYPE, MDS_CDSADIR_CSSM_RECORDTYPE;
+ break;
+ case Plugin:
+ parse this info --> MDS_OBJECT_RECORDTYPE, MDS_CDSADIR_COMMON_RECORDTYPE;
+ case PluginInfo:
+ recordType = lookup("MdsRecordType");
+ dispatch to recordtype-specific parsing;
+ }
+ }
+}
+************/
+
+#define RELEASE_EACH_URL 0
+
+void MDSAttrParser::parseAttrs()
+{
+ /* get all *.mdsinfo files */
+ /*
+ * FIXME - this leaks like crazy even though we CFRelease the array.
+ * With RELEASE_EACH_URL true, we attempt to release each element of
+ * the array, but that results in a ton of mallocDebug errors. I believe
+ * this is a CF leak.
+ */
+ CFArrayRef bundleInfoFiles = CFBundleCopyResourceURLsOfType(mBundle,
+ CFSTR(MDS_INFO_TYPE),
+ NULL); // any subdir
+ if(bundleInfoFiles == NULL) {
+ Syslog::alert("MDSAttrParser: no mdsattr files for %s", mPath);
+ return;
+ }
+ assert(CFGetTypeID(bundleInfoFiles) == CFArrayGetTypeID());
+
+ /* process each .mdsinfo file */
+ for(CFIndex i=0; i<CFArrayGetCount(bundleInfoFiles); i++) {
+ /* get filename as CFURL */
+ CFURLRef infoUrl = NULL;
+ MDSDictionary *mdsDict = NULL;
+ CFStringRef infoType = NULL;
+
+ infoUrl = reinterpret_cast<CFURLRef>(
+ CFArrayGetValueAtIndex(bundleInfoFiles, i));
+ if(infoUrl == NULL) {
+ MPDebug("MDSAttrParser: CFBundleCopyResourceURLsOfType screwup 1");
+ continue;
+ }
+ if(CFGetTypeID(infoUrl) != CFURLGetTypeID()) {
+ MPDebug("MDSAttrParser: CFBundleCopyResourceURLsOfType screwup 2");
+ continue;
+ }
+
+ /* Get contents of mdsinfo file as dictionary */
+ mdsDict = new MDSDictionary(infoUrl, mPath);
+ if(mdsDict == NULL) {
+ goto abortInfoFile;
+ }
+ MPDebug("Parsing mdsinfo file %s", mdsDict->fileDesc());
+
+ /* Determine what kind of info file this is and dispatch accordingly */
+ infoType = (CFStringRef)mdsDict->lookup(CFSTR(MDS_INFO_FILE_TYPE),
+ true, CFStringGetTypeID());
+ if(infoType == NULL) {
+ logFileError("Malformed MDS Info file", infoUrl, NULL, NULL);
+ goto abortInfoFile;
+ }
+
+ /* be robust here, errors in these low-level routines do not affect
+ * the rest of our task */
+ try {
+ if(CFStringCompare(infoType, CFSTR(MDS_INFO_FILE_TYPE_CSSM), 0)
+ == kCFCompareEqualTo) {
+ parseCssmInfo(mdsDict);
+ }
+ else if(CFStringCompare(infoType, CFSTR(MDS_INFO_FILE_TYPE_PLUGIN), 0)
+ == kCFCompareEqualTo) {
+ parsePluginCommon(mdsDict);
+ }
+ else if(CFStringCompare(infoType, CFSTR(MDS_INFO_FILE_TYPE_RECORD), 0)
+ == kCFCompareEqualTo) {
+ parsePluginSpecific(mdsDict);
+ }
+ else {
+ logFileError("Malformed MDS Info file", infoUrl, NULL, NULL);
+ }
+ }
+ catch(...) {
+
+ }
+abortInfoFile:
+ delete mdsDict;
+ } /* for each mdsinfo */
+ /* FIXME - do we have to release each element of the array? */
+ #if RELEASE_EACH_URL
+ for(CFIndex i=0; i<CFArrayGetCount(bundleInfoFiles); i++) {
+ CFTypeRef elmt = (CFTypeRef)CFArrayGetValueAtIndex(bundleInfoFiles, i);
+ CF_RELEASE(elmt);
+ }
+ #endif
+ CF_RELEASE(bundleInfoFiles);
+}
+
+void MDSAttrParser::logFileError(
+ const char *op,
+ CFURLRef fileUrl,
+ CFStringRef errStr, // optional if you have it
+ SInt32 *errNo) // optional if you have it
+{
+ const char *cerrStr = NULL;
+ CFStringRef urlStr = CFURLGetString(fileUrl);
+ const char *cUrlStr = CFStringGetCStringPtr(urlStr, CFStringGetSystemEncoding());
+
+ if(errStr) {
+ cerrStr = CFStringGetCStringPtr(errStr, CFStringGetSystemEncoding());
+ Syslog::alert("MDS: %s: bundle %s url %s: error %s",
+ op, mPath, cUrlStr, cerrStr);
+ }
+ else {
+ Syslog::alert("MDS: %s: bundle %s url %s: error %d",
+ op, mPath, cUrlStr, errNo ? *errNo : 0);
+ }
+}
+
+/*
+ * Parse a CSSM info file.
+ */
+void MDSAttrParser::parseCssmInfo(
+ MDSDictionary *mdsDict)
+{
+ /* first get object info */
+ parseObjectRecord(mdsDict);
+
+ /* now CSSM relation */
+ const RelationInfo *relationInfo =
+ MDSRecordTypeToRelation(MDS_CDSADIR_CSSM_RECORDTYPE);
+ assert(relationInfo != NULL);
+ parseMdsRecord(mdsDict, relationInfo, mCdsaDirHand);
+}
+
+/*
+ * Parse a PluginCommon file.
+ */
+void MDSAttrParser::parsePluginCommon(
+ MDSDictionary *mdsDict)
+{
+
+ /* first get object info */
+ parseObjectRecord(mdsDict);
+
+ /* now common relation */
+ const RelationInfo *relationInfo =
+ MDSRecordTypeToRelation(MDS_CDSADIR_COMMON_RECORDTYPE);
+ assert(relationInfo != NULL);
+ parseMdsRecord(mdsDict, relationInfo, mCdsaDirHand);
+}
+
+/*
+ * Parse a Plugin Specific file.
+ */
+void MDSAttrParser::parsePluginSpecific(
+ MDSDictionary *mdsDict)
+{
+ /* determine record type from the file itself */
+ CFStringRef recordTypeStr =
+ (CFStringRef)mdsDict->lookup(MDS_INFO_FILE_RECORD_TYPE,
+ true, CFStringGetTypeID());
+ if(recordTypeStr == NULL) {
+ MPDebug("%s: no %s record found\n", mdsDict->fileDesc(),
+ MDS_INFO_FILE_RECORD_TYPE);
+ return;
+ }
+
+ /* convert to a known schema */
+ const char *recordTypeCStr = MDSCFStringToCString(recordTypeStr);
+ const RelationInfo *relationInfo = MDSRecordTypeNameToRelation(recordTypeCStr);
+ if(relationInfo == NULL) {
+ Syslog::alert("MDS file %s has unsupported record type %s",
+ mdsDict->fileDesc(), recordTypeCStr);
+ MPDebug("MDS file %s has unsupported record type %s",
+ mdsDict->fileDesc(), recordTypeCStr);
+ delete [] recordTypeCStr;
+ return;
+ }
+ MPDebug("Parsing MDS file %s, recordType %s", mdsDict->fileDesc(), recordTypeCStr);
+ delete [] recordTypeCStr;
+
+ /* handle special cases here */
+ switch(relationInfo->DataRecordType) {
+ case MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE:
+ parseCspCapabilitiesRecord(mdsDict);
+ break;
+ case MDS_CDSADIR_TP_OIDS_RECORDTYPE:
+ parseTpPolicyOidsRecord(mdsDict);
+ break;
+ default:
+ /* all (normal) linear schema */
+ parseMdsRecord(mdsDict, relationInfo, mCdsaDirHand);
+ }
+}
+
+
+/*
+ * Given an open MDSDictionary, create an MDS_OBJECT_RECORDTYPE record and
+ * add it to mObjectHand. Used when parsing both CSSM records and MOduleCommon
+ * records.
+ */
+void MDSAttrParser::parseObjectRecord(
+ MDSDictionary *mdsDict)
+{
+ assert(mdsDict != NULL);
+ assert(mObjectHand != 0);
+ parseMdsRecord(mdsDict, &kObjectRelation, mObjectHand);
+
+}
+
+/*
+ * Given an open dictionary and a RelationInfo defining a schema, fetch all
+ * attributes associated with the specified schema from the dictionary
+ * and write them to specified DB.
+ */
+void MDSAttrParser::parseMdsRecord(
+ MDSDictionary *mdsDict,
+ const RelationInfo *relInfo,
+ CSSM_DB_HANDLE dbHand)
+{
+ assert(mdsDict != NULL);
+ assert(relInfo != NULL);
+ assert(dbHand != 0);
+
+ /*
+ * malloc an CSSM_DB_ATTRIBUTE_DATA array associated with specified schema.
+ */
+ unsigned numSchemaAttrs = relInfo->NumberOfAttributes;
+ CSSM_DB_ATTRIBUTE_DATA *dbAttrs = new CSSM_DB_ATTRIBUTE_DATA[numSchemaAttrs];
+
+ /*
+ * Grind thru the attributes in the specified schema. Do not assume the presence
+ * of any given attribute.
+ */
+ uint32 foundAttrs = 0;
+ mdsDict->lookupAttributes(relInfo, dbAttrs, foundAttrs);
+
+ /* write to the DB */
+ MDSInsertRecord(dbAttrs, foundAttrs, relInfo->DataRecordType, mDl, dbHand);
+
+ MDSFreeDbRecordAttrs(dbAttrs, foundAttrs);
+ delete [] dbAttrs;
+}
+
+/*
+ * Parse CSP capabilities. This is much more complicated than most records.
+ * The propertly list (*.mdsinfo) is set up like this:
+ *
+ * root(Dictionary) {
+ * ModuleID(String)
+ * SSID(Number)
+ * Capabilities(Array) {
+ * index 0(Dictionary) {
+ * AlgType(String) -- CSSM_ALGID_SHA1
+ * ContextType(String) -- CSSM_ALGCLASS_DIGEST
+ * UseeTag(String) -- CSSM_USEE_NONE
+ * Description(String) -- "SHA1 Digest"
+ * Attributes(Array)
+ * index 0(Dictionary)
+ * AttributeType(String) -- CSSM_ATTRIBUTE_OUTPUT_SIZE
+ * AttributeValue(Array) {
+ * index 0(Number) -- 20
+ * ...
+ * }
+ * index n ...
+ * }
+ * index n...
+ * }
+ * }
+ *
+ * The plist can specify multiple Capabilities, multiple Attributes for each
+ * Capability, and multiple values for each Attribute. (Note that MULTI_UINT32
+ * in the DB is represented in the plist as an Array of Numbers.) Each element
+ * of each Attributes array maps to one record in the DB. The GroupID attribute
+ * of a record is the index into the plist's Capabilities array.
+ */
+void MDSAttrParser::parseCspCapabilitiesRecord(
+ MDSDictionary *mdsDict)
+{
+ /*
+ * Malloc an attribute array big enough for the whole schema. We're going
+ * to re-use this array every time we write a new record. Portions of
+ * the array are invariant for some inner loops.
+ */
+ const RelationInfo *topRelInfo =
+ MDSRecordTypeToRelation(MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE);
+ assert(topRelInfo != NULL);
+ uint32 numInAttrs = topRelInfo->NumberOfAttributes;
+ CSSM_DB_ATTRIBUTE_DATA_PTR outAttrs = new CSSM_DB_ATTRIBUTE_DATA[numInAttrs];
+
+ /* these attrs are only set once, then they remain invariant */
+ uint32 numTopLevelAttrs;
+ mdsDict->lookupAttributes(&CSPCapabilitiesDict1RelInfo, outAttrs,
+ numTopLevelAttrs);
+
+ bool fetchedFromDisk = false;
+
+ /* obtain Capabilities array */
+ CFArrayRef capArray = (CFArrayRef)mdsDict->lookupWithIndirect("Capabilities",
+ mBundle,
+ CFArrayGetTypeID(),
+ fetchedFromDisk);
+ if(capArray == NULL) {
+ /* well we did not get very far.... */
+ MPDebug("parseCspCapabilitiesRecord: no (or bad) Capabilities");
+ delete [] outAttrs;
+ return;
+ }
+
+ /*
+ * Descend into Capabilities array. Each element is a dictionary defined
+ * by CSPCapabilitiesDict2RelInfo.
+ */
+ CFIndex capArraySize = CFArrayGetCount(capArray);
+ CFIndex capDex;
+ for(capDex=0; capDex<capArraySize; capDex++) {
+ MPDebug("...parsing Capability %d", (int)capDex);
+ CFDictionaryRef capDict =
+ (CFDictionaryRef)CFArrayGetValueAtIndex(capArray, capDex);
+ if((capDict == NULL) ||
+ (CFGetTypeID(capDict) != CFDictionaryGetTypeID())) {
+ MPDebug("parseCspCapabilitiesRecord: bad Capabilities element");
+ break;
+ }
+ MDSDictionary capDictMds(capDict);
+
+ /*
+ * Append this dictionary's attributes to outAttrs, after the fixed
+ * attributes from CSPCapabilitiesDict1RelInfo.
+ */
+ uint32 numCapDictAttrs;
+ capDictMds.lookupAttributes(&CSPCapabilitiesDict2RelInfo,
+ &outAttrs[numTopLevelAttrs],
+ numCapDictAttrs);
+
+ /*
+ * Append the GroupId attribute, which we infer from the current index
+ * into Capabilitites.
+ */
+ MDSRawValueToDbAttr(&capDex, sizeof(CFIndex), CSSM_DB_ATTRIBUTE_FORMAT_UINT32,
+ "GroupId", outAttrs[numTopLevelAttrs + numCapDictAttrs]);
+ numCapDictAttrs++;
+
+ /*
+ * Now descend into the array of this capability's attributes.
+ * Each element is a dictionary defined by
+ * by CSPCapabilitiesDict3RelInfo.
+ */
+ CFArrayRef attrArray = (CFArrayRef)capDictMds.lookup("Attributes",
+ true, CFArrayGetTypeID());
+ if(attrArray == NULL) {
+ MPDebug("parseCspCapabilitiesRecord: no (or bad) Attributes");
+ break;
+ }
+ CFIndex attrArraySize = CFArrayGetCount(attrArray);
+ CFIndex attrDex;
+ for(attrDex=0; attrDex<attrArraySize; attrDex++) {
+ MPDebug(" ...parsing Attribute %d", (int)attrDex);
+ CFDictionaryRef attrDict =
+ (CFDictionaryRef)CFArrayGetValueAtIndex(attrArray, attrDex);
+ if((attrDict == NULL) ||
+ (CFGetTypeID(attrDict) != CFDictionaryGetTypeID())) {
+ MPDebug("parseCspCapabilitiesRecord: bad Attributes element");
+ break;
+ }
+ MDSDictionary attrDictMds(attrDict);
+
+ /*
+ * Append this dictionary's attributes to outAttrs, after the fixed
+ * attributes from CSPCapabilitiesDict1RelInfo and this capability's
+ * CSPCapabilitiesDict2RelInfo.
+ */
+ uint32 numAttrDictAttrs;
+ attrDictMds.lookupAttributes(&CSPCapabilitiesDict3RelInfo,
+ &outAttrs[numTopLevelAttrs + numCapDictAttrs],
+ numAttrDictAttrs);
+
+ /* write to DB */
+ MDSInsertRecord(outAttrs,
+ numTopLevelAttrs + numCapDictAttrs + numAttrDictAttrs,
+ MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE,
+ mDl,
+ mCdsaDirHand);
+
+ /* just free the attrs we allocated in this loop */
+ MDSFreeDbRecordAttrs(&outAttrs[numTopLevelAttrs + numCapDictAttrs],
+ numAttrDictAttrs);
+ } /* for each attribute */
+ /* just free the attrs we allocated in this loop */
+ MDSFreeDbRecordAttrs(&outAttrs[numTopLevelAttrs], numCapDictAttrs);
+ } /* for each capability */
+
+ MDSFreeDbRecordAttrs(outAttrs, numTopLevelAttrs);
+ delete [] outAttrs;
+ if(fetchedFromDisk) {
+ CF_RELEASE(capArray);
+ }
+}
+
+/*
+ * Parse TP Policy OIDs.
+ * The propertly list (*.mdsinfo) is set up like this:
+ *
+ * root(Dictionary) {
+ * ModuleID(String)
+ * SSID(Number)
+ * Policies(Array) {
+ * index 0(Dictionary) {
+ * OID(Data) -- <092a8648 86f76364 0102>
+ * Value(Data) -- optional, OID-specific
+ * index n...
+ * }
+ * }
+ *
+ * The plist can specify multiple Policies. Each element of the Policies
+ * array maps to one record in the DB.
+ */
+void MDSAttrParser::parseTpPolicyOidsRecord(
+ MDSDictionary *mdsDict)
+{
+ /*
+ * Malloc an attribute array big enough for the whole schema. We're going
+ * to re-use this array every time we write a new record. Portions of
+ * the array are invariant for some inner loops.
+ */
+ const RelationInfo *topRelInfo =
+ MDSRecordTypeToRelation(MDS_CDSADIR_TP_OIDS_RECORDTYPE);
+ assert(topRelInfo != NULL);
+ uint32 numInAttrs = topRelInfo->NumberOfAttributes;
+ CSSM_DB_ATTRIBUTE_DATA_PTR outAttrs = new CSSM_DB_ATTRIBUTE_DATA[numInAttrs];
+
+ /* these attrs are only set once, then they remain invariant */
+ uint32 numTopLevelAttrs;
+ mdsDict->lookupAttributes(&TpPolicyOidsDict1RelInfo, outAttrs,
+ numTopLevelAttrs);
+
+ /* obtain Policies array */
+ CFArrayRef policyArray = (CFArrayRef)mdsDict->lookup("Policies",
+ true, CFArrayGetTypeID());
+ if(policyArray == NULL) {
+ /* well we did not get very far.... */
+ MPDebug("parseTpPolicyOidsRecord: no (or bad) Policies");
+ delete [] outAttrs;
+ return;
+ }
+
+ /*
+ * Descend into Policies array. Each element is a dictionary defined
+ * by TpPolicyOidsDict2RelInfo.
+ */
+ CFIndex policyArraySize = CFArrayGetCount(policyArray);
+ CFIndex policyDex;
+ for(policyDex=0; policyDex<policyArraySize; policyDex++) {
+ MPDebug("...parsing Policy %d", (int)policyDex);
+ CFDictionaryRef policyDict =
+ (CFDictionaryRef)CFArrayGetValueAtIndex(policyArray, policyDex);
+ if((policyDict == NULL) ||
+ (CFGetTypeID(policyDict) != CFDictionaryGetTypeID())) {
+ MPDebug("parseTpPolicyOidsRecord: bad Policies element");
+ break;
+ }
+ MDSDictionary policyDictMds(policyDict);
+
+ /*
+ * Append this dictionary's attributes to outAttrs, after the fixed
+ * attributes from TpPolicyOidsDict1RelInfo.
+ */
+ uint32 numPolicyDictAttrs;
+ policyDictMds.lookupAttributes(&TpPolicyOidsDict2RelInfo,
+ &outAttrs[numTopLevelAttrs],
+ numPolicyDictAttrs);
+
+
+ /* write to DB */
+ MDSInsertRecord(outAttrs,
+ numTopLevelAttrs + numPolicyDictAttrs,
+ MDS_CDSADIR_TP_OIDS_RECORDTYPE,
+ mDl,
+ mCdsaDirHand);
+
+ /* free the attrs allocated in this loop */
+ MDSFreeDbRecordAttrs(outAttrs + numTopLevelAttrs, numPolicyDictAttrs);
+ } /* for each policy */
+ MDSFreeDbRecordAttrs(outAttrs, numTopLevelAttrs);
+ delete [] outAttrs;
+}
+
+
+} // end namespace Security
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: MDSAttrParser.h
+
+ Contains: Classes to parse XML plists and fill in MDS DBs with the
+ attributes found there.
+
+ Copyright: (c) 2001 Apple Computer, Inc., all rights reserved.
+*/
+
+#ifndef _MDS_ATTR_PARSER_H_
+#define _MDS_ATTR_PARSER_H_ 1
+
+#include <Security/cssmtype.h>
+#include "MDSSession.h"
+#include "MDSDictionary.h"
+#include "MDSAttrStrings.h"
+#include <CoreFoundation/CoreFoundation.h>
+
+/*
+ * Hard-coded strings, which we attempt to keep to a minimum
+ */
+
+/* extension of a bundle's MDS files */
+#define MDS_INFO_TYPE "mdsinfo"
+
+/* key in an MDS info file determining whether it's for CSSM, plugin, or
+ * Plugin-specific MDS record type */
+#define MDS_INFO_FILE_TYPE "MdsFileType"
+
+/* Values for MDS_INFO_FILE_TYPE */
+#define MDS_INFO_FILE_TYPE_CSSM "CSSM"
+#define MDS_INFO_FILE_TYPE_PLUGIN "PluginCommon"
+#define MDS_INFO_FILE_TYPE_RECORD "PluginSpecific"
+
+/* For MDS_INFO_FILE_TYPE_RECORD files, this key is used to find the
+ * CSSM_DB_RECORDTYPE associated with the file's info. */
+#define MDS_INFO_FILE_RECORD_TYPE "MdsRecordType"
+
+/* key for file description string, for debugging and documentation (since
+ * PropertyListEditor does not support comments) */
+#define MDS_INFO_FILE_DESC "MdsFileDescription"
+
+
+namespace Security
+{
+
+/*
+ * The purpose of the MDSAttrParser class is to process a set of plist files
+ * in a specified bundle or framework, parsing them to create data which
+ * is written to a pair of open DBs. Each plist file represents the bundle's
+ * entries for one or more MDS relations. Typically a bundle will have
+ * multiple plist files.
+ */
+
+/* base class for all parsers */
+class MDSAttrParser
+{
+public:
+ MDSAttrParser(
+ const char *bundlePath,
+ MDSSession &dl,
+ CSSM_DB_HANDLE objectHand,
+ CSSM_DB_HANDLE cdsaDirHand);
+ virtual ~MDSAttrParser();
+
+ /* the bulk of the work */
+ void parseAttrs();
+
+private:
+ void logFileError(
+ const char *op,
+ CFURLRef file,
+ CFStringRef errStr, // optional if you have it
+ SInt32 *errNo); // optional if you have it
+
+ /*
+ * Parse a CSSM info file.
+ */
+ void parseCssmInfo(
+ MDSDictionary *theDict);
+
+ /*
+ * Parse a Plugin Common info file.
+ */
+ void parsePluginCommon(
+ MDSDictionary *theDict);
+
+ /*
+ * Parse a Plugin-specific file.
+ */
+ void parsePluginSpecific(
+ MDSDictionary *theDict);
+
+ /*
+ * Given an open dictionary (representing a parsed XML file), create
+ * an MDS_OBJECT_RECORDTYPE record and add it to mObjectHand. This is
+ * used by both parseCssmInfo and parsePluginCommon.
+ */
+ void parseObjectRecord(
+ MDSDictionary *dict);
+
+ /*
+ * Given an open dictionary and a RelationInfo defining a schema, fetch all
+ * attributes associated with the specified schema from the dictionary
+ * and write them to specified DB.
+ */
+ void parseMdsRecord(
+ MDSDictionary *mdsDict,
+ const RelationInfo *relInfo,
+ CSSM_DB_HANDLE dbHand);
+
+ /*
+ * Special case handlers for MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE and
+ * MDS_CDSADIR_TP_OIDS_RECORDTYPE.
+ */
+ void parseCspCapabilitiesRecord(
+ MDSDictionary *mdsDict);
+ void parseTpPolicyOidsRecord(
+ MDSDictionary *mdsDict);
+
+private:
+ /* could be Security.framework or a loadable bundle anywhere */
+ CFBundleRef mBundle;
+ char *mPath;
+
+ /* a DL session and two open DBs - one for object directory, one for
+ * CDSA directory */
+ MDSSession &mDl;
+ CSSM_DB_HANDLE mObjectHand;
+ CSSM_DB_HANDLE mCdsaDirHand;
+};
+
+
+} // end namespace Security
+
+#endif /* _MDS_ATTR_PARSER_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: MDSAttrStrings.cpp
+
+ Contains: Static tables to map attribute names to numeric values.
+
+ Copyright: (c) 2001 Apple Computer, Inc., all rights reserved.
+*/
+
+#include "MDSAttrStrings.h"
+#include "MDSAttrUtils.h"
+#include <Security/cssmapple.h>
+#include <Security/mds_schema.h>
+#include <Security/cssmkrapi.h> // CSSM_KR_POLICY_TYPE
+#include <ctype.h> // isDigit
+#include <strings.h> // strcmp
+#include <stdlib.h> // atoi
+
+namespace Security
+{
+
+/* declare one entry in a table of MDSNameValuePairs */
+#define MNVP(attr) {attr, #attr}
+
+/* the NULL entry which terminates all MDSNameValuePair tables */
+#define MNVP_END {0, NULL}
+
+/***
+ *** common attributes
+ ***/
+
+/* CSSM_SERVICE_MASK */
+const MDSNameValuePair MDSServiceNames[] =
+{
+ MNVP(CSSM_SERVICE_CSSM),
+ MNVP(CSSM_SERVICE_CSP),
+ MNVP(CSSM_SERVICE_DL),
+ MNVP(CSSM_SERVICE_CL),
+ MNVP(CSSM_SERVICE_TP),
+ MNVP(CSSM_SERVICE_AC),
+ MNVP(CSSM_SERVICE_KR),
+ MNVP_END
+};
+
+/* CSSM_ACL_SUBJECT_TYPE */
+const MDSNameValuePair MDSAclSubjectTypeNames[] =
+{
+ MNVP(CSSM_ACL_SUBJECT_TYPE_ANY),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_THRESHOLD),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_PASSWORD),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_PUBLIC_KEY),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_HASHED_SUBJECT),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_BIOMETRIC),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_PROTECTED_BIOMETRIC),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_PROMPTED_BIOMETRIC),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_LOGIN_NAME),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_EXT_PAM_NAME),
+ /* from cssmapple.h */
+ MNVP(CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_PROCESS),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE),
+ MNVP(CSSM_ACL_SUBJECT_TYPE_COMMENT),
+ MNVP_END
+};
+
+/* CSSM_ACL_AUTHORIZATION_TAG */
+const MDSNameValuePair MDSAclAuthTagNames[] =
+{
+ MNVP(CSSM_ACL_AUTHORIZATION_ANY),
+ MNVP(CSSM_ACL_AUTHORIZATION_LOGIN),
+ MNVP(CSSM_ACL_AUTHORIZATION_GENKEY),
+ MNVP(CSSM_ACL_AUTHORIZATION_DELETE),
+ MNVP(CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED),
+ MNVP(CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR),
+ MNVP(CSSM_ACL_AUTHORIZATION_IMPORT_WRAPPED),
+ MNVP(CSSM_ACL_AUTHORIZATION_IMPORT_CLEAR),
+ MNVP(CSSM_ACL_AUTHORIZATION_SIGN),
+ MNVP(CSSM_ACL_AUTHORIZATION_ENCRYPT),
+ MNVP(CSSM_ACL_AUTHORIZATION_DECRYPT),
+ MNVP(CSSM_ACL_AUTHORIZATION_MAC),
+ MNVP(CSSM_ACL_AUTHORIZATION_DERIVE),
+ MNVP(CSSM_ACL_AUTHORIZATION_DBS_CREATE),
+ MNVP(CSSM_ACL_AUTHORIZATION_DBS_DELETE),
+ MNVP(CSSM_ACL_AUTHORIZATION_DB_READ),
+ MNVP(CSSM_ACL_AUTHORIZATION_DB_INSERT),
+ MNVP(CSSM_ACL_AUTHORIZATION_DB_MODIFY),
+ MNVP(CSSM_ACL_AUTHORIZATION_DB_DELETE),
+ /* from cssmapple.h */
+ MNVP(CSSM_ACL_AUTHORIZATION_CHANGE_ACL),
+ MNVP(CSSM_ACL_AUTHORIZATION_CHANGE_OWNER),
+ MNVP_END
+};
+
+/***
+ *** CSP attributes
+ ***/
+
+/* CSSM_CONTEXT_TYPE */
+const MDSNameValuePair MDSContextTypeNames[] =
+{
+ MNVP(CSSM_ALGCLASS_NONE),
+ MNVP(CSSM_ALGCLASS_CUSTOM),
+ MNVP(CSSM_ALGCLASS_SIGNATURE),
+ MNVP(CSSM_ALGCLASS_SYMMETRIC),
+ MNVP(CSSM_ALGCLASS_DIGEST),
+ MNVP(CSSM_ALGCLASS_RANDOMGEN),
+ MNVP(CSSM_ALGCLASS_UNIQUEGEN),
+ MNVP(CSSM_ALGCLASS_MAC),
+ MNVP(CSSM_ALGCLASS_ASYMMETRIC),
+ MNVP(CSSM_ALGCLASS_KEYGEN),
+ MNVP(CSSM_ALGCLASS_DERIVEKEY),
+ MNVP(CSSM_ALGCLASS_NONE),
+ MNVP_END
+};
+
+/* CSSM_ATTRIBUTE_TYPE */
+const MDSNameValuePair MDSAttributeTypeNames[] =
+{
+ MNVP(CSSM_ATTRIBUTE_NONE),
+ MNVP(CSSM_ATTRIBUTE_CUSTOM),
+ MNVP(CSSM_ATTRIBUTE_DESCRIPTION),
+ MNVP(CSSM_ATTRIBUTE_KEY),
+ MNVP(CSSM_ATTRIBUTE_INIT_VECTOR),
+ MNVP(CSSM_ATTRIBUTE_SALT),
+ MNVP(CSSM_ATTRIBUTE_PADDING),
+ MNVP(CSSM_ATTRIBUTE_RANDOM),
+ MNVP(CSSM_ATTRIBUTE_SEED),
+ MNVP(CSSM_ATTRIBUTE_PASSPHRASE),
+ MNVP(CSSM_ATTRIBUTE_KEY_LENGTH),
+ MNVP(CSSM_ATTRIBUTE_KEY_LENGTH_RANGE),
+ MNVP(CSSM_ATTRIBUTE_BLOCK_SIZE),
+ MNVP(CSSM_ATTRIBUTE_OUTPUT_SIZE),
+ MNVP(CSSM_ATTRIBUTE_ROUNDS),
+ MNVP(CSSM_ATTRIBUTE_IV_SIZE),
+ MNVP(CSSM_ATTRIBUTE_ALG_PARAMS),
+ MNVP(CSSM_ATTRIBUTE_LABEL),
+ MNVP(CSSM_ATTRIBUTE_KEY_TYPE),
+ MNVP(CSSM_ATTRIBUTE_MODE),
+ MNVP(CSSM_ATTRIBUTE_EFFECTIVE_BITS),
+ MNVP(CSSM_ATTRIBUTE_START_DATE),
+ MNVP(CSSM_ATTRIBUTE_END_DATE),
+ MNVP(CSSM_ATTRIBUTE_KEYUSAGE),
+ MNVP(CSSM_ATTRIBUTE_KEYATTR),
+ MNVP(CSSM_ATTRIBUTE_VERSION),
+ MNVP(CSSM_ATTRIBUTE_PRIME),
+ MNVP(CSSM_ATTRIBUTE_SUBPRIME),
+ MNVP(CSSM_ATTRIBUTE_ALG_ID),
+ MNVP(CSSM_ATTRIBUTE_ITERATION_COUNT),
+ MNVP(CSSM_ATTRIBUTE_ROUNDS_RANGE),
+ MNVP(CSSM_ATTRIBUTE_KRPROFILE_LOCAL),
+ MNVP(CSSM_ATTRIBUTE_KRPROFILE_REMOTE),
+ MNVP(CSSM_ATTRIBUTE_CSP_HANDLE),
+ MNVP(CSSM_ATTRIBUTE_DL_DB_HANDLE),
+ MNVP(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS),
+ MNVP(CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT),
+ MNVP(CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT),
+ MNVP(CSSM_ATTRIBUTE_SYMMETRIC_KEY_FORMAT),
+ MNVP(CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT),
+ MNVP_END
+};
+
+/* CSSM_PADDING */
+const MDSNameValuePair MDSPaddingNames[] =
+{
+ MNVP(CSSM_PADDING_NONE),
+ MNVP(CSSM_PADDING_CUSTOM),
+ MNVP(CSSM_PADDING_ZERO),
+ MNVP(CSSM_PADDING_ONE),
+ MNVP(CSSM_PADDING_ALTERNATE),
+ MNVP(CSSM_PADDING_FF),
+ MNVP(CSSM_PADDING_PKCS5),
+ MNVP(CSSM_PADDING_PKCS7),
+ MNVP(CSSM_PADDING_CIPHERSTEALING),
+ MNVP(CSSM_PADDING_RANDOM),
+ MNVP(CSSM_PADDING_PKCS1),
+ MNVP_END
+};
+
+/* CSSM_CSP_FLAGS */
+const MDSNameValuePair MDSCspFlagsNames[] =
+{
+ MNVP(CSSM_CSP_TOK_WRITE_PROTECTED),
+ MNVP(CSSM_CSP_TOK_LOGIN_REQUIRED),
+ MNVP(CSSM_CSP_TOK_USER_PIN_INITIALIZED),
+ MNVP(CSSM_CSP_TOK_PROT_AUTHENTICATION),
+ MNVP(CSSM_CSP_TOK_USER_PIN_EXPIRED),
+ MNVP(CSSM_CSP_TOK_SESSION_KEY_PASSWORD),
+ MNVP(CSSM_CSP_TOK_PRIVATE_KEY_PASSWORD),
+ MNVP(CSSM_CSP_STORES_PRIVATE_KEYS),
+ MNVP(CSSM_CSP_STORES_PUBLIC_KEYS),
+ MNVP(CSSM_CSP_STORES_SESSION_KEYS),
+ MNVP(CSSM_CSP_STORES_CERTIFICATES),
+ MNVP(CSSM_CSP_STORES_GENERIC),
+ MNVP_END
+};
+
+/* CSSM_ALGORITHMS */
+const MDSNameValuePair MDSAlgorithmNames[] =
+{
+ MNVP(CSSM_ALGID_NONE),
+ MNVP(CSSM_ALGID_CUSTOM),
+ MNVP(CSSM_ALGID_DH),
+ MNVP(CSSM_ALGID_PH),
+ MNVP(CSSM_ALGID_KEA),
+ MNVP(CSSM_ALGID_MD2),
+ MNVP(CSSM_ALGID_MD4),
+ MNVP(CSSM_ALGID_MD5),
+ MNVP(CSSM_ALGID_SHA1),
+ MNVP(CSSM_ALGID_NHASH),
+ MNVP(CSSM_ALGID_HAVAL),
+ MNVP(CSSM_ALGID_RIPEMD),
+ MNVP(CSSM_ALGID_IBCHASH),
+ MNVP(CSSM_ALGID_RIPEMAC),
+ MNVP(CSSM_ALGID_DES),
+ MNVP(CSSM_ALGID_DESX),
+ MNVP(CSSM_ALGID_RDES),
+ MNVP(CSSM_ALGID_3DES_3KEY_EDE),
+ MNVP(CSSM_ALGID_3DES_2KEY_EDE),
+ MNVP(CSSM_ALGID_3DES_1KEY_EEE),
+ MNVP(CSSM_ALGID_3DES_3KEY),
+ MNVP(CSSM_ALGID_3DES_3KEY_EEE),
+ MNVP(CSSM_ALGID_3DES_2KEY),
+ MNVP(CSSM_ALGID_3DES_2KEY_EEE),
+ MNVP(CSSM_ALGID_3DES_1KEY),
+ MNVP(CSSM_ALGID_IDEA),
+ MNVP(CSSM_ALGID_RC2),
+ MNVP(CSSM_ALGID_RC5),
+ MNVP(CSSM_ALGID_RC4),
+ MNVP(CSSM_ALGID_SEAL),
+ MNVP(CSSM_ALGID_CAST),
+ MNVP(CSSM_ALGID_BLOWFISH),
+ MNVP(CSSM_ALGID_SKIPJACK),
+ MNVP(CSSM_ALGID_LUCIFER),
+ MNVP(CSSM_ALGID_MADRYGA),
+ MNVP(CSSM_ALGID_FEAL),
+ MNVP(CSSM_ALGID_REDOC),
+ MNVP(CSSM_ALGID_REDOC3),
+ MNVP(CSSM_ALGID_LOKI),
+ MNVP(CSSM_ALGID_KHUFU),
+ MNVP(CSSM_ALGID_KHAFRE),
+ MNVP(CSSM_ALGID_MMB),
+ MNVP(CSSM_ALGID_GOST),
+ MNVP(CSSM_ALGID_SAFER),
+ MNVP(CSSM_ALGID_CRAB),
+ MNVP(CSSM_ALGID_RSA),
+ MNVP(CSSM_ALGID_DSA),
+ MNVP(CSSM_ALGID_MD5WithRSA),
+ MNVP(CSSM_ALGID_MD2WithRSA),
+ MNVP(CSSM_ALGID_ElGamal),
+ MNVP(CSSM_ALGID_MD2Random),
+ MNVP(CSSM_ALGID_MD5Random),
+ MNVP(CSSM_ALGID_SHARandom),
+ MNVP(CSSM_ALGID_DESRandom),
+ MNVP(CSSM_ALGID_SHA1WithRSA),
+ MNVP(CSSM_ALGID_CDMF),
+ MNVP(CSSM_ALGID_CAST3),
+ MNVP(CSSM_ALGID_CAST5),
+ MNVP(CSSM_ALGID_GenericSecret),
+ MNVP(CSSM_ALGID_ConcatBaseAndKey),
+ MNVP(CSSM_ALGID_ConcatKeyAndBase),
+ MNVP(CSSM_ALGID_ConcatBaseAndData),
+ MNVP(CSSM_ALGID_ConcatDataAndBase),
+ MNVP(CSSM_ALGID_XORBaseAndData),
+ MNVP(CSSM_ALGID_ExtractFromKey),
+ MNVP(CSSM_ALGID_SSL3PreMasterGen),
+ MNVP(CSSM_ALGID_SSL3MasterDerive),
+ MNVP(CSSM_ALGID_SSL3KeyAndMacDerive),
+ MNVP(CSSM_ALGID_SSL3MD5_MAC),
+ MNVP(CSSM_ALGID_SSL3SHA1_MAC),
+ MNVP(CSSM_ALGID_PKCS5_PBKDF1_MD5),
+ MNVP(CSSM_ALGID_PKCS5_PBKDF1_MD2),
+ MNVP(CSSM_ALGID_PKCS5_PBKDF1_SHA1),
+ MNVP(CSSM_ALGID_WrapLynks),
+ MNVP(CSSM_ALGID_WrapSET_OAEP),
+ MNVP(CSSM_ALGID_BATON),
+ MNVP(CSSM_ALGID_ECDSA),
+ MNVP(CSSM_ALGID_MAYFLY),
+ MNVP(CSSM_ALGID_JUNIPER),
+ MNVP(CSSM_ALGID_FASTHASH),
+ MNVP(CSSM_ALGID_3DES),
+ MNVP(CSSM_ALGID_SSL3MD5),
+ MNVP(CSSM_ALGID_SSL3SHA1),
+ MNVP(CSSM_ALGID_FortezzaTimestamp),
+ MNVP(CSSM_ALGID_SHA1WithDSA),
+ MNVP(CSSM_ALGID_SHA1WithECDSA),
+ MNVP(CSSM_ALGID_DSA_BSAFE),
+ MNVP(CSSM_ALGID_ECDH),
+ MNVP(CSSM_ALGID_ECMQV),
+ MNVP(CSSM_ALGID_PKCS12_SHA1_PBE),
+ MNVP(CSSM_ALGID_ECNRA),
+ MNVP(CSSM_ALGID_SHA1WithECNRA),
+ MNVP(CSSM_ALGID_ECES),
+ MNVP(CSSM_ALGID_ECAES),
+ MNVP(CSSM_ALGID_SHA1HMAC),
+ MNVP(CSSM_ALGID_FIPS186Random),
+ MNVP(CSSM_ALGID_ECC),
+ MNVP(CSSM_ALGID_MQV),
+ MNVP(CSSM_ALGID_NRA),
+ MNVP(CSSM_ALGID_IntelPlatformRandom),
+ MNVP(CSSM_ALGID_UTC),
+ MNVP(CSSM_ALGID_HAVAL3),
+ MNVP(CSSM_ALGID_HAVAL4),
+ MNVP(CSSM_ALGID_HAVAL5),
+ MNVP(CSSM_ALGID_TIGER),
+ MNVP(CSSM_ALGID_MD5HMAC),
+ MNVP(CSSM_ALGID_PKCS5_PBKDF2),
+ MNVP(CSSM_ALGID_RUNNING_COUNTER),
+
+ /* from cssmapple.h */
+ MNVP(CSSM_ALGID_APPLE_YARROW),
+ MNVP(CSSM_ALGID_AES),
+ MNVP(CSSM_ALGID_FEE),
+ MNVP(CSSM_ALGID_FEE_MD5),
+ MNVP(CSSM_ALGID_FEE_SHA1),
+ MNVP(CSSM_ALGID_FEED),
+ MNVP(CSSM_ALGID_FEEDEXP),
+ MNVP(CSSM_ALGID_ASC),
+ MNVP(CSSM_ALGID_SHA1HMAC_LEGACY),
+ MNVP_END
+};
+
+/* CSSM_ENCRYPT_MODE */
+const MDSNameValuePair MDSEncryptModeNames[] =
+{
+ MNVP(CSSM_ALGMODE_NONE),
+ MNVP(CSSM_ALGMODE_CUSTOM),
+ MNVP(CSSM_ALGMODE_ECB),
+ MNVP(CSSM_ALGMODE_ECBPad),
+ MNVP(CSSM_ALGMODE_CBC),
+ MNVP(CSSM_ALGMODE_CBC_IV8),
+ MNVP(CSSM_ALGMODE_CBCPadIV8),
+ MNVP(CSSM_ALGMODE_CFB),
+ MNVP(CSSM_ALGMODE_CFB_IV8),
+ MNVP(CSSM_ALGMODE_CFBPadIV8),
+ MNVP(CSSM_ALGMODE_OFB),
+ MNVP(CSSM_ALGMODE_OFB_IV8),
+ MNVP(CSSM_ALGMODE_OFBPadIV8),
+ MNVP(CSSM_ALGMODE_COUNTER),
+ MNVP(CSSM_ALGMODE_BC),
+ MNVP(CSSM_ALGMODE_PCBC),
+ MNVP(CSSM_ALGMODE_CBCC),
+ MNVP(CSSM_ALGMODE_OFBNLF),
+ MNVP(CSSM_ALGMODE_PBC),
+ MNVP(CSSM_ALGMODE_PFB),
+ MNVP(CSSM_ALGMODE_CBCPD),
+ MNVP(CSSM_ALGMODE_PUBLIC_KEY),
+ MNVP(CSSM_ALGMODE_PRIVATE_KEY),
+ MNVP(CSSM_ALGMODE_SHUFFLE),
+ MNVP(CSSM_ALGMODE_ECB64),
+ MNVP(CSSM_ALGMODE_CBC64),
+ MNVP(CSSM_ALGMODE_OFB64),
+ MNVP(CSSM_ALGMODE_CFB32),
+ MNVP(CSSM_ALGMODE_CFB16),
+ MNVP(CSSM_ALGMODE_CFB8),
+ MNVP(CSSM_ALGMODE_WRAP),
+ MNVP(CSSM_ALGMODE_PRIVATE_WRAP),
+ MNVP(CSSM_ALGMODE_RELAYX),
+ MNVP(CSSM_ALGMODE_ECB128),
+ MNVP(CSSM_ALGMODE_ECB96),
+ MNVP(CSSM_ALGMODE_CBC128),
+ MNVP(CSSM_ALGMODE_OAEP_HASH),
+ MNVP(CSSM_ALGMODE_PKCS1_EME_V15),
+ MNVP(CSSM_ALGMODE_PKCS1_EME_OAEP),
+ MNVP(CSSM_ALGMODE_PKCS1_EMSA_V15),
+ MNVP(CSSM_ALGMODE_ISO_9796),
+ MNVP(CSSM_ALGMODE_X9_31),
+ MNVP_END
+};
+
+/* CSSM_CSPTYPE */
+const MDSNameValuePair MDSCspTypeNames[] =
+{
+ MNVP(CSSM_CSP_SOFTWARE),
+ MNVP(CSSM_CSP_HARDWARE),
+ MNVP(CSSM_CSP_HYBRID),
+ MNVP_END
+};
+
+/* CSSM_USEE_TAG */
+const MDSNameValuePair MDSUseeTagsNames[] =
+{
+ MNVP(CSSM_USEE_NONE),
+ MNVP(CSSM_USEE_DOMESTIC),
+ MNVP(CSSM_USEE_FINANCIAL),
+ MNVP(CSSM_USEE_KRLE),
+ MNVP(CSSM_USEE_KRENT),
+ MNVP(CSSM_USEE_SSL),
+ MNVP(CSSM_USEE_AUTHENTICATION),
+ MNVP(CSSM_USEE_KEYEXCH),
+ MNVP(CSSM_USEE_MEDICAL),
+ MNVP(CSSM_USEE_INSURANCE),
+ MNVP(CSSM_USEE_WEAK),
+ MNVP_END
+};
+
+/* CSSM_CSP_READER_FLAGS */
+const MDSNameValuePair MDSCspReaderFlagsNames[] =
+{
+ MNVP(CSSM_CSP_RDR_TOKENPRESENT),
+ MNVP(CSSM_CSP_RDR_EXISTS),
+ MNVP(CSSM_CSP_RDR_HW),
+ MNVP_END
+};
+
+/* CSSM_SC_FLAGS */
+const MDSNameValuePair MDSCspScFlagsNames[] =
+{
+ MNVP(CSSM_CSP_TOK_RNG),
+ MNVP(CSSM_CSP_TOK_CLOCK_EXISTS),
+ MNVP_END
+};
+
+/* CSSM_SAMPLE_TYPE */
+const MDSNameValuePair MDSSampleTypeNames[] =
+{
+ MNVP(CSSM_SAMPLE_TYPE_PASSWORD),
+ MNVP(CSSM_SAMPLE_TYPE_HASHED_PASSWORD),
+ MNVP(CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD),
+ MNVP(CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD),
+ MNVP(CSSM_SAMPLE_TYPE_SIGNED_NONCE),
+ MNVP(CSSM_SAMPLE_TYPE_SIGNED_SECRET),
+ MNVP(CSSM_SAMPLE_TYPE_BIOMETRIC),
+ MNVP(CSSM_SAMPLE_TYPE_PROTECTED_BIOMETRIC),
+ MNVP(CSSM_SAMPLE_TYPE_PROMPTED_BIOMETRIC),
+ MNVP(CSSM_SAMPLE_TYPE_THRESHOLD),
+ /* from cssmapple.h */
+ MNVP(CSSM_SAMPLE_TYPE_KEYCHAIN_PROMPT),
+ MNVP(CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK),
+ MNVP(CSSM_SAMPLE_TYPE_KEYCHAIN_CHANGE_LOCK),
+ MNVP(CSSM_SAMPLE_TYPE_PROCESS),
+ MNVP(CSSM_SAMPLE_TYPE_COMMENT),
+ MNVP(CSSM_SAMPLE_TYPE_RETRY_ID),
+ MNVP_END
+};
+
+/* CSSM_CERT_TYPE, CSSM_CERT_ENCODING (cert type in high 16 bits) */
+const MDSNameValuePair MDSCertTypeNames[] =
+{
+ /* CSSM_CERT_TYPE */
+ MNVP(CSSM_CERT_UNKNOWN),
+ MNVP(CSSM_CERT_X_509v1),
+ MNVP(CSSM_CERT_X_509v2),
+ MNVP(CSSM_CERT_X_509v3),
+ MNVP(CSSM_CERT_PGP),
+ MNVP(CSSM_CERT_PGP),
+ MNVP(CSSM_CERT_SDSIv1),
+ MNVP(CSSM_CERT_Intel),
+ MNVP(CSSM_CERT_X_509_ATTRIBUTE),
+ MNVP(CSSM_CERT_X9_ATTRIBUTE),
+ MNVP(CSSM_CERT_TUPLE),
+ MNVP(CSSM_CERT_ACL_ENTRY),
+ MNVP(CSSM_CERT_MULTIPLE),
+ /* CSSM_CERT_ENCODING */
+ MNVP(CSSM_CERT_ENCODING_UNKNOWN),
+ MNVP(CSSM_CERT_ENCODING_CUSTOM),
+ MNVP(CSSM_CERT_ENCODING_BER),
+ MNVP(CSSM_CERT_ENCODING_DER),
+ MNVP(CSSM_CERT_ENCODING_NDR),
+ MNVP(CSSM_CERT_ENCODING_SEXPR),
+ MNVP(CSSM_CERT_ENCODING_PGP),
+ MNVP(CSSM_CERT_ENCODING_MULTIPLE),
+ MNVP_END
+};
+
+/* CSSM_CRL_TYPE, CSSM_CRL_ENCODING (CRL type in high 16 bits) */
+const MDSNameValuePair MDSCrlTypeNames[] =
+{
+ /* CSSM_CRL_TYPE */
+ MNVP(CSSM_CRL_TYPE_UNKNOWN),
+ MNVP(CSSM_CRL_TYPE_X_509v1),
+ MNVP(CSSM_CRL_TYPE_X_509v2),
+ MNVP(CSSM_CRL_TYPE_SPKI),
+ MNVP(CSSM_CRL_TYPE_MULTIPLE),
+ /* CSSM_CRL_ENCODING */
+ MNVP(CSSM_CRL_ENCODING_UNKNOWN),
+ MNVP(CSSM_CRL_ENCODING_CUSTOM),
+ MNVP(CSSM_CRL_ENCODING_BER),
+ MNVP(CSSM_CRL_ENCODING_DER),
+ MNVP(CSSM_CRL_ENCODING_BLOOM),
+ MNVP(CSSM_CRL_ENCODING_SEXPR),
+ MNVP(CSSM_CRL_ENCODING_MULTIPLE),
+ MNVP_END
+};
+
+/* CSSM_CERT_BUNDLE_TYPE, CSSM_CERT_BUNDLE_ENCODING (bundle type in high 16 bits) */
+const MDSNameValuePair MDSCertBundleTypeNames[] =
+{
+ /* CSSM_CERT_BUNDLE_TYPE */
+ MNVP(CSSM_CERT_BUNDLE_UNKNOWN),
+ MNVP(CSSM_CERT_BUNDLE_CUSTOM),
+ MNVP(CSSM_CERT_BUNDLE_PKCS7_SIGNED_DATA),
+ MNVP(CSSM_CERT_BUNDLE_PKCS7_SIGNED_ENVELOPED_DATA),
+ MNVP(CSSM_CERT_BUNDLE_PKCS12),
+ MNVP(CSSM_CERT_BUNDLE_PFX),
+ MNVP(CSSM_CERT_BUNDLE_SPKI_SEQUENCE),
+ MNVP(CSSM_CERT_BUNDLE_PGP_KEYRING),
+ /* CSSM_CERT_BUNDLE_ENCODING */
+ MNVP(CSSM_CERT_BUNDLE_ENCODING_UNKNOWN),
+ MNVP(CSSM_CERT_BUNDLE_ENCODING_CUSTOM),
+ MNVP(CSSM_CERT_BUNDLE_ENCODING_BER),
+ MNVP(CSSM_CERT_BUNDLE_ENCODING_DER),
+ MNVP(CSSM_CERT_BUNDLE_ENCODING_SEXPR),
+ MNVP(CSSM_CERT_BUNDLE_PFX),
+ MNVP(CSSM_CERT_BUNDLE_ENCODING_PGP),
+ MNVP_END
+};
+
+/* CSSM_CL_TEMPLATE_TYPE */
+const MDSNameValuePair MDSCertTemplateTypeNames[] =
+{
+ MNVP(CSSM_CL_TEMPLATE_INTERMEDIATE_CERT),
+ MNVP(CSSM_CL_TEMPLATE_PKIX_CERTTEMPLATE),
+ MNVP_END
+};
+
+/* CSSM_TP_AUTHORITY_REQUEST_CERTISSUE */
+const MDSNameValuePair MDSTpAuthRequestNames[] =
+{
+ MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTISSUE),
+ MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTREVOKE),
+ MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTSUSPEND),
+ MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTRESUME),
+ MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTVERIFY),
+ MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTNOTARIZE),
+ MNVP(CSSM_TP_AUTHORITY_REQUEST_CERTUSERECOVER),
+ MNVP(CSSM_TP_AUTHORITY_REQUEST_CRLISSUE),
+ MNVP_END
+};
+
+/* CSSM_DLTYPE */
+const MDSNameValuePair MDSDlTypeNames[] =
+{
+ MNVP(CSSM_DL_UNKNOWN),
+ MNVP(CSSM_DL_CUSTOM),
+ MNVP(CSSM_DL_LDAP),
+ MNVP(CSSM_DL_ODBC),
+ MNVP(CSSM_DL_PKCS11),
+ MNVP(CSSM_DL_FFS),
+ MNVP(CSSM_DL_MEMORY),
+ MNVP(CSSM_DL_REMOTEDIR),
+ MNVP_END
+};
+
+/* CSSM_DB_CONJUNCTIVE */
+const MDSNameValuePair MDSDbConjunctiveNames[] =
+{
+ MNVP(CSSM_DB_NONE),
+ MNVP(CSSM_DB_AND),
+ MNVP(CSSM_DB_OR),
+ MNVP_END
+};
+
+/* CSSM_DB_OPERATOR */
+const MDSNameValuePair MDSDbOperatorNames[] =
+{
+ MNVP(CSSM_DB_EQUAL),
+ MNVP(CSSM_DB_NOT_EQUAL),
+ MNVP(CSSM_DB_LESS_THAN),
+ MNVP(CSSM_DB_GREATER_THAN),
+ MNVP(CSSM_DB_CONTAINS),
+ MNVP(CSSM_DB_CONTAINS_INITIAL_SUBSTRING),
+ MNVP(CSSM_DB_CONTAINS_FINAL_SUBSTRING),
+ MNVP_END
+};
+
+/* CSSM_NET_PROTOCOL */
+const MDSNameValuePair MDSNetProtocolNames[] =
+{
+ MNVP(CSSM_NET_PROTO_NONE),
+ MNVP(CSSM_NET_PROTO_CUSTOM),
+ MNVP(CSSM_NET_PROTO_UNSPECIFIED),
+ MNVP(CSSM_NET_PROTO_LDAP),
+ MNVP(CSSM_NET_PROTO_LDAPS),
+ MNVP(CSSM_NET_PROTO_LDAPNS),
+ MNVP(CSSM_NET_PROTO_X500DAP),
+ MNVP(CSSM_NET_PROTO_FTP),
+ MNVP(CSSM_NET_PROTO_FTPS),
+ MNVP(CSSM_NET_PROTO_OCSP),
+ MNVP(CSSM_NET_PROTO_CMP),
+ MNVP(CSSM_NET_PROTO_CMPS),
+ MNVP_END
+};
+
+/* CSSM_DB_RETRIEVAL_MODES */
+const MDSNameValuePair MDSDbRetrievalModeNames[] =
+{
+ MNVP(CSSM_DB_TRANSACTIONAL_MODE),
+ MNVP(CSSM_DB_FILESYSTEMSCAN_MODE),
+ MNVP_END
+};
+
+/* CSSM_KR_POLICY_TYPE */
+/* FIXME the spec is kind of ambiguous - do we want
+ * CSSM_KR_POLICY_TYPE or CSSM_KR_POLICY_FLAGS? */
+const MDSNameValuePair MDSKrPolicyTypeNames[] =
+{
+ MNVP(CSSM_KR_INDIV_POLICY),
+ MNVP(CSSM_KR_ENT_POLICY),
+ MNVP(CSSM_KR_LE_MAN_POLICY),
+ MNVP(CSSM_KR_LE_USE_POLICY),
+ MNVP_END
+};
+
+
+#if 0
+/* not used; superceded by MDSRecordTypeNameToRelation() */
+/* CSSM_DB_RECORDTYPE */
+const MDSNameValuePair MDSRecordTypeNames[] =
+{
+ MNVP(MDS_CDSADIR_CSSM_RECORDTYPE),
+ MNVP(MDS_CDSADIR_KRMM_RECORDTYPE),
+ MNVP(MDS_CDSADIR_EMM_RECORDTYPE),
+ MNVP(MDS_CDSADIR_COMMON_RECORDTYPE),
+ MNVP(MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE),
+ MNVP(MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE),
+ MNVP(MDS_CDSADIR_CSP_ENCAPSULATED_PRODUCT_RECORDTYPE),
+ MNVP(MDS_CDSADIR_CSP_SC_INFO_RECORDTYPE),
+ MNVP(MDS_CDSADIR_DL_PRIMARY_RECORDTYPE),
+ MNVP(MDS_CDSADIR_DL_ENCAPSULATED_PRODUCT_RECORDTYPE),
+ MNVP(MDS_CDSADIR_CL_PRIMARY_RECORDTYPE),
+ MNVP(MDS_CDSADIR_CL_ENCAPSULATED_PRODUCT_RECORDTYPE),
+ MNVP(MDS_CDSADIR_TP_PRIMARY_RECORDTYPE),
+ MNVP(MDS_CDSADIR_TP_OIDS_RECORDTYPE),
+ MNVP(MDS_CDSADIR_TP_ENCAPSULATED_PRODUCT_RECORDTYPE),
+ MNVP(MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE),
+ MNVP(MDS_CDSADIR_AC_PRIMARY_RECORDTYPE),
+ MNVP(MDS_CDSADIR_KR_PRIMARY_RECORDTYPE),
+ MNVP(MDS_CDSADIR_EMM_RECORDTYPE),
+ MNVP(MDS_CDSADIR_MDS_SCHEMA_RELATIONS),
+ MNVP(MDS_CDSADIR_MDS_SCHEMA_ATTRIBUTES),
+ MNVP(MDS_CDSADIR_MDS_SCHEMA_INDEXES),
+ MNVP_END
+};
+#endif
+
+static bool isNumericStr(
+ const char *str,
+ bool hexOK)
+{
+ while(*str) {
+ char c = *str++;
+ if(isdigit(c)) {
+ continue;
+ }
+ if(hexOK) {
+ if((c >= 'a') && (c <= 'f')) {
+ continue;
+ }
+ if((c >= 'A') && (c <= 'F')) {
+ continue;
+ }
+ }
+ return false;
+ }
+ return true;
+}
+
+/* convert ASCII hex digit - assumed validated already */
+unsigned char hexDigit(
+ unsigned char d)
+{
+ if((d >= '0') && (d <= '9')) {
+ return d - '0';
+ }
+ else if((d >= 'a') && (d <= 'f')) {
+ return d - 'a' + 10;
+ }
+ else {
+ return d - 'A' + 10;
+ }
+}
+
+static unsigned strToHex(
+ const char *str)
+{
+ unsigned rtn = 0;
+ while(*str) {
+ rtn <<= 4;
+ rtn |= hexDigit(*str++);
+ }
+ return rtn;
+}
+
+/*
+ * Core routine to convert a single string token to a uint32. Incoming token can
+ * be in the form of a string from the specified MDSNameValuePair table or a literal
+ * number, either in hex (prefix "0x") or decimal. Tokens in any form may be
+ * prefixed by "<<" indicating the value is to be shifted left by 16 bits.
+ */
+CSSM_RETURN MDSAttrNameToValue(
+ const char *name,
+ const MDSNameValuePair *table, // optional, string must be decimal or hex if NULL
+ uint32 &value) // RETURNED
+{
+ if(name == NULL) {
+ return CSSMERR_CSSM_MDS_ERROR;
+ }
+ if(*name == '\0') {
+ /* empty string, legal */
+ value = 0;
+ return CSSM_OK;
+ }
+
+ /* prefixed by "<<"? */
+ bool shiftBy16 = false;
+ if((name != NULL) && (name[0] == '<') && (name[1] == '<')) {
+ shiftBy16 = true;
+ name += 2;
+ }
+
+ /* attempt to find the string in lookup table */
+ if(table != NULL) {
+ while(table->name != NULL) {
+ if(!strcmp(table->name, name)) {
+ value = table->value;
+ if(shiftBy16) {
+ value <<= 16;
+ }
+ return CSSM_OK;
+ }
+ table++;
+ }
+ }
+
+ /* not found - is the string a number? */
+ if(isdigit(name[0])) {
+ bool isNum;
+ bool isHex = false;
+ if((name[0] == '0') && (name[1] == 'x')) {
+ /* hex - skip first two chars */
+ isHex = true;
+ name += 2;
+ isNum = isNumericStr(name, true);
+ }
+ else {
+ isNum = isNumericStr(name, false);
+ }
+ if(!isNum) {
+ return CSSMERR_CSSM_MDS_ERROR;
+ }
+ if(isHex) {
+ value = strToHex(name);
+ }
+ else {
+ value = atoi(name);
+ }
+ if(shiftBy16) {
+ value <<= 16;
+ }
+ return CSSM_OK;
+ }
+ else {
+ /* not a number */
+ return CSSMERR_CSSM_MDS_ERROR;
+ }
+}
+
+
+} // end namespace Security
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: MDSAttrStrings.h
+
+ Contains: Static tables to map attribute names to numeric values.
+
+ Copyright: (c) 2001 Apple Computer, Inc., all rights reserved.
+*/
+
+#ifndef _MDS_ATTR_STRINGS_H_
+#define _MDS_ATTR_STRINGS_H_ 1
+
+#include <Security/cssmtype.h>
+
+namespace Security
+{
+
+/*
+ * Each type of attribute has a name/value pair in a table of these:
+ */
+typedef struct {
+ uint32 value;
+ const char *name;
+} MDSNameValuePair;
+
+/*
+ * Various tables.
+ */
+
+/* attributes in Object and Common relations */
+extern const MDSNameValuePair MDSServiceNames[]; // CSSM_SERVICE_MASK
+
+/* CSP attributes */
+extern const MDSNameValuePair MDSContextTypeNames[]; // CSSM_CONTEXT_TYPE
+extern const MDSNameValuePair MDSAttributeTypeNames[]; // CSSM_ATTRIBUTE_TYPE
+extern const MDSNameValuePair MDSPaddingNames[]; // CSSM_PADDING
+extern const MDSNameValuePair MDSCspFlagsNames[]; // CSSM_CSP_FLAGS
+extern const MDSNameValuePair MDSAlgorithmNames[]; // CSSM_ALGORITHMS
+extern const MDSNameValuePair MDSEncryptModeNames[]; // CSSM_ENCRYPT_MODE
+extern const MDSNameValuePair MDSCspTypeNames[]; // CSSM_CSPTYPE
+extern const MDSNameValuePair MDSUseeTagsNames[]; // CSSM_USEE_TAG
+extern const MDSNameValuePair MDSCspReaderFlagsNames[]; // CSSM_CSP_READER_FLAGS
+extern const MDSNameValuePair MDSCspScFlagsNames[]; // CSSM_SC_FLAGS
+
+/* CL attributes */
+extern const MDSNameValuePair MDSCertTypeNames[]; // CSSM_CERT_TYPE
+extern const MDSNameValuePair MDSCrlTypeNames[]; // CSSM_CRL_TYPE
+extern const MDSNameValuePair MDSCertBundleTypeNames[]; // CSSM_CERT_BUNDLE_TYPE
+extern const MDSNameValuePair MDSCertTemplateTypeNames[];
+ // CSSM_CL_TEMPLATE_TYPE
+
+/* TP attributes */
+/* CSSM_TP_AUTHORITY_REQUEST_CERTISSUE */
+extern const MDSNameValuePair MDSTpAuthRequestNames[];
+ // CSSM_TP_AUTHORITY_REQUEST_CERTISSUE
+
+/* DL attributes */
+extern const MDSNameValuePair MDSDlTypeNames[]; // CSSM_DLTYPE
+extern const MDSNameValuePair MDSDbConjunctiveNames[]; // CSSM_DB_CONJUNCTIVE
+extern const MDSNameValuePair MDSDbOperatorNames[]; // CSSM_DB_OPERATOR
+extern const MDSNameValuePair MDSNetProtocolNames[]; // CSSM_NET_PROTOCOL
+extern const MDSNameValuePair MDSDbRetrievalModeNames[];// CSSM_DB_RETRIEVAL_MODES
+
+/* misc. */
+extern const MDSNameValuePair MDSAclSubjectTypeNames[]; // CSSM_ACL_SUBJECT_TYPE
+extern const MDSNameValuePair MDSAclAuthTagNames[]; // CSSM_ACL_AUTHORIZATION_TAG
+extern const MDSNameValuePair MDSSampleTypeNames[]; // CSSM_SAMPLE_TYPE
+extern const MDSNameValuePair MDSKrPolicyTypeNames[]; // CSSM_KR_POLICY_TYPE
+
+// extern const MDSNameValuePair MDSRecordTypeNames[]; // CSSM_DB_RECORDTYPE
+
+/*
+ * Use this function to convert a name, e.g. "CSSM_ALGCLASS_SIGNATURE", to
+ * its associated value as a uint32. Caller specifies proper lookup table
+ * as an optimization to avoid grunging thru entire CDSA namespace on every
+ * lookup.
+ *
+ * If the specified name is not found, or if no MDSNameValuePair is specified,
+ * an attempt will be made to convert the incoming string to a number as if
+ * it were an ASCII hex (starts with "0x") or decimal (starts with any other numeric
+ * string) string. If that fails, CSSMERR_CSSM_MDS_ERROR is returned.
+ *
+ * Values can be prefixed with "<<" indicating that the indicated
+ * value is to be shifted 16 bits. Cf. CL Primary Relation, {Cert,Crl}TypeFormat.
+ * This applies to both numeric and string tokens.
+ */
+CSSM_RETURN MDSAttrNameToValue(
+ const char *name,
+ const MDSNameValuePair *table,
+ uint32 &value); // RETURNED
+
+} // end namespace Security
+
+#endif /* _MDS_ATTR_STRINGS_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: MDSAttrUtils.cpp
+
+ Contains: Stateless functions used by MDSAttrParser.
+
+ Copyright: (c) 2001 Apple Computer, Inc., all rights reserved.
+*/
+
+#include "MDSAttrUtils.h"
+#include <Security/cssmerrno.h>
+#include <strings.h>
+
+namespace Security
+{
+
+/*
+ * Fill in one CSSM_DB_ATTRIBUTE_DATA with specified data, type and attribute name.
+ * CSSM_DB_ATTRIBUTE_DATA.Value and its referent are new[]'d and copied.
+ * Assumes:
+ * -- AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING
+ * -- NumberOfValues = 1
+ */
+void MDSRawValueToDbAttr(
+ const void *value,
+ size_t len,
+ CSSM_DB_ATTRIBUTE_FORMAT attrFormat, // CSSM_DB_ATTRIBUTE_FORMAT_STRING, etc.
+ const char *attrName,
+ CSSM_DB_ATTRIBUTE_DATA &attr,
+ uint32 numValues)
+{
+ CSSM_DB_ATTRIBUTE_INFO_PTR attrInfo = &attr.Info;
+ attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ attrInfo->Label.AttributeName = const_cast<char *>(attrName);
+ attrInfo->AttributeFormat = attrFormat;
+ attr.NumberOfValues = numValues;
+ attr.Value = new CSSM_DATA[1];
+ attr.Value->Data = new uint8[len];
+ attr.Value->Length = len;
+ memcpy(attr.Value->Data, value, len);
+}
+
+
+/*
+ * Free data new[]'d in the above function.
+ */
+void MDSFreeDbRecordAttrs(
+ CSSM_DB_ATTRIBUTE_DATA *attrs,
+ unsigned numAttrs)
+{
+ uint32 i;
+ for(i=0; i<numAttrs; i++) {
+ assert(attrs->Value != NULL);
+ delete [] attrs->Value->Data;
+ attrs->Value->Data = NULL;
+ attrs->Value->Length = 0;
+ delete [] attrs->Value;
+ attrs->Value = NULL;
+ attrs++;
+ }
+}
+
+/* safely get a new[]'d C string from a CFString */
+char *MDSCFStringToCString(
+ CFStringRef cfStr)
+{
+ char *rtn = NULL;
+ unsigned len = CFStringGetLength(cfStr) + 1;
+ rtn = new char[len];
+ if(rtn) {
+ CFStringGetCString(cfStr, rtn, len, CFStringGetSystemEncoding());
+ }
+ return rtn;
+}
+
+/* copy a new[]'d C string from a C string */
+char *MDSCopyCstring(
+ const char *inStr)
+{
+ char *outStr = new char[::strlen(inStr) + 1];
+ strcpy(outStr, inStr);
+ return outStr;
+}
+
+/*
+ * Given a CFTypeRef which is either a CFString, a CFNumber, or a CFBoolean,
+ * do our best to convert it to a uint32. If it's a CFString, we'll use a
+ * MDSNameValuePair to convert it. CFStrings expressed as decimal numbers
+ * are also converted properly. (MAYBE we'll convert hex strings too...TBD...)
+ * Returns true if conversion was successful.
+ */
+bool MDSCfTypeToInt(
+ CFTypeRef cfValue,
+ const MDSNameValuePair *nameValues, // optional for converting strings to numbers
+ const char *key, // for debug logging only
+ uint32 &iValue) // RETURNED
+{
+ assert(cfValue != NULL);
+ CFTypeID valueType = CFGetTypeID(cfValue);
+ if(valueType == CFStringGetTypeID()) {
+ CSSM_RETURN crtn = MDSStringToUint32((CFStringRef)cfValue,
+ nameValues, iValue);
+ if(crtn) {
+ MPDebug("cfTypeToInt: key %s uint32 form, string data (%s), "
+ "bad conv", key,
+ CFStringGetCStringPtr((CFStringRef)cfValue,
+ CFStringGetSystemEncoding()));
+ return false;
+ }
+ return true;
+ } /* stored as string */
+ else if(valueType == CFNumberGetTypeID()) {
+ /* be paranoid - there is no unsigned type for CFNumber */
+ CFNumberRef cfNum = (CFNumberRef)cfValue;
+ CFNumberType numType = CFNumberGetType(cfNum);
+ switch(numType) {
+ case kCFNumberSInt8Type:
+ case kCFNumberSInt16Type:
+ case kCFNumberSInt32Type:
+ case kCFNumberCharType:
+ case kCFNumberShortType:
+ case kCFNumberIntType:
+ case kCFNumberLongType:
+ case kCFNumberSInt64Type: // apparently the default
+ /* OK */
+ break;
+ default:
+ MPDebug("MDS cfTypeToInt: Bad CFNumber type (%d) key %s", numType, key);
+ return false;
+ }
+ Boolean brtn = CFNumberGetValue(cfNum, kCFNumberLongType, &iValue);
+ if(!brtn) {
+ MPDebug("MDS cfTypeToInt: Bad CFNumber conversion");
+ return false;
+ }
+ return true;
+ } /* stored as number */
+ else if(valueType == CFBooleanGetTypeID()) {
+ Boolean b = CFBooleanGetValue((CFBooleanRef)cfValue);
+ iValue = b ? 1 : 0;
+ return true;
+ }
+ else {
+ MPDebug("MDS cfTypeToInt: key %s, uint32 form, bad CF type (%d)",
+ key, (int)valueType);
+ return false;
+ }
+}
+
+/*
+ * Insert a record, defined by a CSSM_DB_ATTRIBUTE_DATA array, into specified
+ * DL and DB. Returns true on success.
+ */
+bool MDSInsertRecord(
+ const CSSM_DB_ATTRIBUTE_DATA *inAttr,
+ unsigned numAttrs,
+ CSSM_DB_RECORDTYPE recordType,
+ MDSSession &dl,
+ CSSM_DB_HANDLE dbHand)
+{
+ CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrData;
+ CSSM_DB_UNIQUE_RECORD_PTR uid = NULL;
+ bool ourRtn = true;
+
+ recordAttrData.DataRecordType = recordType;
+ recordAttrData.SemanticInformation = 0;
+ recordAttrData.NumberOfAttributes = numAttrs;
+ recordAttrData.AttributeData =
+ const_cast<CSSM_DB_ATTRIBUTE_DATA_PTR>(inAttr);
+
+ try {
+ dl.DataInsert(dbHand,
+ recordType,
+ &recordAttrData,
+ NULL,
+ uid);
+ }
+ catch (const CssmError &cerr) {
+ MPDebug("MDSInsertRecord: DataInsert: %s",
+ cssmErrorString(cerr).c_str());
+ ourRtn = false;
+ }
+ catch(...) {
+ MPDebug("MDSInsertRecord: DataInsert: unknown exception");
+ ourRtn = false;
+ }
+ if(uid != NULL) {
+ dl.FreeUniqueRecord(dbHand, *uid);
+ }
+ return ourRtn;
+}
+
+/*
+ * Convert a number expressed as a CFString to a uint32 using the specified
+ * name/value conversion table. The string may have multiple fields from that
+ * table, ORd together in normal C syntax. Like
+ *
+ * CSSM_SERVICE_CSP | CSSM_SERVICE_DL
+ *
+ * Individual tokens can also be expressed numerically, either in decimal or
+ * (if prefaced by "0x" hex. Numeric tokens and symbolic string tokens can
+ * be intermixed in the same incoming string.
+ *
+ * Individual tokens can be prefixed with "<<" indicating that the indicated
+ * value is to be shifted 16 bits. Cf. CL Primary Relation, {Cert,Crl}TypeFormat.
+ * This applies to both numeric and string tokens.
+ */
+CSSM_RETURN MDSStringToUint32(
+ CFStringRef str,
+ const MDSNameValuePair *table, // optional, string must be decimal
+ uint32 &value)
+{
+ char *cstr = MDSCFStringToCString(str);
+ if(cstr == NULL) {
+ /* should "never" happen...right? */
+ MPDebug("MDSStringToUint32: CFString conversion error");
+ return CSSMERR_CSSM_MDS_ERROR;
+ }
+
+ char tokenStr[200];
+ char *src = cstr;
+ char *dst = tokenStr;
+ char c;
+ CSSM_RETURN crtn = CSSM_OK;
+
+ value = 0;
+ while(*src != '\0') {
+ /* Get one token from src --> tokenStr[] */
+ /* First skip whitespace and '|' */
+ for( ; *src != '\0'; src++) {
+ c = *src;
+ if(!isspace(c) && (c != '|')) {
+ /* first char of token */
+ *dst++ = c;
+ src++;
+ break;
+ }
+ }
+ if((*src == '\0') && (dst == tokenStr)) {
+ /* done */
+ break;
+ }
+
+ /* dst[-1] is the first good character of token; copy until
+ * space or '|' */
+ for( ; *src != '\0'; src++) {
+ c = *src;
+ if(isspace(c) || (c == '|')) {
+ break;
+ }
+ else {
+ *dst++ = c;
+ }
+ }
+
+ /* NULL terminate token string, convert to numeric value */
+ *dst = '\0';
+ uint32 tokenVal = 0;
+ CSSM_RETURN crtn = MDSAttrNameToValue(tokenStr, table, tokenVal);
+ if(crtn) {
+ /* punt */
+ break;
+ }
+ value |= tokenVal;
+
+ /* restart */
+ dst = tokenStr;
+ }
+ delete [] cstr;
+ return crtn;
+}
+
+} // end namespace Security
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: MDSAttrUtils.h
+
+ Contains: Stateless functions used by MDSAttrParser.
+
+ Copyright: (c) 2001 Apple Computer, Inc., all rights reserved.
+*/
+
+#ifndef _MDS_ATTR_UTILS_H_
+#define _MDS_ATTR_UTILS_H_ 1
+
+#include <Security/cssmtype.h>
+#include <Security/debugging.h>
+#include <CoreFoundation/CoreFoundation.h>
+#include "MDSAttrStrings.h"
+#include "MDSSession.h"
+
+/* log parsing events */
+#define MPDebug(args...) debug("MDS_Parse", ## args)
+
+/* log scanning events */
+#define MSDebug(args...) debug("MDS_Scan", ## args)
+
+/*
+ * I can't believe that CFRelease does not do this...
+ */
+#define CF_RELEASE(c) if(c != NULL) { CFRelease(c); c = NULL; }
+
+namespace Security
+{
+
+/*
+ * Fill in one CSSM_DB_ATTRIBUTE_DATA with specified data, type and attribute name.
+ * CSSM_DB_ATTRIBUTE_DATA.Value and its referent are new[]'d and copied.
+ * Assumes:
+ * -- AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING
+ */
+extern void MDSRawValueToDbAttr(
+ const void *value,
+ size_t len,
+ CSSM_DB_ATTRIBUTE_FORMAT attrFormat, // CSSM_DB_ATTRIBUTE_FORMAT_STRING, etc.
+ const char *attrName,
+ CSSM_DB_ATTRIBUTE_DATA &attr,
+ uint32 numValues = 1);
+
+/*
+ * Free data new[]'d in the above function.
+ */
+extern void MDSFreeDbRecordAttrs(
+ CSSM_DB_ATTRIBUTE_DATA *attrs,
+ unsigned numAttrs);
+
+
+/* safely get a new[]'d C string from a CFString */
+char *MDSCFStringToCString(
+ CFStringRef cfStr);
+
+/* copy a new[]'d C string from a C string */
+char *MDSCopyCstring(
+ const char *inStr);
+
+/*
+ * Given a CFTypeRef which is either a CFString or a CFNumber, do our best to
+ * convert it to a uint32. If it's a CFString, we'll use a MDSNameValuePair
+ * to convert it. CFStrings expressed as decimal numbers are also converted
+ * properly. (MAYBE we'll convert hex strings too...TBD...)
+ * Returns true if conversion was successful.
+ */
+bool MDSCfTypeToInt(
+ CFTypeRef cfValue,
+ const MDSNameValuePair *nameValues, // optional for converting strings to numbers
+ const char *key, // for debug logging only
+ uint32 &value); // RETURNED
+
+/*
+ * Insert a record, defined by a CSSM_DB_ATTRIBUTE_DATA array, into specified
+ * DL and DB. Returns true on success.
+ */
+bool MDSInsertRecord(
+ const CSSM_DB_ATTRIBUTE_DATA *inAttr,
+ unsigned numAttrs,
+ CSSM_DB_RECORDTYPE recordType,
+ MDSSession &dl,
+ CSSM_DB_HANDLE dbHand);
+
+/*
+ * Convert a number expressed as a CFString to a uint32 using the specified
+ * name/value conversion table. The string may have multiple fields from that
+ * table, ORd together in normal C syntax. Like
+ *
+ * CSSM_SERVICE_CSP | CSSM_SERVICE_DL
+ */
+CSSM_RETURN MDSStringToUint32(
+ CFStringRef str,
+ const MDSNameValuePair *table,
+ uint32 &value); // RETURNED
+
+
+} // end namespace Security
+
+#endif /* _MDS_ATTR_UTILS_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: MDSDictionary.cpp
+
+ Contains: Internal representation of one MDS info file in the form of
+ a CFDictionary.
+
+ Copyright: (c) 2001 Apple Computer, Inc., all rights reserved.
+*/
+
+#include "MDSDictionary.h"
+#include "MDSAttrParser.h"
+#include "MDSAttrUtils.h"
+#include <Security/cssmerrno.h>
+#include <Security/utilities.h>
+#include <Security/logging.h>
+
+namespace Security
+{
+
+/* heavyweight constructor from file */
+MDSDictionary::MDSDictionary(
+ CFURLRef fileUrl,
+ const char *fullPath) // could get from fileUrl, but very messy!
+ : mDict(NULL),
+ mWeOwnDict(false),
+ mUrlPath(NULL),
+ mFileDesc(NULL)
+{
+ CFDataRef dictData = NULL;
+ CFStringRef cfErr = NULL;
+
+ assert(fileUrl != NULL);
+ mUrlPath = MDSCopyCstring(fullPath);
+ MPDebug("Creating MDSDictionary from %s", mUrlPath);
+
+ /* Load data from URL */
+ SInt32 uerr;
+ Boolean brtn = CFURLCreateDataAndPropertiesFromResource(
+ NULL,
+ fileUrl,
+ &dictData,
+ NULL, // properties
+ NULL, // desiredProperties
+ &uerr);
+ if(!brtn) {
+ Syslog::alert("Error reading MDS file %s: %d", mUrlPath, uerr);
+ CssmError::throwMe(CSSMERR_CSSM_MDS_ERROR);
+ }
+
+ /* if it's not a dictionary, we don't want it */
+ mDict = reinterpret_cast<CFDictionaryRef>(
+ CFPropertyListCreateFromXMLData(NULL,
+ dictData,
+ kCFPropertyListImmutable,
+ &cfErr));
+ CFRelease(dictData);
+ if(mDict == NULL) {
+ Syslog::alert("Malformed MDS file %s (1)", mUrlPath);
+ CssmError::throwMe(CSSMERR_CSSM_MDS_ERROR);
+ }
+
+ /* henceforth we must release this dictionary */
+ mWeOwnDict = true;
+ if(CFGetTypeID(mDict) != CFDictionaryGetTypeID()) {
+ Syslog::alert("Malformed MDS file %s (2)", mUrlPath);
+ CssmError::throwMe(CSSMERR_CSSM_MDS_ERROR);
+ }
+ CF_RELEASE(cfErr);
+
+ /* get file description for error logging and debugging */
+ CFStringRef cfStr = (CFStringRef)lookup(CFSTR(MDS_INFO_FILE_DESC),
+ true, CFStringGetTypeID());
+ if(cfStr) {
+ unsigned len = CFStringGetLength(cfStr) + 1;
+ mFileDesc = new char[len];
+ if(mFileDesc) {
+ CFStringGetCString(cfStr, mFileDesc, len,
+ CFStringGetSystemEncoding());
+ }
+ }
+}
+
+/* lightweight constructor from existing CFDictionary */
+MDSDictionary::MDSDictionary(CFDictionaryRef theDict)
+ : mDict(theDict),
+ mWeOwnDict(false),
+ mUrlPath(NULL),
+ mFileDesc(NULL)
+{
+ /* note caller owns and releases the dictionary */
+ if(mDict == NULL) {
+ MPDebug("Malformed MDS file (3)");
+ CssmError::throwMe(CSSMERR_CSSM_MDS_ERROR);
+ }
+ if(CFGetTypeID(mDict) != CFDictionaryGetTypeID()) {
+ MPDebug("Malformed MDS file (4)");
+ CssmError::throwMe(CSSMERR_CSSM_MDS_ERROR);
+ }
+}
+
+MDSDictionary::~MDSDictionary()
+{
+ if(mWeOwnDict) {
+ CF_RELEASE(mDict);
+ }
+ mDict = NULL;
+ delete [] mUrlPath;
+ delete [] mFileDesc;
+}
+
+/* lookup by either C string or CFStringRef - returns NULL on error */
+const void *MDSDictionary::lookup(
+ const char *key,
+ bool checkType,
+ CFTypeID type)
+{
+#if 0
+ CFStringRef cfKey = CFStringCreateWithCStringNoCopy(NULL,
+ key,
+ CFStringGetSystemEncoding(),
+ kCFAllocatorNull);
+#else
+ CFStringRef cfKey = CFStringCreateWithCString(NULL,
+ key,
+ CFStringGetSystemEncoding());
+#endif
+ if(cfKey == NULL) {
+ MPDebug("MDSDictionary::lookup: error creating CFString for key");
+ return NULL;
+ }
+ const void *rtn = lookup(cfKey, checkType, type);
+ CFRelease(cfKey);
+ return rtn;
+
+}
+
+const void *MDSDictionary::lookup(
+ CFStringRef key,
+ bool checkType,
+ CFTypeID type)
+{
+ assert(mDict != NULL);
+ const void *rtn = CFDictionaryGetValue(mDict, key);
+ if(rtn && checkType) {
+ if(CFGetTypeID((CFTypeRef)rtn) != type) {
+ return NULL;
+ }
+ }
+ return rtn;
+}
+
+/*
+ * Common means to perform a lookup in a dictionary given a C-string key and
+ * placing the value - if present - in a CSSM_DB_ATTRIBUTE_DATA. Any errors
+ * are only logged via MPDebug. Returns true if the value was found and
+ * successfully placed in supplied CSSM_DB_ATTRIBUTE_DATA.
+ *
+ * For now we assume that the key in the dictionary is the same as the key
+ * in the DB to which we're writing.
+ *
+ * We're also assuming that all DB keys are of format CSSM_DB_ATTRIBUTE_NAME_AS_STRING.
+ */
+bool MDSDictionary::lookupToDbAttr(
+ const char *key,
+ CSSM_DB_ATTRIBUTE_DATA &attr,
+ CSSM_DB_ATTRIBUTE_FORMAT attrFormat,
+ const MDSNameValuePair *nameValues) // optional for converting strings to numbers
+{
+ assert(mDict != NULL);
+ assert(&attr != NULL);
+
+ CFTypeRef value; // polymorphic dictionary value
+ bool ourRtn = false;
+ const void *srcPtr = NULL; // polymorphic raw source bytes
+ unsigned srcLen;
+ CSSM_STRING cstr;
+ uint32 ival = 0;
+ uint32 *ivalArray = NULL;
+ uint32 numValues = 1; // the default for MDSRawValueToDbAttr
+
+ value = (CFTypeRef)lookup(key);
+ if(value == NULL) {
+ /*
+ * Special case here: we implicitly provide a value for the "Path" key
+ * if it's not in the dictionary and we have it.
+ */
+ if((attrFormat == CSSM_DB_ATTRIBUTE_FORMAT_STRING) &&
+ !strcmp(key, "Path") &&
+ (mUrlPath != NULL)) {
+ MDSRawValueToDbAttr(mUrlPath,
+ strlen(mUrlPath) + 1,
+ attrFormat,
+ key,
+ attr,
+ 1); // numValues
+ return true;
+ }
+ else {
+ return false;
+ }
+ }
+ CFTypeID valueType = CFGetTypeID(value);
+
+ /*
+ * We have the value; could be any type. Handle it based on caller's
+ * CSSM_DB_ATTRIBUTE_FORMAT.
+ */
+ switch(attrFormat) {
+ case CSSM_DB_ATTRIBUTE_FORMAT_STRING:
+ {
+ Boolean brtn;
+
+ if(valueType != CFStringGetTypeID()) {
+ MPDebug("lookupToDbAttr: string format mismatch");
+ break;
+ }
+ brtn = CFStringGetCString((CFStringRef)value, cstr,
+ CSSM_MODULE_STRING_SIZE, CFStringGetSystemEncoding());
+ if(!brtn) {
+ /* this could be "string too large for a CSSM_STRING" */
+ MPDebug("lookupToDbAttr: CFStringGetCString error");
+ }
+ else {
+ srcPtr = cstr;
+ srcLen = strlen(cstr) + 1;
+ ourRtn = true;
+ }
+ break;
+ }
+ case CSSM_DB_ATTRIBUTE_FORMAT_UINT32:
+ {
+ bool brtn = MDSCfTypeToInt(value, nameValues, key, ival);
+ if(!brtn) {
+ MPDebug("MDS lookupToDbAttr: Bad number conversion");
+ return false;
+ }
+ srcPtr = &ival;
+ srcLen = sizeof(uint32);
+ ourRtn = true;
+ break;
+ }
+ case CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32:
+ {
+ /*
+ * This is expressed in the dictionary as an array of numbers.
+ * as in CSSM_DB_ATTRIBUTE_FORMAT_UINT32, each number can be
+ * expressed as either a string or a number.
+ */
+ if(valueType != CFArrayGetTypeID()) {
+ /*
+ * Let's be extremely slick and allow one number here, either
+ * in string or number form....
+ */
+ bool brtn = MDSCfTypeToInt(value, nameValues, key, ival);
+ if(!brtn) {
+ MPDebug("MDS lookupToDbAttr: Bad array element");
+ return false;
+ }
+ srcPtr = &ival;
+ srcLen = sizeof(uint32);
+ ourRtn = true;
+ break;
+ }
+ CFArrayRef cfArray = (CFArrayRef)value;
+ numValues = CFArrayGetCount(cfArray);
+ if(numValues == 0) {
+ /* degenerate case, legal - right? Can AppleDatabase do this? */
+ srcPtr = NULL;
+ srcLen = 0;
+ ourRtn = true;
+ break;
+ }
+
+ /*
+ * malloc an array of uint32s
+ * convert each element in cfArray to a uint32
+ * store as CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32
+ *
+ * Note this does not have to be endian independent; the MDS DBs
+ * are not portable across machines let alone platforms.
+ */
+ ivalArray = new uint32[numValues];
+ unsigned dex;
+ bool brtn;
+ for(dex=0; dex<numValues; dex++) {
+ CFTypeRef elmt = (CFTypeRef)CFArrayGetValueAtIndex(cfArray, dex);
+ if(elmt == NULL) {
+ MPDebug("MDS lookupToDbAttr: key %s: Bad array element (1)", key);
+ delete [] ivalArray;
+ return false;
+ }
+ brtn = MDSCfTypeToInt(elmt, nameValues, key, ivalArray[dex]);
+ if(!brtn) {
+ MPDebug("MDS lookupToDbAttr: key %s Bad element at index %d",
+ key, dex);
+ delete [] ivalArray;
+ return false;
+ }
+ }
+ srcPtr = ivalArray;
+ srcLen = sizeof(uint32) * numValues;
+ ourRtn = true;
+ /*
+ * FIXME - numValues as used by MDSRawValueToDbAttr and placed in
+ * CSSM_DB_ATTRIBUTE_DATA.NumberOfValues, appears to need to be
+ * one even for MULTI_UINT32 format; the number of ints in inferred
+ * from Value.Length....
+ */
+ numValues = 1;
+ break;
+ }
+ case CSSM_DB_ATTRIBUTE_FORMAT_BLOB: // CFData
+ {
+ if(valueType != CFDataGetTypeID()) {
+ MPDebug("lookupToDbAttr: blob/CFData format mismatch");
+ break;
+ }
+ CFDataRef cfData = (CFDataRef)value;
+ srcLen = CFDataGetLength(cfData);
+ srcPtr = CFDataGetBytePtr(cfData);
+ ourRtn = true;
+ break;
+ }
+ case CSSM_DB_ATTRIBUTE_FORMAT_SINT32: // I don't think we support this
+ default:
+ MPDebug("lookupToDbAttr: bad attrForm(%d)", (int)attrFormat);
+ return false;
+ }
+ if(ourRtn) {
+ MDSRawValueToDbAttr(srcPtr, srcLen, attrFormat, key, attr, numValues);
+ }
+ if(ivalArray) {
+ delete [] ivalArray;
+ }
+ return ourRtn;
+}
+
+/*
+ * Given a RelationInfo and an array of CSSM_DB_ATTRIBUTE_DATAs, fill in
+ * the CSSM_DB_ATTRIBUTE_DATA array with as many fields as we can find in
+ * the dictionary. All fields are treated as optional.
+ */
+void MDSDictionary::lookupAttributes(
+ const RelationInfo *relInfo,
+ CSSM_DB_ATTRIBUTE_DATA_PTR outAttrs, // filled in on return
+ uint32 &numAttrs) // RETURNED
+{
+ unsigned dex;
+ const CSSM_DB_ATTRIBUTE_INFO *inAttr = relInfo->AttributeInfo;
+ const MDSNameValuePair **nameValues = relInfo->nameValues;
+
+ assert(relInfo != NULL);
+ numAttrs = 0;
+ for(dex=0; dex<relInfo->NumberOfAttributes; dex++) {
+ bool brtn;
+ const MDSNameValuePair *nvp;
+
+ /* the array itself, or any element in it, can be NULL */
+ if(nameValues != NULL) {
+ nvp = nameValues[dex];
+ }
+ else {
+ nvp = NULL;
+ }
+ brtn = lookupToDbAttr(inAttr->Label.AttributeName,
+ *outAttrs,
+ inAttr->AttributeFormat,
+ nvp);
+ if(brtn) {
+ /* successfully added to dbAttrs */
+ outAttrs++;
+ numAttrs++;
+ }
+ inAttr++; // regardless
+ }
+}
+
+/*
+ * Lookup with file-based indirection. Allows multiple mdsinfo files to share commmon
+ * info from a separate plist file.
+ *
+ * Do a lookup for specified key. If not found, return NULL. If found:
+ * {
+ * if type of value matches desiredType {
+ * return the value;
+ * }
+ * else if type of value is string {
+ * if string starts with "file:" {
+ * attempt to read property list with that filename relative to
+ * specified bundle;
+ * if CFType of that propList matches desiredType {
+ * return newly read propList;
+ * }
+ * }
+ * }
+ * ...else return error;
+ */
+const CFPropertyListRef MDSDictionary::lookupWithIndirect(
+ const char *key,
+ CFBundleRef bundle,
+ CFTypeID desiredType,
+ bool &fetchedFromDisk) // true --> caller must CFRelease the returned
+ // value
+ // false -> it's part of this dictionary
+{
+ CFPropertyListRef ourRtn = NULL;
+ CFDataRef dictData = NULL;
+ CFStringRef cfErr = NULL;
+ SInt32 uerr;
+ Boolean brtn;
+
+
+ assert(key != NULL);
+ assert(bundle != NULL);
+
+ fetchedFromDisk = false;
+
+ /* basic local lookup */
+ CFStringRef cfKey = CFStringCreateWithCString(NULL,
+ key,
+ CFStringGetSystemEncoding());
+ if(cfKey == NULL) {
+ MPDebug("CFStringCreateWithCString error");
+ return NULL;
+ }
+ const void *rtn = CFDictionaryGetValue(mDict, cfKey);
+ CFRelease(cfKey);
+ if(rtn == NULL) {
+ return NULL;
+ }
+ CFTypeID foundType = CFGetTypeID((CFTypeRef)rtn);
+ if(foundType == desiredType) {
+ /* found what we're looking for; done */
+ return (CFPropertyListRef)rtn;
+ }
+
+ /* is it a string which starts with "file:"? */
+ if(foundType != CFStringGetTypeID()) {
+ return NULL;
+ }
+ const char *cVal = MDSCFStringToCString((CFStringRef)rtn);
+ if(cVal == NULL) {
+ MPDebug("MDSCFStringToCString error in lookupWithIndirect");
+ return NULL;
+ }
+ if(strstr(cVal, "file:") != cVal) {
+ delete [] cVal;
+ return NULL;
+ }
+ /* delete [] cval on return */
+
+ /* OK, this specifies a resource file in the bundle. Fetch it. */
+ CFStringRef cfFileName = CFStringCreateWithCString(NULL,
+ cVal + 5,
+ CFStringGetSystemEncoding());
+ if(cfFileName == NULL) {
+ MPDebug("lookupWithIndirect: bad file name spec");
+ goto abort;
+ }
+ CFURLRef fileUrl;
+ fileUrl = CFBundleCopyResourceURL(bundle,
+ cfFileName,
+ NULL,
+ NULL);
+ if(fileUrl == NULL) {
+ MPDebug("lookupWithIndirect: file %s not found", cVal);
+ goto abort;
+ }
+
+ MPDebug("Fetching indirect resource %s", cVal);
+
+ /* Load data from URL */
+ brtn = CFURLCreateDataAndPropertiesFromResource(
+ NULL,
+ fileUrl,
+ &dictData,
+ NULL, // properties
+ NULL, // desiredProperties
+ &uerr);
+ if(!brtn) {
+ MPDebug("lookupWithIndirect: error %d reading %s", (int)uerr, cVal);
+ goto abort;
+ }
+
+ /* if it's not a property list, we don't want it */
+ ourRtn = CFPropertyListCreateFromXMLData(NULL,
+ dictData,
+ kCFPropertyListImmutable,
+ &cfErr);
+ if(ourRtn == NULL) {
+ MPDebug("lookupWithIndirect: %s malformed (not a prop list)", cVal);
+ goto abort;
+ }
+
+ /* if it doesn't match the caller's spec, we don't want it */
+ if(CFGetTypeID(ourRtn) != desiredType) {
+ MPDebug("lookupWithIndirect: %s malformed (mismatch)", cVal);
+ CF_RELEASE(ourRtn);
+ ourRtn = NULL;
+ goto abort;
+ }
+
+ MPDebug("lookupWithIndirect: resource %s FOUND", cVal);
+ fetchedFromDisk = true;
+
+abort:
+ delete [] cVal;
+ CF_RELEASE(cfFileName);
+ CF_RELEASE(fileUrl);
+ CF_RELEASE(dictData);
+ CF_RELEASE(cfErr);
+ return ourRtn;
+}
+
+} // end namespace Security
--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+/*
+ File: MDSDictionary.h
+
+ Contains: Internal representation of one MDS info file.
+
+ Copyright: (c) 2001 Apple Computer, Inc., all rights reserved.
+*/
+
+#ifndef _MDS_DICTIONARY_H_
+#define _MDS_DICTIONARY_H_ 1
+
+#include <Security/cssmtype.h>
+#include <Security/MDSSession.h>
+#include <Security/MDSAttrStrings.h>
+#include <CoreFoundation/CoreFoundation.h>
+
+namespace Security
+{
+
+class MDSDictionary
+{
+public:
+ /* heavyweight constructor from file */
+ MDSDictionary(
+ CFURLRef fileUrl,
+ const char *fullPath);
+
+ /* lightweight constructor from existing CFDictionary */
+ MDSDictionary(
+ CFDictionaryRef theDict);
+
+ ~MDSDictionary();
+
+ /*
+ * Lookup by either C string or CFStringRef. Optionally checks for
+ * CFTypeID of resulting value. Both return NULL on error (either key not
+ * found or wrong CFTypeID).
+ */
+ const void *lookup(
+ const char *key,
+ bool checkType = false, // since we really don't know if 0 is a valid type
+ CFTypeID type = 0);
+ const void *lookup(
+ CFStringRef key,
+ bool checkType = false,
+ CFTypeID type = 0);
+
+ /*
+ * Common means to perform a lookup in a dictionary given a C-string key and
+ * placing the value - if present - in a CSSM_DB_ATTRIBUTE_DATA. Any errors
+ * are only logged via MPDebug. Returns true if the value was found and
+ * successfully placed in supplied CSSM_DB_ATTRIBUTE_DATA.
+ *
+ * For now we assume that the key in the dictionary is the same as the key
+ * in the DB to which we're writing.
+ *
+ * A MDSNameValuePair array may be specified to facilitate conversion of
+ * values which appears in the dictionary as strings but which are stored
+ * in the DB as integers.
+ *
+ * We're also assuming that all DB keys are of format
+ * CSSM_DB_ATTRIBUTE_NAME_AS_STRING.
+ */
+ bool lookupToDbAttr(
+ const char *key,
+ CSSM_DB_ATTRIBUTE_DATA &attr,
+ CSSM_DB_ATTRIBUTE_FORMAT attrFormat,
+ const MDSNameValuePair *nameValues = NULL);
+
+ /*
+ * Given a RelationInfo and an array of CSSM_DB_ATTRIBUTE_DATAs, fill in
+ * the CSSM_DB_ATTRIBUTE_DATA array with as many fields as we can find in
+ * the dictionary. All fields are treated as optional.
+ */
+ void lookupAttributes(
+ const RelationInfo *relInfo,
+ CSSM_DB_ATTRIBUTE_DATA_PTR outAttrs, // filled in on return
+ uint32 &numAttrs); // RETURNED
+
+ CFDictionaryRef dict() { return mDict; }
+ const char *urlPath() { return mUrlPath; }
+ const char *fileDesc() { return mFileDesc; }
+
+ /*
+ * Lookup with file-based indirection. Allows multiple mdsinfo file to share
+ * commmon info from a separate plist file.
+ */
+ const CFPropertyListRef lookupWithIndirect(
+ const char *key,
+ CFBundleRef bundle,
+ CFTypeID desiredType,
+ bool &fetchedFromDisk); // true --> caller must CFRelease the returned
+ // value
+ // false -> it's part of this dictionary
+private:
+ CFDictionaryRef mDict;
+ bool mWeOwnDict;
+ char *mUrlPath;
+ char *mFileDesc;
+};
+
+} // end namespace Security
+
+#endif /* _MDS_DICTIONARY_H_ */
#include <Security/mds_schema.h>
#include <memory>
+namespace Security
+{
+
ModuleNexus<MDSModule> MDSModule::mModuleNexus;
// Names and IDs of tables used in the MDS databases
#define TABLE(t) { t, #t }
+/*
+ * For now, to allow compatibility with AppleFileDL, we use the same record IDs
+ * it uses when constructing an AppleDatabaseManager. See Radar 2817921 for details.
+ * The fix requires that AppleDatabase be able to fetch its meta-table relationIDs
+ * from an existing DB at DbOpen time; I'm not sure that's possible.
+ */
+#define USE_FILE_DL_TABLES 1
+
static const AppleDatabaseTableName kTableNames[] = {
// the meta-tables. the parsing module is not used by MDS, but is required
// by the implementation of the database
+ #if USE_FILE_DL_TABLES
+ TABLE(CSSM_DL_DB_SCHEMA_INFO),
+ TABLE(CSSM_DL_DB_SCHEMA_ATTRIBUTES),
+ TABLE(CSSM_DL_DB_SCHEMA_INDEXES),
+ #else
TABLE(MDS_CDSADIR_MDS_SCHEMA_RELATIONS),
TABLE(MDS_CDSADIR_MDS_SCHEMA_ATTRIBUTES),
TABLE(MDS_CDSADIR_MDS_SCHEMA_INDEXES),
+ #endif
TABLE(CSSM_DL_DB_SCHEMA_PARSING_MODULE),
// the MDS-specific tables
}
MDSModule::MDSModule ()
- : mDatabaseManager(kTableNames)
+ : mDatabaseManager(kTableNames),
+ mLastScanTime((time_t)0)
{
+ mDbPath[0] = '\0';
}
+/*
+ * Called upon unload or process death by CleanModuleNexus.
+ */
MDSModule::~MDSModule ()
{
+ /* TBD - close all DBs */
+}
+
+void MDSModule::lastScanIsNow()
+{
+ mLastScanTime = Time::now();
}
+
+double MDSModule::timeSinceLastScan()
+{
+ Time::Interval delta = Time::now() - mLastScanTime;
+ return delta.seconds();
+}
+
+void MDSModule::getDbPath(
+ char *path)
+{
+ StLock<Mutex> _(mDbPathLock);
+ strcpy(path, mDbPath);
+}
+
+void MDSModule::setDbPath(const char *path)
+{
+ StLock<Mutex> _(mDbPathLock);
+ assert(strlen(path) <= MAXPATHLEN);
+ strcpy(mDbPath, path);
+}
+
+} // end namespace Security
#include <Security/AppleDatabase.h>
#include <Security/globalizer.h>
+#include <Security/timeflow.h>
+#include <Security/threading.h>
+#include <sys/param.h>
+
+namespace Security
+{
class MDSModule
{
MDSModule ();
~MDSModule ();
- DatabaseManager &databaseManager () { return mDatabaseManager; }
-
+ DatabaseManager &databaseManager () { return mDatabaseManager; }
+ void lastScanIsNow();
+ double timeSinceLastScan();
+ void getDbPath(char *path);
+ void setDbPath(const char *path);
+
private:
static ModuleNexus<MDSModule> mModuleNexus;
- AppleDatabaseManager mDatabaseManager;
+ AppleDatabaseManager mDatabaseManager;
+
+ /*
+ * Manipulated by MDSSession objects when they hold the system-wide per-user
+ * MDS file lock. mDbPath readable any time; it's protected process-wide
+ * by mDbPathLock.
+ */
+ char mDbPath[MAXPATHLEN + 1];
+ Time::Absolute mLastScanTime;
+ Mutex mDbPathLock;
};
+} // end namespace Security
+
#endif // _MDSMODULE_H_
#include "MDSSchema.h"
#include <Security/mds_schema.h>
+#include <cstring>
+
+namespace Security
+{
+
+/*
+ * There appears to be a bug in AppleDatabase which prevents our assigning
+ * schema to the meta-tables.
+ */
+#define DEFINE_META_TABLES 0
+
+/* indicates "no MDSNameValuePair table" in a RELATION_INFO declaration. */
+#define NO_NVP NULL
//
// Schema for the lone table in the Object Directory Database.
//
-
-static const CSSM_DB_SCHEMA_ATTRIBUTE_INFO kAttributesObjectRelation[] = {
- SCHEMA_ATTRIBUTE(0, ModuleId, STRING),
- SCHEMA_ATTRIBUTE(1, Manifest, BLOB),
- SCHEMA_ATTRIBUTE(2, ModuleName, STRING),
- SCHEMA_ATTRIBUTE(3, Path, STRING),
- SCHEMA_ATTRIBUTE(4, ProductVersion, STRING)
+static const CSSM_DB_ATTRIBUTE_INFO objectAttrs[] = {
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(Manifest, BLOB),
+ DB_ATTRIBUTE(ModuleName, STRING),
+ DB_ATTRIBUTE(Path, STRING),
+ DB_ATTRIBUTE(ProductVersion, STRING),
+
+ /* not in the CDSA spec; denotes a plugin which is statically linked to CSSM */
+ DB_ATTRIBUTE(BuiltIn, UINT32),
};
-static const CSSM_DB_SCHEMA_INDEX_INFO kIndexObjectRelation[] = {
- UNIQUE_INDEX_ATTRIBUTE(0)
+static const CSSM_DB_INDEX_INFO objectIndex[] = {
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING)
};
const RelationInfo kObjectRelation =
- RELATION_INFO(MDS_OBJECT_RECORDTYPE, kAttributesObjectRelation, kIndexObjectRelation);
+ RELATION_INFO(MDS_OBJECT_RECORDTYPE,
+ objectAttrs,
+ NO_NVP, // no symbolic names
+ objectIndex);
//
// Schema for the various tables in the CDSA Directory Database.
//
// CSSM Relation.
+static const CSSM_DB_ATTRIBUTE_INFO cssmAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(CDSAVersion, STRING),
+ DB_ATTRIBUTE(Vendor, STRING),
+ DB_ATTRIBUTE(Desc, STRING),
+ DB_ATTRIBUTE(NativeServices, UINT32),
+};
-static const CSSM_DB_SCHEMA_ATTRIBUTE_INFO kAttributesCSSMRelation[] =
+static const MDSNameValuePair *cssmNvp[] = {
+ NULL, NULL, NULL, NULL,
+ MDSServiceNames
+};
+
+static const CSSM_DB_INDEX_INFO cssmIndex[] =
{
- SCHEMA_ATTRIBUTE(0, ModuleID, STRING),
- SCHEMA_ATTRIBUTE(1, CDSAVersion, STRING),
- SCHEMA_ATTRIBUTE(2, Vendor, STRING),
- SCHEMA_ATTRIBUTE(3, Desc, STRING),
- SCHEMA_ATTRIBUTE(4, NativeServices, UINT32)
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING)
};
-static const CSSM_DB_SCHEMA_INDEX_INFO kIndexCSSMRelation[] =
+// KRMM Relation.
+static const CSSM_DB_ATTRIBUTE_INFO krmmAttrs[] =
{
- UNIQUE_INDEX_ATTRIBUTE(0)
+ DB_ATTRIBUTE(CSSMGuid, STRING),
+ DB_ATTRIBUTE(PolicyType, UINT32),
+ DB_ATTRIBUTE(PolicyName, STRING),
+ DB_ATTRIBUTE(PolicyPath, STRING),
+ DB_ATTRIBUTE(PolicyInfo, BLOB),
+ DB_ATTRIBUTE(PolicyManifest, BLOB),
+ /*
+ * This attribute is not defined in the CDSA spec. It's only here, in the schema,
+ * to avoid throwing exceptions when searching a DB for any records associated
+ * with a specified GUID - in all other schemas, a guid is specified as a
+ * ModuleID.
+ */
+ DB_ATTRIBUTE(ModuleID, STRING),
};
-const RelationInfo kCSSMRelation =
- RELATION_INFO(MDS_CDSADIR_CSSM_RECORDTYPE, kAttributesCSSMRelation, kIndexCSSMRelation);
+static const MDSNameValuePair *krmmNvp[] = {
+ NULL, MDSKrPolicyTypeNames, NULL, NULL,
+ NULL, NULL,
+};
-// KRMM Relation.
-
-static const CSSM_DB_SCHEMA_ATTRIBUTE_INFO kAttributesKRMMRelation[] =
+static const CSSM_DB_INDEX_INFO krmmIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(CSSMGuid, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(PolicyType, UINT32)
+};
+
+// EMM Relation.
+static const CSSM_DB_ATTRIBUTE_INFO emmAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(Manifest, BLOB),
+ DB_ATTRIBUTE(ModuleName, STRING),
+ DB_ATTRIBUTE(Path, STRING),
+ DB_ATTRIBUTE(CDSAVersion, STRING),
+ DB_ATTRIBUTE(EMMSpecVersion, STRING),
+ DB_ATTRIBUTE(Desc, STRING),
+ DB_ATTRIBUTE(PolicyStmt, BLOB),
+ DB_ATTRIBUTE(EmmVersion, STRING),
+ DB_ATTRIBUTE(EmmVendor, STRING),
+ DB_ATTRIBUTE(EmmType, UINT32), // does this need a name/value table?
+};
+
+static const CSSM_DB_INDEX_INFO emmIndex[] =
{
- SCHEMA_ATTRIBUTE(0, CSSMGuid, STRING),
- SCHEMA_ATTRIBUTE(1, PolicyType, UINT32),
- SCHEMA_ATTRIBUTE(2, PolicyName, STRING),
- SCHEMA_ATTRIBUTE(3, PolicyPath, STRING),
- SCHEMA_ATTRIBUTE(4, PolicyInfo, BLOB),
- SCHEMA_ATTRIBUTE(5, PolicyManifest, BLOB)
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING)
};
-static const CSSM_DB_SCHEMA_INDEX_INFO kIndexKRMMRelation[] =
+// Primary EMM Service Provider Relation.
+static const CSSM_DB_ATTRIBUTE_INFO emmPrimaryAttrs[] =
{
- UNIQUE_INDEX_ATTRIBUTE(0),
- UNIQUE_INDEX_ATTRIBUTE(1)
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(ServiceType, UINT32),
+ DB_ATTRIBUTE(Manifest, BLOB),
+ DB_ATTRIBUTE(ModuleName, STRING),
+ DB_ATTRIBUTE(ProductVersion, STRING),
+ DB_ATTRIBUTE(Vendor, STRING),
+ DB_ATTRIBUTE(SampleTypes, MULTI_UINT32),
+ DB_ATTRIBUTE(AclSubjectTypes, MULTI_UINT32),
+ DB_ATTRIBUTE(AuthTags, MULTI_UINT32),
+ DB_ATTRIBUTE(EmmSpecVersion, STRING),
};
-const RelationInfo kKRMMRelation =
- RELATION_INFO(MDS_CDSADIR_KRMM_RECORDTYPE, kAttributesKRMMRelation, kIndexKRMMRelation);
+static const MDSNameValuePair *emmPrimaryNvp[] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, MDSSampleTypeNames,
+ MDSAclSubjectTypeNames,
+ MDSAclAuthTagNames,
+ NULL
+};
+
+static const CSSM_DB_INDEX_INFO emmPrimaryIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32),
+ UNIQUE_INDEX_ATTRIBUTE(ServiceType, UINT32)
+};
// Common Relation.
+static const CSSM_DB_ATTRIBUTE_INFO commonAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(Manifest, BLOB),
+ DB_ATTRIBUTE(ModuleName, STRING),
+ DB_ATTRIBUTE(Path, STRING),
+ DB_ATTRIBUTE(CDSAVersion, STRING),
+ DB_ATTRIBUTE(Desc, STRING),
+ DB_ATTRIBUTE(DynamicFlag, UINT32),
+ DB_ATTRIBUTE(MultiThreadFlag, UINT32),
+ DB_ATTRIBUTE(ServiceMask, UINT32),
+};
+
+static const MDSNameValuePair *commonNvp[] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ MDSServiceNames
+};
+
+static const CSSM_DB_INDEX_INFO commonIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING)
+};
+
+// CSP Primary Relation.
+static const CSSM_DB_ATTRIBUTE_INFO cspPrimaryAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(Manifest, BLOB),
+ DB_ATTRIBUTE(ModuleName, STRING),
+ DB_ATTRIBUTE(ProductVersion, STRING),
+ DB_ATTRIBUTE(Vendor, STRING),
+ DB_ATTRIBUTE(CspType, UINT32),
+ DB_ATTRIBUTE(CspFlags, UINT32),
+ DB_ATTRIBUTE(CspCustomFlags, UINT32),
+ DB_ATTRIBUTE(UseeTags, MULTI_UINT32),
+ DB_ATTRIBUTE(SampleTypes, MULTI_UINT32),
+ DB_ATTRIBUTE(AclSubjectTypes, MULTI_UINT32),
+ DB_ATTRIBUTE(AuthTags, MULTI_UINT32),
+};
+
+static const MDSNameValuePair *cspPrimaryNvp[] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL,
+ MDSCspTypeNames,
+ MDSCspFlagsNames,
+ NULL,
+ MDSUseeTagsNames,
+ MDSSampleTypeNames,
+ MDSAclSubjectTypeNames,
+ MDSAclAuthTagNames
+};
+
+static const CSSM_DB_INDEX_INFO cspPrimaryIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32)
+};
+
+// CSP Capabilities Relation.
+static const CSSM_DB_ATTRIBUTE_INFO cspCapabilitiesAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(UseeTag, UINT32),
+ DB_ATTRIBUTE(ContextType, UINT32),
+ DB_ATTRIBUTE(AlgType, UINT32),
+ DB_ATTRIBUTE(GroupId, UINT32),
+ DB_ATTRIBUTE(AttributeType, UINT32),
+ DB_ATTRIBUTE(AttributeValue, MULTI_UINT32),
+ DB_ATTRIBUTE(Description, STRING),
+};
+static const MDSNameValuePair *cspCapabilitiesNvp[] = {
+ NULL,
+ NULL,
+ MDSUseeTagsNames,
+ MDSContextTypeNames,
+ MDSAlgorithmNames,
+ NULL,
+ MDSAttributeTypeNames,
+ NULL,
+ NULL
+};
+
+static const CSSM_DB_INDEX_INFO cspCapabilitiesIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32),
+ UNIQUE_INDEX_ATTRIBUTE(UseeTag, UINT32),
+ UNIQUE_INDEX_ATTRIBUTE(ContextType, UINT32),
+ UNIQUE_INDEX_ATTRIBUTE(AlgType, UINT32),
+ UNIQUE_INDEX_ATTRIBUTE(GroupId, UINT32),
+ UNIQUE_INDEX_ATTRIBUTE(AttributeType, STRING)
+};
+
+// special case "subschema" for parsing CSPCapabilities. These arrays correspond
+// dictionaries within a CSPCapabilities info file; they are not part of
+// our DB's schema. They are declared only to streamline the
+// MDSAttrParser::parseCspCapabilitiesRecord function. No index info is needed.
+
+// top-level info, applied to the dictionary for the whole file.
+static const CSSM_DB_ATTRIBUTE_INFO kAttributesCSPCapabilitiesDict1[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+};
+const RelationInfo CSPCapabilitiesDict1RelInfo =
+ RELATION_INFO(
+ MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE, // actually a don't care
+ kAttributesCSPCapabilitiesDict1,
+ NULL, // no NVP needed
+ NULL); // no index
+
+// "Capabilities" is an array of dictionaries of these
+static const CSSM_DB_ATTRIBUTE_INFO kAttributesCSPCapabilitiesDict2[] =
+{
+ DB_ATTRIBUTE(AlgType, UINT32),
+ DB_ATTRIBUTE(ContextType, UINT32),
+ DB_ATTRIBUTE(UseeTag, UINT32),
+ DB_ATTRIBUTE(Description, STRING),
+};
+static const MDSNameValuePair *CSPCapabilitiesDict2Nvp[] = {
+ MDSAlgorithmNames,
+ MDSContextTypeNames,
+ MDSUseeTagsNames,
+ NULL
+};
+const RelationInfo CSPCapabilitiesDict2RelInfo =
+ RELATION_INFO(
+ MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE, // actually a don't care
+ kAttributesCSPCapabilitiesDict2,
+ CSPCapabilitiesDict2Nvp,
+ NULL); // no index
+
+// Within a Capabilities array, the Attributes array is an array of
+// Dictionaries of these.
+static const CSSM_DB_ATTRIBUTE_INFO kAttributesCSPCapabilitiesDict3[] =
+{
+ DB_ATTRIBUTE(AttributeType, UINT32),
+ DB_ATTRIBUTE(AttributeValue, MULTI_UINT32),
+};
+static const MDSNameValuePair *CSPCapabilitiesDict3Nvp[] = {
+ MDSAttributeTypeNames,
+ NULL
+};
+const RelationInfo CSPCapabilitiesDict3RelInfo =
+ RELATION_INFO(
+ MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE, // actually a don't care
+ kAttributesCSPCapabilitiesDict3,
+ CSPCapabilitiesDict3Nvp,
+ NULL);
+
+
+
+// CSP Encapsulated Products Relation.
+static const CSSM_DB_ATTRIBUTE_INFO cspEncapsulatedAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(ProductDesc, STRING),
+ DB_ATTRIBUTE(ProductVendor, STRING),
+ DB_ATTRIBUTE(ProductVersion, STRING),
+ DB_ATTRIBUTE(ProductFlags, UINT32),
+ DB_ATTRIBUTE(CustomFlags, UINT32),
+ DB_ATTRIBUTE(StandardDesc, STRING),
+ DB_ATTRIBUTE(StandardVersion, STRING),
+ DB_ATTRIBUTE(ReaderDesc, STRING),
+ DB_ATTRIBUTE(ReaderVendor, STRING),
+ DB_ATTRIBUTE(ReaderVersion, STRING),
+ DB_ATTRIBUTE(ReaderFirmwareVersion, STRING),
+ DB_ATTRIBUTE(ReaderFlags, UINT32),
+ DB_ATTRIBUTE(ReaderCustomFlags, UINT32),
+ DB_ATTRIBUTE(ReaderSerialNumber, STRING),
+};
+
+static const MDSNameValuePair *cspEncapsulatedNvp[] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, MDSCspReaderFlagsNames, NULL, NULL
+};
+
+static const CSSM_DB_INDEX_INFO cspEncapsulatedIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32)
+};
+
+// CSP Smartcardinfo Relation.
+static const CSSM_DB_ATTRIBUTE_INFO cspSmartCardAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(ScDesc, STRING),
+ DB_ATTRIBUTE(ScVendor, STRING),
+ DB_ATTRIBUTE(ScVersion, STRING),
+ DB_ATTRIBUTE(ScFirmwareVersion, STRING),
+ DB_ATTRIBUTE(ScFlags, UINT32),
+ DB_ATTRIBUTE(ScCustomFlags, UINT32),
+ DB_ATTRIBUTE(ScSerialNumber, STRING),
+};
+static const MDSNameValuePair *cspSmartCardNvp[] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, MDSCspScFlagsNames, NULL,
+ NULL,
+};
+
+static const CSSM_DB_INDEX_INFO cspSmartCardIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32),
+ UNIQUE_INDEX_ATTRIBUTE(ScDesc, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(ScVendor, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(ScVersion, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(ScFirmwareVersion, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(ScFlags, UINT32)
+};
+
+// DL Primary Relation.
+static const CSSM_DB_ATTRIBUTE_INFO dlPrimaryAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(Manifest, BLOB),
+ DB_ATTRIBUTE(ModuleName, STRING),
+ DB_ATTRIBUTE(ProductVersion, STRING),
+ DB_ATTRIBUTE(Vendor, STRING),
+ DB_ATTRIBUTE(DLType, UINT32),
+ DB_ATTRIBUTE(QueryLimitsFlag, UINT32), // a completely bogus attr; see spec
+ DB_ATTRIBUTE(SampleTypes, MULTI_UINT32),
+ DB_ATTRIBUTE(AclSubjectTypes, MULTI_UINT32),
+ DB_ATTRIBUTE(AuthTags, MULTI_UINT32),
+ DB_ATTRIBUTE(ConjunctiveOps, MULTI_UINT32),
+ DB_ATTRIBUTE(RelationalOps, MULTI_UINT32),
+};
+static const MDSNameValuePair *dlPrimaryNvp[] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, MDSDlTypeNames, NULL,
+ MDSSampleTypeNames,
+ MDSAclSubjectTypeNames,
+ MDSAclAuthTagNames,
+ MDSDbConjunctiveNames,
+ MDSDbOperatorNames
+};
+static const CSSM_DB_INDEX_INFO dlPrimaryIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32)
+};
+
+// DL Encapsulated Products Relation.
+static const CSSM_DB_ATTRIBUTE_INFO dlEncapsulatedAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(ProductDesc, STRING),
+ DB_ATTRIBUTE(ProductVendor, STRING),
+ DB_ATTRIBUTE(ProductVersion, STRING),
+ DB_ATTRIBUTE(ProductFlags, UINT32),
+ DB_ATTRIBUTE(StandardDesc, STRING),
+ DB_ATTRIBUTE(StandardVersion, STRING),
+ DB_ATTRIBUTE(Protocol, UINT32),
+ DB_ATTRIBUTE(RetrievalMode, UINT32),
+};
+
+static const MDSNameValuePair *dlEncapsulatedNvp[] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ MDSNetProtocolNames,
+ MDSDbRetrievalModeNames
+};
+
+static const CSSM_DB_INDEX_INFO dlEncapsulatedIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32)
+};
+
+// CL Primary Relation.
+static const CSSM_DB_ATTRIBUTE_INFO clPrimaryAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(Manifest, BLOB),
+ DB_ATTRIBUTE(ModuleName, STRING),
+ DB_ATTRIBUTE(ProductVersion, STRING),
+ DB_ATTRIBUTE(Vendor, STRING),
+ DB_ATTRIBUTE(CertTypeFormat, UINT32),
+ DB_ATTRIBUTE(CrlTypeFormat, UINT32),
+ DB_ATTRIBUTE(CertFieldNames, BLOB),
+ DB_ATTRIBUTE(BundleTypeFormat, MULTI_UINT32),
+ DB_ATTRIBUTE(XlationTypeFormat, MULTI_UINT32),
+ DB_ATTRIBUTE(TemplateFieldNames, BLOB),
+};
+
+static const MDSNameValuePair *clPrimaryNvp[] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, MDSCertTypeNames, MDSCrlTypeNames,
+ NULL,
+ MDSCertBundleTypeNames,
+ MDSCertTypeNames, // translation type - same as cert type - right?
+ NULL
+};
+
+static const CSSM_DB_INDEX_INFO clPrimaryIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32)
+};
+
+// CL Encapsulated Products Relation.
+static const CSSM_DB_ATTRIBUTE_INFO clEncapsulatedAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(ProductDesc, STRING),
+ DB_ATTRIBUTE(ProductVendor, STRING),
+ DB_ATTRIBUTE(ProductVersion, STRING),
+ DB_ATTRIBUTE(ProductFlags, UINT32),
+ DB_ATTRIBUTE(StandardDesc, STRING),
+ DB_ATTRIBUTE(StandardVersion, STRING),
+};
+
+static const CSSM_DB_INDEX_INFO clEncapsulatedIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32)
+};
-static const CSSM_DB_SCHEMA_ATTRIBUTE_INFO kAttributesCommonRelation[] =
+// TP Primary Relation.
+static const CSSM_DB_ATTRIBUTE_INFO tpPrimaryAttrs[] =
{
- SCHEMA_ATTRIBUTE(0, ModuleID, STRING),
- SCHEMA_ATTRIBUTE(1, Manifest, BLOB),
- SCHEMA_ATTRIBUTE(2, ModuleName, STRING),
- SCHEMA_ATTRIBUTE(3, Path, STRING),
- SCHEMA_ATTRIBUTE(4, CDSAVersion, STRING),
- SCHEMA_ATTRIBUTE(5, Desc, STRING),
- SCHEMA_ATTRIBUTE(6, DynamicFlag, UINT32),
- SCHEMA_ATTRIBUTE(7, MultiThreadFlag, UINT32),
- SCHEMA_ATTRIBUTE(8, ServiceMask, UINT32)
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(Manifest, BLOB),
+ DB_ATTRIBUTE(ModuleName, STRING),
+ DB_ATTRIBUTE(ProductVersion, STRING),
+ DB_ATTRIBUTE(Vendor, STRING),
+ DB_ATTRIBUTE(CertTypeFormat, UINT32),
+ DB_ATTRIBUTE(SampleTypes, MULTI_UINT32),
+ DB_ATTRIBUTE(AclSubjectTypes, MULTI_UINT32),
+ DB_ATTRIBUTE(AuthTags, MULTI_UINT32),
};
-static const CSSM_DB_SCHEMA_INDEX_INFO kIndexCommonRelation[] =
+static const MDSNameValuePair *tpPrimaryNvp[] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL,
+ MDSCertTypeNames,
+ MDSSampleTypeNames,
+ MDSAclSubjectTypeNames,
+ MDSAclAuthTagNames,
+};
+
+static const CSSM_DB_INDEX_INFO tpPrimaryIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32)
+};
+
+// TP Policy-OIDs Relation.
+static const CSSM_DB_ATTRIBUTE_INFO tpPolicyOidsAttrs[] =
{
- UNIQUE_INDEX_ATTRIBUTE(0)
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(OID, BLOB),
+ DB_ATTRIBUTE(Value, BLOB),
};
-const RelationInfo kCommonRelation =
- RELATION_INFO(MDS_CDSADIR_COMMON_RECORDTYPE, kAttributesCommonRelation, kIndexCommonRelation);
+static const CSSM_DB_INDEX_INFO tpPolicyOidsIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32),
+ UNIQUE_INDEX_ATTRIBUTE(OID, BLOB)
+};
+
+// special case "subschema" for parsing tpPolicyOidsAttrs. These arrays correspond
+// dictionaries within a tpPolicyOidsAttrs info file; they are not part of
+// our DB's schema. They are declared only to streamline the
+// MDSAttrParser::parseTpPolicyOidsRecord function. No index info is needed.
+
+// top-level info, applied to the dictionary for the whole file.
+static const CSSM_DB_ATTRIBUTE_INFO tpPolicyOidsDict1[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+};
+const RelationInfo TpPolicyOidsDict1RelInfo =
+ RELATION_INFO(
+ MDS_CDSADIR_TP_OIDS_RECORDTYPE, // actually a don't care
+ tpPolicyOidsDict1,
+ NULL, // no NVP needed
+ NULL); // no index
+
+// One element of the "Policies" array maps to one of these.
+static const CSSM_DB_ATTRIBUTE_INFO tpPolicyOidsDict2[] =
+{
+ DB_ATTRIBUTE(OID, BLOB),
+ DB_ATTRIBUTE(Value, BLOB),
+};
+const RelationInfo TpPolicyOidsDict2RelInfo =
+ RELATION_INFO(
+ MDS_CDSADIR_TP_OIDS_RECORDTYPE, // actually a don't care
+ tpPolicyOidsDict2,
+ NULL, // no NVP needed
+ NULL); // no index
+
+// TP Encapsulated Products Relation.
+static const CSSM_DB_ATTRIBUTE_INFO tpEncapsulatedAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(ProductDesc, STRING),
+ DB_ATTRIBUTE(ProductVendor, STRING),
+ DB_ATTRIBUTE(ProductVersion, STRING),
+ DB_ATTRIBUTE(ProductFlags, UINT32), // vendor-specific, right?
+ DB_ATTRIBUTE(AuthorityRequestType, MULTI_UINT32),
+ DB_ATTRIBUTE(StandardDesc, STRING),
+ DB_ATTRIBUTE(StandardVersion, STRING),
+ DB_ATTRIBUTE(ProtocolDesc, STRING),
+ DB_ATTRIBUTE(ProtocolFlags, UINT32),
+ DB_ATTRIBUTE(CertClassName, STRING),
+ DB_ATTRIBUTE(RootCertificate, BLOB),
+ DB_ATTRIBUTE(RootCertTypeFormat, UINT32),
+};
+static const MDSNameValuePair *tpEncapsulatedNvp[] = {
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, MDSTpAuthRequestNames, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, MDSCertTypeNames
+};
+
+static const CSSM_DB_INDEX_INFO tpEncapsulatedIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32)
+};
+
+#if DEFINE_META_TABLES
+// MDS Schema Relations (meta) Relation.
+static const CSSM_DB_ATTRIBUTE_INFO mdsSchemaRelationsAttrs[] =
+{
+ DB_ATTRIBUTE(RelationID, UINT32),
+ DB_ATTRIBUTE(RelationName, STRING),
+};
+
+static const CSSM_DB_INDEX_INFO mdsSchemaRelationsIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(RelationID, UINT32),
+};
+
+// MDS Schema Attributes (meta) Relation.
+static const CSSM_DB_ATTRIBUTE_INFO mdsSchemaAttributesAttrs[] =
+{
+ DB_ATTRIBUTE(RelationID, UINT32),
+ DB_ATTRIBUTE(AttributeID, UINT32),
+ DB_ATTRIBUTE(AttributeNameFormat, UINT32),
+ DB_ATTRIBUTE(AttributeName, STRING),
+ DB_ATTRIBUTE(AttributeNameID, BLOB),
+ DB_ATTRIBUTE(AttributeFormat, UINT32),
+};
+
+static const CSSM_DB_INDEX_INFO mdsSchemaAttributesIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(RelationID, UINT32),
+ UNIQUE_INDEX_ATTRIBUTE(AttributeID, UINT32)
+};
+
+// MDS Schema Indexes (meta) Relation.
+static const CSSM_DB_ATTRIBUTE_INFO mdsSchemaIndexesAttrs[] =
+{
+ DB_ATTRIBUTE(RelationID, UINT32),
+ DB_ATTRIBUTE(IndexID, UINT32),
+ DB_ATTRIBUTE(AttributeID, UINT32),
+ DB_ATTRIBUTE(IndexType, UINT32),
+ DB_ATTRIBUTE(IndexedDataLocation, UINT32),
+};
+
+static const CSSM_DB_INDEX_INFO mdsSchemaIndexesIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(RelationID, UINT32),
+ UNIQUE_INDEX_ATTRIBUTE(IndexID, UINT32)
+};
+
+#endif /* DEFINE_META_TABLES */
+
+// AC Primary Relation.
+static const CSSM_DB_ATTRIBUTE_INFO acPrimaryAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(Manifest, BLOB),
+ DB_ATTRIBUTE(ModuleName, STRING),
+ DB_ATTRIBUTE(ProductVersion, STRING),
+ DB_ATTRIBUTE(Vendor, STRING),
+};
+
+static const CSSM_DB_INDEX_INFO acPrimaryIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32)
+};
+
+// KR Primary Relation.
+static const CSSM_DB_ATTRIBUTE_INFO krPrimaryAttrs[] =
+{
+ DB_ATTRIBUTE(ModuleID, STRING),
+ DB_ATTRIBUTE(SSID, UINT32),
+ DB_ATTRIBUTE(Manifest, BLOB),
+ DB_ATTRIBUTE(ModuleName, STRING),
+ DB_ATTRIBUTE(CompatCSSMVersion, STRING),
+ DB_ATTRIBUTE(Version, STRING),
+ DB_ATTRIBUTE(Vendor, STRING),
+ DB_ATTRIBUTE(Description, STRING),
+ DB_ATTRIBUTE(ConfigFileLocation, STRING),
+};
+
+static const CSSM_DB_INDEX_INFO krPrimaryIndex[] =
+{
+ UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING),
+ UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32)
+};
+
+// list of all built-in schema for the CDSA Directory DB.
+const RelationInfo kMDSRelationInfo[] =
+{
+ RELATION_INFO(MDS_CDSADIR_CSSM_RECORDTYPE,
+ cssmAttrs,
+ cssmNvp,
+ cssmIndex),
+ RELATION_INFO(MDS_CDSADIR_KRMM_RECORDTYPE,
+ krmmAttrs,
+ krmmNvp,
+ krmmIndex),
+ RELATION_INFO(MDS_CDSADIR_EMM_RECORDTYPE,
+ emmAttrs,
+ NO_NVP, // FIXME - what is the uint32 EmmType here?
+ emmIndex),
+ RELATION_INFO(MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE,
+ emmPrimaryAttrs,
+ emmPrimaryNvp,
+ emmPrimaryIndex),
+ RELATION_INFO(MDS_CDSADIR_COMMON_RECORDTYPE,
+ commonAttrs,
+ commonNvp,
+ commonIndex),
+ RELATION_INFO(MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE,
+ cspPrimaryAttrs,
+ cspPrimaryNvp,
+ cspPrimaryIndex),
+ RELATION_INFO(MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE,
+ cspCapabilitiesAttrs,
+ cspCapabilitiesNvp,
+ cspCapabilitiesIndex),
+ RELATION_INFO(MDS_CDSADIR_CSP_ENCAPSULATED_PRODUCT_RECORDTYPE,
+ cspEncapsulatedAttrs,
+ cspEncapsulatedNvp,
+ cspEncapsulatedIndex),
+ RELATION_INFO(MDS_CDSADIR_CSP_SC_INFO_RECORDTYPE,
+ cspSmartCardAttrs,
+ cspSmartCardNvp,
+ cspSmartCardIndex),
+ RELATION_INFO(MDS_CDSADIR_DL_PRIMARY_RECORDTYPE,
+ dlPrimaryAttrs,
+ dlPrimaryNvp,
+ dlPrimaryIndex),
+ RELATION_INFO(MDS_CDSADIR_DL_ENCAPSULATED_PRODUCT_RECORDTYPE,
+ dlEncapsulatedAttrs,
+ dlEncapsulatedNvp,
+ dlEncapsulatedIndex),
+ RELATION_INFO(MDS_CDSADIR_CL_PRIMARY_RECORDTYPE,
+ clPrimaryAttrs,
+ clPrimaryNvp,
+ clPrimaryIndex),
+ RELATION_INFO(MDS_CDSADIR_CL_ENCAPSULATED_PRODUCT_RECORDTYPE,
+ clEncapsulatedAttrs,
+ NO_NVP, // none needed
+ clEncapsulatedIndex),
+ RELATION_INFO(MDS_CDSADIR_TP_PRIMARY_RECORDTYPE,
+ tpPrimaryAttrs,
+ tpPrimaryNvp,
+ tpPrimaryIndex),
+ RELATION_INFO(MDS_CDSADIR_TP_OIDS_RECORDTYPE,
+ tpPolicyOidsAttrs,
+ NO_NVP, // none needed
+ tpPolicyOidsIndex),
+ RELATION_INFO(MDS_CDSADIR_TP_ENCAPSULATED_PRODUCT_RECORDTYPE,
+ tpEncapsulatedAttrs,
+ tpEncapsulatedNvp,
+ tpEncapsulatedIndex),
+ #if DEFINE_META_TABLES
+ RELATION_INFO(MDS_CDSADIR_MDS_SCHEMA_RELATIONS,
+ mdsSchemaRelationsAttrs,
+ NO_NVP,
+ mdsSchemaRelationsIndex),
+ RELATION_INFO(MDS_CDSADIR_MDS_SCHEMA_ATTRIBUTES,
+ mdsSchemaAttributesAttrs,
+ NO_NVP,
+ mdsSchemaAttributesIndex),
+ RELATION_INFO(MDS_CDSADIR_MDS_SCHEMA_INDEXES,
+ mdsSchemaIndexesAttrs,
+ NO_NVP,
+ mdsSchemaIndexesIndex),
+ #endif /* DEFINE_META_TABLES */
+ RELATION_INFO(MDS_CDSADIR_AC_PRIMARY_RECORDTYPE,
+ acPrimaryAttrs,
+ NO_NVP, // none needed
+ acPrimaryIndex),
+ RELATION_INFO(MDS_CDSADIR_KR_PRIMARY_RECORDTYPE,
+ krPrimaryAttrs,
+ NO_NVP, // none needed
+ krPrimaryIndex)
+};
+
+const unsigned kNumMdsRelations = sizeof(kMDSRelationInfo) / sizeof(RelationInfo);
+
+// Map a CSSM_DB_RECORDTYPE to a RelationInfo *.
+extern const RelationInfo *MDSRecordTypeToRelation(
+ CSSM_DB_RECORDTYPE recordType)
+{
+ const RelationInfo *relInfo = kMDSRelationInfo;
+ unsigned dex;
+
+ for(dex=0; dex<kNumMdsRelations; dex++) {
+ if(relInfo->DataRecordType == recordType) {
+ return relInfo;
+ }
+ relInfo++;
+ }
+ if(recordType == MDS_OBJECT_RECORDTYPE) {
+ return &kObjectRelation;
+ }
+ return NULL;
+}
+
+// same as above, based on record type as string.
+extern const RelationInfo *MDSRecordTypeNameToRelation(
+ const char *recordTypeName)
+{
+ const RelationInfo *relInfo = kMDSRelationInfo;
+ unsigned dex;
+
+ for(dex=0; dex<kNumMdsRelations; dex++) {
+ if(!strcmp(recordTypeName, relInfo->relationName)) {
+ return relInfo;
+ }
+ relInfo++;
+ }
+ return NULL;
+}
+} // end namespace Security
#define _MDSSCHEMA_H
#include <Security/cssmtype.h>
+#include <Security/MDSAttrStrings.h>
-// Structure used to store information which is needed to create
-// a relation with indexes.
+namespace Security
+{
+// Structure used to store information which is needed to create
+// a relation with indexes. The info in one of these structs maps to one
+// record type in a CSSM_DBINFO - both record attribute info and index info.
+// The nameValues field refers to an array of MDSNameValuePair array pointers
+// which are used to convert attribute values from strings to uint32s via
+// MDS_StringToUint32. The nameValues array is parallel to the AttributeInfo
+// array.
struct RelationInfo {
- CSSM_DB_RECORDTYPE relationId;
+ CSSM_DB_RECORDTYPE DataRecordType;
const char *relationName;
- uint32 numAttributes;
- const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *attributes;
- uint32 numIndexes;
- const CSSM_DB_SCHEMA_INDEX_INFO *indexes;
+ uint32 NumberOfAttributes;
+ const CSSM_DB_ATTRIBUTE_INFO *AttributeInfo;
+ const MDSNameValuePair **nameValues;
+ uint32 NumberOfIndexes;
+ const CSSM_DB_INDEX_INFO *IndexInfo;
};
// Macros used to simplify declarations of attributes and indexes.
-#define SCHEMA_ATTRIBUTE(id, name, type) \
- { id, #name, { 0, NULL }, CSSM_DB_ATTRIBUTE_FORMAT_ ## type }
-
-#define UNIQUE_INDEX_ATTRIBUTE(attributeId) \
- { attributeId, 0, CSSM_DB_INDEX_UNIQUE, CSSM_DB_INDEX_ON_ATTRIBUTE }
+// declare a CSSM_DB_ATTRIBUTE_INFO
+#define DB_ATTRIBUTE(name, type) \
+ { CSSM_DB_ATTRIBUTE_NAME_AS_STRING, \
+ {#name}, \
+ CSSM_DB_ATTRIBUTE_FORMAT_ ## type \
+ }
-#define RELATION_INFO(relationId, attributes, indexes) \
+// declare a CSSM_DB_INDEX_INFO
+#define UNIQUE_INDEX_ATTRIBUTE(name, type) \
+ { CSSM_DB_INDEX_UNIQUE, \
+ CSSM_DB_INDEX_ON_ATTRIBUTE, \
+ { CSSM_DB_ATTRIBUTE_NAME_AS_STRING, \
+ {#name}, \
+ CSSM_DB_ATTRIBUTE_FORMAT_ ## type \
+ } \
+ }
+
+// declare a RelationInfo
+#define RELATION_INFO(relationId, attributes, nameValues, indexes) \
{ relationId, \
#relationId, \
- sizeof(attributes) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO), \
+ sizeof(attributes) / sizeof(CSSM_DB_ATTRIBUTE_INFO), \
attributes, \
- sizeof(indexes) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO), \
+ nameValues, \
+ sizeof(indexes) / sizeof(CSSM_DB_INDEX_INFO), \
indexes }
-// Declarations of schema for MDS relations.
-
+// Object directory DB - one built-in schema.
extern const RelationInfo kObjectRelation;
-extern const RelationInfo kCSSMRelation;
-extern const RelationInfo kKRMMRelation;
-extern const RelationInfo kCommonRelation;
+
+// list of all built-in schema for the CDSA Directory DB.
+extern const RelationInfo kMDSRelationInfo[];
+extern const unsigned kNumMdsRelations; // size of kMDSRelationInfo[]
+
+// special case "subschema" for parsing CSPCapabilities.
+extern const RelationInfo CSPCapabilitiesDict1RelInfo;
+extern const RelationInfo CSPCapabilitiesDict2RelInfo;
+extern const RelationInfo CSPCapabilitiesDict3RelInfo;
+
+// special case "subschema" for parsing TPPolicyOids.
+extern const RelationInfo TpPolicyOidsDict1RelInfo;
+extern const RelationInfo TpPolicyOidsDict2RelInfo;
+
+// Map a CSSM_DB_RECORDTYPE to a RelationInfo *.
+extern const RelationInfo *MDSRecordTypeToRelation(
+ CSSM_DB_RECORDTYPE recordType);
+
+// same as above, based on record type as string.
+extern const RelationInfo *MDSRecordTypeNameToRelation(
+ const char *recordTypeName);
+
+} // end namespace Security
#endif // _MDSSCHEMA_H
#include <Security/DbContext.h>
#include "MDSModule.h"
+#include "MDSAttrParser.h"
+#include "MDSAttrUtils.h"
#include <memory>
#include <Security/cssmerr.h>
#include <Security/utilities.h>
#include <Security/logging.h>
+#include <Security/debugging.h>
+#include <Security/mds_schema.h>
#include <sys/types.h>
+#include <sys/param.h>
#include <dirent.h>
#include <fcntl.h>
+#include <assert.h>
#include <time.h>
-// Location of security plugins.
+/*
+ * The layout of the various MDS DB files on disk is as follows:
+ *
+ * /var/tmp/mds -- owner = root, mode = 01777, world writable, sticky
+ * mdsObject.db -- owner = root, mode = 0644, object DB
+ * mdsDirectory.db -- owner = root, mode = 0644, MDS directory DB
+ * mds.lock -- temporary, owner = root, protects creation of
+ * previous two files
+ * <uid>/ -- owner = <uid>, mode = 0644
+ * mdsObject.db -- owner = <uid>, mode = 0644, object DB
+ * mdsDirectory.db -- owner = <uid>, mode = 0644, MDS directory DB
+ * mds.lock -- temporary, owner = <uid>, protects creation of
+ * previous two files
+ *
+ * The /var/tmp/mds directory and the two db files in it are created by root
+ * via SS or an AEWP call. Each user except for root has their own private
+ * directory with two DB files and a lock. The first time a user accesses MDS,
+ * the per-user directory is created and the per-user DB files are created as
+ * copies of the system DB files. Fcntl() with a F_RDLCK is used to lock the system
+ * DB files when they are the source of these copies; this is the same mechanism
+ * used by the underlying AtomincFile.
+ *
+ * The sticky bit in /var/tmp/mds ensures that users cannot delete, rename, and/or
+ * replace the root-owned DB files in that directory, and that users can not
+ * modify other user's private MDS directories.
+ */
+namespace Security
+{
-#define kPluginPath "/System/Library/Security/"
+/*
+ * Nominal location of Security.framework.
+ */
+#define MDS_SYSTEM_PATH "/System/Library/Frameworks"
+#define MDS_SYSTEM_FRAME "Security.framework"
-// Location of MDS database and lock files.
+/*
+ * Nominal location of standard plugins.
+ */
+#define MDS_BUNDLE_PATH "/System/Library/Security"
+#define MDS_BUNDLE_EXTEN ".bundle"
-#define kDatabasePath "/var/tmp/"
-#define kLockFilename kDatabasePath "mds.lock"
-// Minimum interval, in seconds, between rescans for plugin changes.
+/*
+ * Location of system MDS database and lock files.
+ */
+#define MDS_SYSTEM_DB_DIR "/private/var/tmp/mds"
+#define MDS_LOCK_FILE_NAME "mds.lock"
+#define MDS_OBJECT_DB_NAME "mdsObject.db"
+#define MDS_DIRECT_DB_NAME "mdsDirectory.db"
+#define MDS_LOCK_FILE_PATH MDS_SYSTEM_DB_DIR "/" MDS_LOCK_FILE_NAME
+#define MDS_OBJECT_DB_PATH MDS_SYSTEM_DB_DIR "/" MDS_OBJECT_DB_NAME
+#define MDS_DIRECT_DB_PATH MDS_SYSTEM_DB_DIR "/" MDS_DIRECT_DB_NAME
-#define kScanInterval 10
+/*
+ * Location of per-user bundles, relative to home directory.
+ * PEr-user DB files are in MDS_SYSTEM_DB_DIR/<uid>/.
+ */
+#define MDS_USER_DB_DIR "Library/Security"
+#define MDS_USER_BUNDLE "Library/Security"
+
+/* time to wait in ms trying to acquire lock */
+#define DB_LOCK_TIMEOUT (2 * 1000)
+
+/* Minimum interval, in seconds, between rescans for plugin changes */
+#define MDS_SCAN_INTERVAL 10
+
+/* initial debug - start from scratch each time */
+#define START_FROM_SCRATCH 0
+
+/* debug - skip file-level locking */
+#define SKIP_FILE_LOCKING 0
+
+/* Only allow root to create and update system DB files - in the final config this
+ * will be true */
+#define SYSTEM_MDS_ROOT_ONLY 0
+
+/*
+ * Early development; no Security Server/root involvement with system DB creation.
+ * If this is true, SYSTEM_MDS_ROOT_ONLY must be false (though both can be
+ * false for intermediate testing).
+ */
+#define SYSTEM_DBS_VIA_USER 1
+
+/* when true, turn autocommit off when building system DB */
+#define AUTO_COMMIT_OPT 1
-//
-// Get the current time in a format that matches that in which
-// a file's modification time is expressed.
-//
-static void
-getCurrentTime(struct timespec &now)
+/*
+ * Determine if both of the specified DB files exist as
+ * accessible regular files. Returns true if they do. If the purge argument
+ * is true, we'll ensure that either both or neither of the files exist on
+ * exit.
+ */
+static bool doFilesExist(
+ const char *objDbFile,
+ const char *directDbFile,
+ bool purge) // false means "passive" check
{
- struct timeval tv;
- gettimeofday(&tv, NULL);
- TIMEVAL_TO_TIMESPEC(&tv, &now);
+ struct stat sb;
+ bool objectExist = false;
+ bool directExist = false;
+
+ if (stat(objDbFile, &sb) == 0) {
+ /* Object DB exists */
+ if(!(sb.st_mode & S_IFREG)) {
+ MSDebug("deleting non-regular file %s", objDbFile);
+ if(purge && unlink(objDbFile)) {
+ MSDebug("unlink(%s) returned %d", objDbFile, errno);
+ CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ }
+ }
+ else {
+ objectExist = true;
+ }
+ }
+ if (stat(directDbFile, &sb) == 0) {
+ /* directory DB exists */
+ if(!(sb.st_mode & S_IFREG)) {
+ MSDebug("deleting non-regular file %s", directDbFile);
+ if(purge & unlink(directDbFile)) {
+ MSDebug("unlink(%s) returned %d", directDbFile, errno);
+ CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ }
+ }
+ directExist = true;
+ }
+ if(objectExist && directExist) {
+ /* both databases exist as regular files */
+ return true;
+ }
+ else if(!purge) {
+ return false;
+ }
+
+ /* at least one does not exist - ensure neither of them do */
+ if(objectExist) {
+ if(unlink(objDbFile)) {
+ MSDebug("unlink(%s) returned %d", objDbFile, errno);
+ CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ }
+ }
+ if(directExist) {
+ if(unlink(directDbFile)) {
+ MSDebug("unlink(%s) returned %d", directDbFile, errno);
+ CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ }
+ }
+ return false;
}
-//
-// Create an MDS session.
-//
+/*
+ * Determine if specified directory exists.
+ */
+static bool doesDirectExist(
+ const char *dirPath)
+{
+ struct stat sb;
+
+ if (stat(dirPath, &sb)) {
+ return false;
+ }
+ if(!(sb.st_mode & S_IFDIR)) {
+ return false;
+ }
+ return true;
+}
+/*
+ * Create specified directory if it doesn't already exist.
+ * Zero for mode means "use the default provided by 0755 modified by umask".
+ */
+static int createDir(
+ const char *dirPath,
+ mode_t dirMode = 0)
+{
+ if(doesDirectExist(dirPath)) {
+ return 0;
+ }
+ int rtn = mkdir(dirPath, 0755);
+ if(rtn) {
+ if(errno == EEXIST) {
+ /* this one's OK */
+ rtn = 0;
+ }
+ else {
+ rtn = errno;
+ MSDebug("mkdir(%s) returned %d", dirPath, errno);
+ }
+ }
+ if((rtn == 0) && (dirMode != 0)) {
+ rtn = chmod(dirPath, dirMode);
+ if(rtn) {
+ MSDebug("chmod(%s) returned %d", dirPath, errno);
+ }
+ }
+ return rtn;
+}
+
+/*
+ * Create an MDS session.
+ */
MDSSession::MDSSession (const Guid *inCallerGuid,
const CSSM_MEMORY_FUNCS &inMemoryFunctions) :
- DatabaseSession(MDSModule::get().databaseManager()),
- mCssmMemoryFunctions (inMemoryFunctions),
+ DatabaseSession(MDSModule::get().databaseManager()),
+ mCssmMemoryFunctions (inMemoryFunctions),
+ mModule(MDSModule::get()),
mLockFd(-1)
{
- fprintf(stderr, "MDSSession::MDSSession\n");
+ MSDebug("MDSSession::MDSSession");
+ #if START_FROM_SCRATCH
+ unlink(MDS_LOCK_FILE_PATH);
+ unlink(MDS_OBJECT_DB_PATH);
+ unlink(MDS_DIRECT_DB_PATH);
+ #endif
+
mCallerGuidPresent = inCallerGuid != nil;
if (mCallerGuidPresent)
mCallerGuid = *inCallerGuid;
-
- // make sure the MDS databases have been created, and the required
- // tables have been constructed
- initializeDatabases();
- // schedule a scan for plugin changes
- getCurrentTime(mLastScanTime);
+ /*
+ * Create DB files if necessary; make sure they are up-to-date
+ */
+ // no! done in either install or open! updateDataBases();
}
MDSSession::~MDSSession ()
{
- fprintf(stderr, "MDSSession::~MDSSession\n");
- releaseLock();
+ MSDebug("MDSSession::~MDSSession");
+ releaseLock(mLockFd);
}
void
MDSSession::terminate ()
{
- fprintf(stderr, "MDSSession::terminate\n");
-
+ MSDebug("MDSSession::terminate");
+ releaseLock(mLockFd);
closeAll();
}
-//
-// In this implementation, install() does nothing, since the databases
-// are implicitly created as needed by initialize().
-//
-
+/*
+ * Called by security server or AEWP-executed privileged tool.
+ */
void
MDSSession::install ()
{
- // this space intentionally left blank
+ if((getuid() != (uid_t)0) && SYSTEM_MDS_ROOT_ONLY) {
+ CssmError::throwMe(CSSMERR_DL_OS_ACCESS_DENIED);
+ }
+
+ int sysFdLock = -1;
+ try {
+ /* before we obtain the lock, ensure the the system MDS DB directory exists */
+ if(createDir(MDS_SYSTEM_DB_DIR, 01777)) {
+ MSDebug("Error creating system MDS dir; aborting.");
+ CssmError::throwMe(CSSMERR_DL_OS_ACCESS_DENIED);
+ }
+
+ if(!obtainLock(MDS_LOCK_FILE_PATH, sysFdLock, DB_LOCK_TIMEOUT)) {
+ CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ }
+ if(!systemDatabasesPresent(true)) {
+ bool created = createSystemDatabases();
+ if(created) {
+ /*
+ * Skip possible race condition in which this is called twice,
+ * both via SS by user procs who say "no system DBs present"
+ * in their updateDataBases() method.
+ *
+ * Do initial population of system DBs.
+ */
+ DbFilesInfo dbFiles(*this, MDS_SYSTEM_DB_DIR);
+ #if AUTO_COMMIT_OPT
+ dbFiles.autoCommit(CSSM_FALSE);
+ #endif
+ dbFiles.updateSystemDbInfo(MDS_SYSTEM_PATH, MDS_BUNDLE_PATH);
+ }
+ }
+ }
+ catch(...) {
+ if(sysFdLock != -1) {
+ releaseLock(sysFdLock);
+ }
+ throw;
+ }
+ releaseLock(sysFdLock);
}
//
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
-//
-// Obtain and free a list of names of current databases.
-//
-
-void
-MDSSession::GetDbNames(CSSM_NAME_LIST_PTR &outNameList)
+/*
+ * Common private open routine given a full specified path.
+ *
+ * FIXME: both of these dbOpen routines leak like crazy even though
+ * we know we close properly.
+ * Typical stack trace (from MallocDebug) of a leak is
+ *
+ * DatabaseSession::DbOpen(char const *, cssm_net_address const...)
+ * DatabaseManager::dbOpen(Security::DatabaseSession &, ...)
+ * Database::_dbOpen(Security::DatabaseSession &, unsigned long, ...)
+ * AppleDatabase::dbOpen(Security::DbContext &)
+ * DbModifier::openDatabase(void)
+ * DbModifier::getDbVersion(void)
+ * DbVersion::DbVersion(Security::AtomicFile &, ...)
+ * DbVersion::open(void)
+ * MetaRecord::unpackRecord(Security::ReadSection const &, ...)
+ * MetaRecord::unpackAttribute(Security::ReadSection const &, ...)
+ * MetaAttribute::unpackAttribute(Security::ReadSection const &, ..)
+ * TypedMetaAttribute<Security::StringValue>::unpackValue(...)
+ * TrackingAllocator::malloc(unsigned long)
+ */
+CSSM_DB_HANDLE MDSSession::dbOpen(
+ const char *dbName)
{
- outNameList = mDatabaseManager.getDbNames(*this);
+ MSDebug("Opening %s", dbName);
+ CSSM_DB_HANDLE dbHand;
+ DatabaseSession::DbOpen(dbName,
+ NULL, // DbLocation
+ CSSM_DB_ACCESS_READ,
+ NULL, // AccessCred - hopefully optional
+ NULL, // OpenParameters
+ dbHand);
+ return dbHand;
}
-void
-MDSSession::FreeNameList(CSSM_NAME_LIST &inNameList)
+
+/* DatabaseSession routines we need to override */
+void MDSSession::DbOpen(const char *DbName,
+ const CSSM_NET_ADDRESS *DbLocation,
+ CSSM_DB_ACCESS_TYPE AccessRequest,
+ const AccessCredentials *AccessCred,
+ const void *OpenParameters,
+ CSSM_DB_HANDLE &DbHandle)
{
- mDatabaseManager.freeNameList(*this, inNameList);
+ /* make sure DBs are up-to-date */
+ updateDataBases();
+
+ /*
+ * Only task here is map incoming DbName - specified in the CDSA
+ * spec - to a filename we actually use (which is a path to either
+ * a system MDS DB file or a per-user MDS DB file).
+ */
+ if(DbName == NULL) {
+ CssmError::throwMe(CSSMERR_DL_INVALID_DB_NAME);
+ }
+ const char *dbName;
+ if(!strcmp(DbName, MDS_OBJECT_DIRECTORY_NAME)) {
+ dbName = MDS_OBJECT_DB_NAME;
+ }
+ else if(!strcmp(DbName, MDS_CDSA_DIRECTORY_NAME)) {
+ dbName = MDS_DIRECT_DB_NAME;
+ }
+ else {
+ CssmError::throwMe(CSSMERR_DL_INVALID_DB_NAME);
+ }
+ char fullPath[MAXPATHLEN];
+ dbFullPath(dbName, fullPath);
+ DatabaseSession::DbOpen(fullPath, DbLocation, AccessRequest, AccessCred,
+ OpenParameters, DbHandle);
}
-//
-// Scan the plugin directory.
-//
-
-static bool intervalHasElapsed(const struct timespec &then, const struct timespec &now,
- int intervalSeconds)
+void
+MDSSession::GetDbNames(CSSM_NAME_LIST_PTR &outNameList)
{
- return (now.tv_sec - then.tv_sec > intervalSeconds) ||
- ((now.tv_sec - then.tv_sec == intervalSeconds) && (now.tv_nsec >= then.tv_nsec));
+ outNameList = new CSSM_NAME_LIST[1];
+ outNameList->NumStrings = 2;
+ outNameList->String = new (char *)[2];
+ outNameList->String[0] = MDSCopyCstring(MDS_OBJECT_DIRECTORY_NAME);
+ outNameList->String[1] = MDSCopyCstring(MDS_CDSA_DIRECTORY_NAME);
}
-static bool operator <=(const struct timespec &a, const struct timespec &b)
+void
+MDSSession::FreeNameList(CSSM_NAME_LIST &inNameList)
{
- return (a.tv_sec < b.tv_sec) || ((a.tv_sec == b.tv_sec) && (a.tv_nsec <= b.tv_nsec));
+ delete [] inNameList.String[0];
+ delete [] inNameList.String[1];
+ delete [] inNameList.String;
}
-class PluginInfo
+void MDSSession::GetDbNameFromHandle(CSSM_DB_HANDLE DBHandle,
+ char **DbName)
{
-public:
- PluginInfo(const char *pluginName, const struct timespec &modTime) : mModTime(modTime) {
- mPluginName = new char[strlen(pluginName) + 1];
- strcpy(mPluginName, pluginName);
- }
-
- ~PluginInfo() { delete [] mPluginName; }
-
- const char *name() { return mPluginName; }
- const struct timespec &modTime() { return mModTime; }
-
-private:
- char *mPluginName;
- struct timespec mModTime;
-};
+ printf("GetDbNameFromHandle: code on demand\n");
+ CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+}
//
// Attempt to obtain an exclusive lock over the the MDS databases. The
// trying to obtain the lock. A value of zero means to return failure
// right away if the lock cannot be obtained.
//
-
bool
-MDSSession::obtainLock(int timeout /* = 0 */)
+MDSSession::obtainLock(
+ const char *lockFile, // e.g. MDS_LOCK_FILE_PATH
+ int &fd, // IN/OUT
+ int timeout) // default 0
{
+ #if SKIP_FILE_LOCKING
+ return true;
+ #else
+
static const int kRetryDelay = 250; // ms
- if (mLockFd >= 0)
- // this session already holds the lock
- return true;
-
- mLockFd = open(kLockFilename, O_CREAT | O_EXCL, 0544);
- while (mLockFd == -1 && timeout >= kRetryDelay) {
+ fd = open(MDS_LOCK_FILE_PATH, O_CREAT | O_EXCL, 0544);
+ while (fd == -1 && timeout >= kRetryDelay) {
timeout -= kRetryDelay;
usleep(1000 * kRetryDelay);
- mLockFd = open(kLockFilename, O_CREAT | O_EXCL, 0544);
+ mLockFd = open(MDS_LOCK_FILE_PATH, O_CREAT | O_EXCL, 0544);
}
- return (mLockFd != -1);
+ return (fd != -1);
+ #endif /* SKIP_FILE_LOCKING */
}
//
//
void
-MDSSession::releaseLock()
+MDSSession::releaseLock(int &fd)
{
- if (mLockFd != -1) {
- close(mLockFd);
- unlink(kLockFilename);
- mLockFd = -1;
+ #if !SKIP_FILE_LOCKING
+ if (fd != -1) {
+ close(fd);
+ unlink(MDS_LOCK_FILE_PATH);
+ fd = -1;
}
+ #endif
}
-//
-// If necessary, create the two MDS databases and construct the required
-// tables in each database.
-//
+/* given DB file name, fill in fully specified path */
+void MDSSession::dbFullPath(
+ const char *dbName,
+ char fullPath[MAXPATHLEN+1])
+{
+ mModule.getDbPath(fullPath);
+ assert(fullPath[0] != '\0');
+ strcat(fullPath, "/");
+ strcat(fullPath, dbName);
+}
-void
-MDSSession::initializeDatabases()
+/*
+ * See if any per-user bundles exist in specified directory. Returns true if so.
+ * First the check for one entry....
+ */
+static bool isBundle(
+ const struct dirent *dp)
+{
+ if(dp == NULL) {
+ return false;
+ }
+ /* NFS directories show up as DT_UNKNOWN */
+ switch(dp->d_type) {
+ case DT_UNKNOWN:
+ case DT_DIR:
+ break;
+ default:
+ return false;
+ }
+ int suffixLen = strlen(MDS_BUNDLE_EXTEN);
+ int len = strlen(dp->d_name);
+
+ return (len >= suffixLen) &&
+ !strcmp(dp->d_name + len - suffixLen, MDS_BUNDLE_EXTEN);
+}
+
+/* now the full directory search */
+static bool checkUserBundles(
+ const char *bundlePath)
{
- printf("MDSSession::initializeDatabases\n");
+ MSDebug("searching for user bundles in %s", bundlePath);
+ DIR *dir = opendir(bundlePath);
+ if (dir == NULL) {
+ return false;
+ }
+ struct dirent *dp;
+ bool rtn = false;
+ while ((dp = readdir(dir)) != NULL) {
+ if(isBundle(dp)) {
+ /* any other checking to do? */
+ rtn = true;
+ break;
+ }
+ }
+ closedir(dir);
+ MSDebug("...%s bundle(s) found", rtn ? "" : "No");
+ return rtn;
+}
+
+#define COPY_BUF_SIZE 1024
+
+/* Single file copy with locking */
+static void safeCopyFile(
+ const char *fromPath,
+ const char *toPath)
+{
+ /* open source for reading */
+ int srcFd = open(fromPath, O_RDONLY, 0);
+ if(srcFd < 0) {
+ /* FIXME - what error would we see if the file is locked for writing
+ * by someone else? We definitely have to handle that. */
+ int error = errno;
+ MSDebug("Error %d opening system DB file %s\n", error, fromPath);
+ UnixError::throwMe(error);
+ }
- static int kLockTimeout = 2000; // ms
+ /* acquire the same kind of lock AtomicFile uses */
+ struct flock fl;
+ fl.l_start = 0;
+ fl.l_len = 1;
+ fl.l_pid = getpid();
+ fl.l_type = F_RDLCK; // AtomicFile gets F_WRLCK
+ fl.l_whence = SEEK_SET;
+
+ // Keep trying to obtain the lock if we get interupted.
+ for (;;) {
+ if (::fcntl(srcFd, F_SETLKW, reinterpret_cast<int>(&fl)) == -1) {
+ int error = errno;
+ if (error == EINTR) {
+ continue;
+ }
+ MSDebug("Error %d locking system DB file %s\n", error, fromPath);
+ UnixError::throwMe(error);
+ }
+ else {
+ break;
+ }
+ }
+
+ /* create destination */
+ int destFd = open(toPath, O_WRONLY | O_APPEND | O_CREAT | O_TRUNC | O_EXCL, 0644);
+ if(destFd < 0) {
+ int error = errno;
+ MSDebug("Error %d opening user DB file %s\n", error, toPath);
+ UnixError::throwMe(error);
+ }
- // obtain an exclusive lock. in this case we really want the lock, so
- // if it's not immediately available we wait around for a bit
+ /* copy */
+ char buf[COPY_BUF_SIZE];
+ while(1) {
+ int bytesRead = read(srcFd, buf, COPY_BUF_SIZE);
+ if(bytesRead == 0) {
+ break;
+ }
+ if(bytesRead < 0) {
+ int error = errno;
+ MSDebug("Error %d reading system DB file %s\n", error, fromPath);
+ UnixError::throwMe(error);
+ }
+ int bytesWritten = write(destFd, buf, bytesRead);
+ if(bytesWritten < 0) {
+ int error = errno;
+ MSDebug("Error %d writing user DB file %s\n", error, toPath);
+ UnixError::throwMe(error);
+ }
+ }
- if (!obtainLock(kLockTimeout))
- // something is wrong; either a stale lock file is lying around or
- // some other process is stuck updating the databases
- CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ /* unlock source and close both */
+ fl.l_type = F_UNLCK;
+ if (::fcntl(srcFd, F_SETLK, reinterpret_cast<int>(&fl)) == -1) {
+ MSDebug("Error %d unlocking system DB file %s\n", errno, fromPath);
+ }
+ close(srcFd);
+ close(destFd);
+}
+
+/* Copy system DB files to specified user dir. */
+static void copySystemDbs(
+ const char *userDbFileDir)
+{
+ char toPath[MAXPATHLEN+1];
- try {
- // check for the existence of the MDS database file; if it exists,
- // assume that the databases have already been properly created
+ sprintf(toPath, "%s/%s", userDbFileDir, MDS_OBJECT_DB_NAME);
+ safeCopyFile(MDS_OBJECT_DB_PATH, toPath);
+ sprintf(toPath, "%s/%s", userDbFileDir, MDS_DIRECT_DB_NAME);
+ safeCopyFile(MDS_DIRECT_DB_PATH, toPath);
+}
+
+/*
+ * Ensure current DB files exist and are up-to-date.
+ * Called from MDSSession constructor and from DataGetFirst, DbOpen, and any
+ * other public functions which access a DB from scratch.
+ */
+void MDSSession::updateDataBases()
+{
+ bool isRoot = (getuid() == (uid_t)0);
+ bool createdSystemDb = false;
- // look for added/removed/changed plugins
+ /*
+ * The first thing we do is to ensure that system DBs are present.
+ * This call right here is the reason for the purge argument in
+ * systemDatabasesPresent(); if we're a user proc, we can't grab the system
+ * MDS lock.
+ */
+ if(!systemDatabasesPresent(false)) {
+ if(isRoot || SYSTEM_DBS_VIA_USER) {
+ /* Either doing actual MDS op as root, or development case:
+ * install as current user */
+ install();
+ }
+ else {
+ /* This path TBD; it involves either a SecurityServer RPC or
+ * a privileged tool exec'd via AEWP. */
+ assert(0);
+ }
+ /* remember this - we have to delete possible existing user DBs */
+ createdSystemDb = true;
+ }
- scanPluginDirectory();
+ /* if we scanned recently, we're done */
+ double delta = mModule.timeSinceLastScan();
+ if(delta < (double)MDS_SCAN_INTERVAL) {
+ return;
}
- catch (...) {
- releaseLock();
+
+ /*
+ * Obtain various per-user paths. Root is a special case but follows most
+ * of the same logic from here on.
+ */
+ char userDbFileDir[MAXPATHLEN+1];
+ char userObjDbFilePath[MAXPATHLEN+1];
+ char userDirectDbFilePath[MAXPATHLEN+1];
+ char userBundlePath[MAXPATHLEN+1];
+ char userDbLockPath[MAXPATHLEN+1];
+
+ if(isRoot) {
+ strcat(userDbFileDir, MDS_SYSTEM_DB_DIR);
+ /* no userBundlePath */
+ }
+ else {
+ char *userHome = getenv("HOME");
+ if(userHome == NULL) {
+ /* FIXME - what now, batman? */
+ MSDebug("updateDataBases: no HOME");
+ userHome = "/";
+ }
+ sprintf(userBundlePath, "%s/%s", userHome, MDS_USER_BUNDLE);
+
+ /* DBs go in a per-UID directory in the system MDS DB directory */
+ sprintf(userDbFileDir, "%s/%d", MDS_SYSTEM_DB_DIR, (int)(getuid()));
+ }
+ sprintf(userObjDbFilePath, "%s/%s", userDbFileDir, MDS_OBJECT_DB_NAME);
+ sprintf(userDirectDbFilePath, "%s/%s", userDbFileDir, MDS_DIRECT_DB_NAME);
+ sprintf(userDbLockPath, "%s/%s", userDbFileDir, MDS_LOCK_FILE_NAME);
+
+ /*
+ * Create the per-user directory first...that's where the lock we'll be using
+ * lives. Our createDir() is tolerant of EEXIST errors.
+ */
+ if(!isRoot) {
+ if(createDir(userDbFileDir)) {
+ /* We'll just have to limp along using the read-only system DBs */
+ Syslog::alert("Error creating %s", userDbFileDir);
+ MSDebug("Error creating user DBs; using system DBs");
+ mModule.setDbPath(MDS_SYSTEM_DB_DIR);
+ return;
+ }
+ }
+
+ /* always release mLockFd no matter what happens */
+ if(!obtainLock(userDbLockPath, mLockFd, DB_LOCK_TIMEOUT)) {
+ CssmError::throwMe(CSSM_ERRCODE_MDS_ERROR);
+ }
+ try {
+ if(!isRoot) {
+ if(createdSystemDb) {
+ /* initial creation of system DBs by user - start from scratch */
+ unlink(userObjDbFilePath);
+ unlink(userDirectDbFilePath);
+ }
+
+ /*
+ * System DBs exist and are as up-to-date as we are allowed to make them.
+ * Create per-user DBs if they don't exist.
+ */
+ if(createdSystemDb || //Êoptimization - if this is true, the
+ // per-user DBs do not exist since we just
+ // deleted them
+ !doFilesExist(userObjDbFilePath, userDirectDbFilePath,
+ true)) {
+
+ /* copy system DBs to user DBs */
+ MSDebug("copying system DBs to user at %s", userDbFileDir);
+ copySystemDbs(userDbFileDir);
+ }
+ else {
+ MSDebug("Using existing user DBs at %s", userDbFileDir);
+ }
+ }
+ else {
+ MSDebug("Using system DBs only");
+ }
+
+ /*
+ * Update per-user DBs from all three sources (System.framework,
+ * System bundles, user bundles) as appropriate. Note that if we
+ * just created the system DBs, we don't have to update with
+ * respect to system framework or system bundles.
+ */
+ DbFilesInfo dbFiles(*this, userDbFileDir);
+ if(!createdSystemDb) {
+ dbFiles.removeOutdatedPlugins();
+ dbFiles.updateSystemDbInfo(MDS_SYSTEM_PATH, MDS_BUNDLE_PATH);
+ }
+ if(!isRoot) {
+ /* root doesn't have user bundles */
+ if(checkUserBundles(userBundlePath)) {
+ dbFiles.updateForBundleDir(userBundlePath);
+ }
+ }
+ mModule.setDbPath(userDbFileDir);
+ } /* main block protected by mLockFd */
+ catch(...) {
+ releaseLock(mLockFd);
throw;
}
+ mModule.lastScanIsNow();
+ releaseLock(mLockFd);
+}
- // release the exclusive lock
+/*
+ * Remove all records with specified guid (a.k.a. ModuleID) from specified DB.
+ */
+void MDSSession::removeRecordsForGuid(
+ const char *guid,
+ CSSM_DB_HANDLE dbHand)
+{
+ CSSM_QUERY query;
+ CSSM_DB_UNIQUE_RECORD_PTR record = NULL;
+ CSSM_HANDLE resultHand;
+ CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs;
+ CSSM_SELECTION_PREDICATE predicate;
+ CSSM_DATA predData;
- releaseLock();
+ /* don't want any attributes back, just a record ptr */
+ recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_ANY;
+ recordAttrs.SemanticInformation = 0;
+ recordAttrs.NumberOfAttributes = 0;
+ recordAttrs.AttributeData = NULL;
+
+ /* one predicate, == guid */
+ predicate.DbOperator = CSSM_DB_EQUAL;
+ predicate.Attribute.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ predicate.Attribute.Info.Label.AttributeName = "ModuleID";
+ predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING;
+ predData.Data = (uint8 *)guid;
+ predData.Length = strlen(guid) + 1;
+ predicate.Attribute.Value = &predData;
+ predicate.Attribute.NumberOfValues = 1;
+
+ query.RecordType = CSSM_DL_DB_RECORD_ANY;
+ query.Conjunctive = CSSM_DB_NONE;
+ query.NumSelectionPredicates = 1;
+ query.SelectionPredicate = &predicate;
+ query.QueryLimits.TimeLimit = 0; // FIXME - meaningful?
+ query.QueryLimits.SizeLimit = 1; // FIXME - meaningful?
+ query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used?
+
+ /*
+ * Each search starts from scratch - not sure if we can delete a record
+ * associated with an active query and continue on with that query.
+ */
+ try {
+ for(;;) {
+ DLQuery perryQuery(query);
+ resultHand = DataGetFirst(dbHand,
+ &perryQuery,
+ &recordAttrs,
+ NULL, // No data
+ record);
+ if(resultHand) {
+ try {
+ MSDebug("...deleting a record for guid %s", guid);
+ DataDelete(dbHand, *record);
+ DataAbortQuery(dbHand, resultHand);
+ }
+ catch(...) {
+ MSDebug("exception (1) while deleting record for guid %s", guid);
+ /* proceed.... */
+ }
+ }
+ else if(record) {
+ FreeUniqueRecord(dbHand, *record);
+ break;
+ }
+ } /* main loop */
+ }
+ catch (...) {
+ MSDebug("exception (2) while deleting record for guid %s", guid);
+ }
}
-//
-// Update the databases due to added/removed/changed plugins. This obtains
-// an exclusive lock over the databases, if possible, and then scans the
-// module path. If the lock cannot be obtained, it does nothing. The intent
-// is that this will be called periodically, so a failure at any given time
-// is not a big deal and may simply imply that another process is already
-// updating the MDS databases.
-//
+/*
+ * Determine if system databases are present.
+ * If the purge argument is true, we'll ensure that either both or neither
+ * DB files exist on exit; in that case caller need to hold MDS_LOCK_FILE_PATH.
+ */
+bool MDSSession::systemDatabasesPresent(bool purge)
+{
+ bool rtn = false;
+
+ try {
+ /* this can throw on a failed attempt to delete sole existing file */
+ if(doFilesExist(MDS_OBJECT_DB_PATH, MDS_DIRECT_DB_PATH, purge)) {
+ rtn = true;
+ }
+ }
+ catch(...) {
+
+ }
+ return rtn;
+}
+/*
+ * Given a DB name (which is used as an absolute path) and an array of
+ * RelationInfos, create a DB.
+ */
void
-MDSSession::updateDatabases()
+MDSSession::createSystemDatabase(
+ const char *dbName,
+ const RelationInfo *relationInfo,
+ unsigned numRelations,
+ CSSM_DB_HANDLE &dbHand) // RETURNED
{
- // get the current time in the appropriate format
+ CSSM_DBINFO dbInfo;
+ CSSM_DBINFO_PTR dbInfoP = &dbInfo;
- struct timespec now;
- getCurrentTime(now);
+ memset(dbInfoP, 0, sizeof(CSSM_DBINFO));
+ dbInfoP->NumberOfRecordTypes = numRelations;
+ dbInfoP->IsLocal = CSSM_TRUE; // TBD - what does this mean?
+ dbInfoP->AccessPath = NULL; // TBD
- if (!intervalHasElapsed(mLastScanTime, now, kScanInterval))
- // its not yet time to rescan
- return;
-
- // regardless of what happens, we don't want to scan again for a while, so reset
- // the last scan time before proceeding
+ /* alloc numRelations elements for parsingModule, recordAttr, and recordIndex
+ * info arrays */
+ unsigned size = sizeof(CSSM_DB_PARSING_MODULE_INFO) * numRelations;
+ dbInfoP->DefaultParsingModules = (CSSM_DB_PARSING_MODULE_INFO_PTR)malloc(size);
+ memset(dbInfoP->DefaultParsingModules, 0, size);
+ size = sizeof(CSSM_DB_RECORD_ATTRIBUTE_INFO) * numRelations;
+ dbInfoP->RecordAttributeNames = (CSSM_DB_RECORD_ATTRIBUTE_INFO_PTR)malloc(size);
+ memset(dbInfoP->RecordAttributeNames, 0, size);
+ size = sizeof(CSSM_DB_RECORD_INDEX_INFO) * numRelations;
+ dbInfoP->RecordIndexes = (CSSM_DB_RECORD_INDEX_INFO_PTR)malloc(size);
+ memset(dbInfoP->RecordIndexes, 0, size);
- mLastScanTime = now;
+ /* cook up attribute and index info for each relation */
+ unsigned relation;
+ for(relation=0; relation<numRelations; relation++) {
+ const struct RelationInfo *relp = &relationInfo[relation]; // source
+ CSSM_DB_RECORD_ATTRIBUTE_INFO_PTR attrInfo =
+ &dbInfoP->RecordAttributeNames[relation]; // dest 1
+ CSSM_DB_RECORD_INDEX_INFO_PTR indexInfo =
+ &dbInfoP->RecordIndexes[relation]; // dest 2
+
+ attrInfo->DataRecordType = relp->DataRecordType;
+ attrInfo->NumberOfAttributes = relp->NumberOfAttributes;
+ attrInfo->AttributeInfo = (CSSM_DB_ATTRIBUTE_INFO_PTR)relp->AttributeInfo;
+
+ indexInfo->DataRecordType = relp->DataRecordType;
+ indexInfo->NumberOfIndexes = relp->NumberOfIndexes;
+ indexInfo->IndexInfo = (CSSM_DB_INDEX_INFO_PTR)relp->IndexInfo;
+ }
- // obtain a lock to avoid having multiple processes scanning for changed plugins;
- // if the lock cannot be obtained immediately, just return and do nothing
+ try {
+ DbCreate(dbName,
+ NULL, // DbLocation
+ *dbInfoP,
+ CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE,
+ NULL, // CredAndAclEntry
+ NULL, // OpenParameters
+ dbHand);
+ }
+ catch(...) {
+ MSDebug("Error on DbCreate");
+ free(dbInfoP->DefaultParsingModules);
+ free(dbInfoP->RecordAttributeNames);
+ free(dbInfoP->RecordIndexes);
+ throw;
+ }
+ free(dbInfoP->DefaultParsingModules);
+ free(dbInfoP->RecordAttributeNames);
+ free(dbInfoP->RecordIndexes);
- if (!obtainLock())
- return;
+}
- // we want to make sure that the lock gets released at all costs, hence
- // this try block:
+/*
+ * Create system databases from scratch if they do not already exist.
+ * MDS_LOCK_FILE_PATH held on entry and exit. MDS_SYSTEM_DB_DIR assumed to
+ * exist (that's our caller's job, before acquiring MDS_LOCK_FILE_PATH).
+ * Returns true if we actually built the files, false if they already
+ * existed.
+ */
+bool MDSSession::createSystemDatabases()
+{
+ CSSM_DB_HANDLE objectDbHand = 0;
+ CSSM_DB_HANDLE directoryDbHand = 0;
+ assert((getuid() == (uid_t)0) || !SYSTEM_MDS_ROOT_ONLY);
+ if(systemDatabasesPresent(true)) {
+ /* both databases exist as regular files - we're done */
+ MSDebug("system DBs already exist");
+ return false;
+ }
+
+ /* create two DBs - any exception here results in deleting both of them */
+ MSDebug("Creating MDS DBs");
try {
- scanPluginDirectory();
+ createSystemDatabase(MDS_OBJECT_DB_PATH, &kObjectRelation, 1, objectDbHand);
+ DbClose(objectDbHand);
+ objectDbHand = 0;
+ createSystemDatabase(MDS_DIRECT_DB_PATH, kMDSRelationInfo, kNumMdsRelations,
+ directoryDbHand);
+ DbClose(directoryDbHand);
+ directoryDbHand = 0;
}
catch (...) {
- releaseLock();
+ MSDebug("Error creating MDS DBs - deleting both DB files");
+ unlink(MDS_OBJECT_DB_PATH);
+ unlink(MDS_DIRECT_DB_PATH);
throw;
}
+ return true;
+}
+
+/*
+ * DbFilesInfo helper class
+ */
+
+/* Note both DB files MUST exist at construction time */
+MDSSession::DbFilesInfo::DbFilesInfo(
+ MDSSession &session,
+ const char *dbPath) :
+ mSession(session),
+ mObjDbHand(0),
+ mDirectDbHand(0),
+ mLaterTimestamp(0)
+{
+ assert(strlen(dbPath) < MAXPATHLEN);
+ strcpy(mDbPath, dbPath);
- releaseLock();
+ /* stat the two DB files, snag the later timestamp */
+ char path[MAXPATHLEN];
+ sprintf(path, "%s/%s", mDbPath, MDS_OBJECT_DB_NAME);
+ struct stat sb;
+ int rtn = ::stat(path, &sb);
+ if(rtn) {
+ int error = errno;
+ MSDebug("Error %d statting DB file %s", error, path);
+ UnixError::throwMe(error);
+ }
+ mLaterTimestamp = sb.st_mtimespec.tv_sec;
+ sprintf(path, "%s/%s", mDbPath, MDS_DIRECT_DB_NAME);
+ rtn = ::stat(path, &sb);
+ if(rtn) {
+ int error = errno;
+ MSDebug("Error %d statting DB file %s", error, path);
+ UnixError::throwMe(error);
+ }
+ if(sb.st_mtimespec.tv_sec > mLaterTimestamp) {
+ mLaterTimestamp = sb.st_mtimespec.tv_sec;
+ }
}
-//
-// Determine if a filesystem object is a bundle that should be considered
-// as a potential CDSA module by MDS.
-//
+#define AUTO_COMMIT_OFF_ON_CLOSE 1
+
+MDSSession::DbFilesInfo::~DbFilesInfo()
+{
+ if(mObjDbHand != 0) {
+ #if AUTO_COMMIT_OPT && AUTO_COMMIT_OFF_ON_CLOSE
+ mSession.PassThrough(mObjDbHand,
+ CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
+ reinterpret_cast<void *>(CSSM_TRUE),
+ NULL);
+ #endif
+ mSession.DbClose(mObjDbHand);
+ mObjDbHand = 0;
+ }
+ if(mDirectDbHand != 0) {
+ #if AUTO_COMMIT_OPT && AUTO_COMMIT_OFF_ON_CLOSE
+ mSession.PassThrough(mDirectDbHand,
+ CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
+ reinterpret_cast<void *>(CSSM_TRUE),
+ NULL);
+ #endif
+ mSession.DbClose(mDirectDbHand);
+ mDirectDbHand = 0;
+ }
+}
-static bool
-isBundle(const char *path)
+/* lazy evaluation of both DB handlesÊ*/
+CSSM_DB_HANDLE MDSSession::DbFilesInfo::objDbHand()
{
- static const char *bundleSuffix = ".bundle";
+ if(mObjDbHand != 0) {
+ return mObjDbHand;
+ }
+ char fullPath[MAXPATHLEN + 1];
+ sprintf(fullPath, "%s/%s", mDbPath, MDS_OBJECT_DB_NAME);
+ mObjDbHand = mSession.dbOpen(fullPath);
+ return mObjDbHand;
+}
+
+CSSM_DB_HANDLE MDSSession::DbFilesInfo::directDbHand()
+{
+ if(mDirectDbHand != 0) {
+ return mDirectDbHand;
+ }
+ char fullPath[MAXPATHLEN + 1];
+ sprintf(fullPath, "%s/%s", mDbPath, MDS_DIRECT_DB_NAME);
+ mDirectDbHand = mSession.dbOpen(fullPath);
+ return mDirectDbHand;
+}
- int suffixLen = strlen(bundleSuffix);
- int len = strlen(path);
+/*
+ * Update the info for System.framework and the system bundles.
+ */
+void MDSSession::DbFilesInfo::updateSystemDbInfo(
+ const char *systemPath, // e.g., /System/Library/Frameworks
+ const char *bundlePath) // e.g., /System/Library/Security
+{
+ /* System.framework - CSSM and built-in modules */
+ char fullPath[MAXPATHLEN];
+ sprintf(fullPath, "%s/%s", systemPath, MDS_SYSTEM_FRAME);
+ updateForBundle(fullPath);
- return (len >= suffixLen) && !strcmp(path + len - suffixLen, bundleSuffix);
+ /* Standard loadable bundles */
+ updateForBundleDir(bundlePath);
}
-//
-// Scan the module directory looking for added/removed/changed plugins, and
-// update the MDS databases accordingly. This assumes that an exclusive lock
-// has already been obtained, and that the databases and the required tables
-// already exist.
-//
-void
-MDSSession::scanPluginDirectory()
+MDSSession::DbFilesInfo::TbdRecord::TbdRecord(
+ const CSSM_DATA &guid)
{
- printf("MDSSession::scanPluginDirectory\n");
+ assert(guid.Length <= MAX_GUID_LEN);
+ assert(guid.Length != 0);
+ memmove(mGuid, guid.Data, guid.Length);
+ if(mGuid[guid.Length - 1] != '\0') {
+ mGuid[guid.Length] = '\0';
+ }
+}
- // check the modification time on the plugin directory: if it has not changed
- // since the last scan, we're done
-
+/*
+ * Test if plugin specified by pluginPath needs to be deleted from DBs.
+ * If so, add to tbdVector.
+ */
+void MDSSession::DbFilesInfo::checkOutdatedPlugin(
+ const CSSM_DATA &pathValue,
+ const CSSM_DATA &guidValue,
+ TbdVector &tbdVector)
+{
+ /* stat the specified plugin */
struct stat sb;
- if (stat(kPluginPath, &sb)) {
- // can't stat the plugin directory...
- Syslog::warning("MDS: cannot stat plugin directory \"%s\"", kPluginPath);
- return;
+ bool obsolete = false;
+ int rtn = ::stat((char *)pathValue.Data, &sb);
+ if(rtn) {
+ /* not there or inaccessible; delete */
+ obsolete = true;
+ }
+ else if(sb.st_mtimespec.tv_sec > mLaterTimestamp) {
+ /* timestamp of plugin's main directory later than that of DBs */
+ obsolete = true;
+ }
+ if(obsolete) {
+ TbdRecord *tbdRecord = new TbdRecord(guidValue);
+ tbdVector.push_back(tbdRecord);
+ MSDebug("checkOutdatedPlugin: flagging %s obsolete", pathValue.Data);
}
+}
- if (sb.st_mtimespec <= mLastScanTime)
- // no changes, we're done until its time for the next scan
- return;
+/*
+ * Examine dbFiles.objDbHand; remove all fields associated with any bundle
+ * i.e., with any path) which are either not present on disk, or which
+ * have changed since dbFiles.laterTimestamp().
+ */
+void MDSSession::DbFilesInfo::removeOutdatedPlugins()
+{
+ CSSM_QUERY query;
+ CSSM_DB_UNIQUE_RECORD_PTR record = NULL;
+ CSSM_HANDLE resultHand;
+ CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs;
+ CSSM_DB_ATTRIBUTE_DATA theAttrs[2];
+ CSSM_DB_ATTRIBUTE_INFO_PTR attrInfo;
+ TbdVector tbdRecords;
- // attempt to open the plugin directory
+ /*
+ * First, scan object directory. All we need are the path and GUID attributes.
+ */
+ recordAttrs.DataRecordType = MDS_OBJECT_RECORDTYPE;
+ recordAttrs.SemanticInformation = 0;
+ recordAttrs.NumberOfAttributes = 2;
+ recordAttrs.AttributeData = theAttrs;
- DIR *dir = opendir(kPluginPath);
- if (dir == NULL) {
- // no plugin directory, hence no modules. clear the MDS directory
- // and log a warning
- Syslog::warning("MDS: cannot open plugin directory \"%s\"", kPluginPath);
+ attrInfo = &theAttrs[0].Info;
+ attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ attrInfo->Label.AttributeName = "ModuleID";
+ attrInfo->AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING;
+ theAttrs[0].NumberOfValues = 0;
+ theAttrs[0].Value = NULL;
+ attrInfo = &theAttrs[1].Info;
+ attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ attrInfo->Label.AttributeName = "Path";
+ attrInfo->AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING;
+ theAttrs[1].NumberOfValues = 0;
+ theAttrs[1].Value = NULL;
+
+ /* just search by recordType, no predicates */
+ query.RecordType = MDS_OBJECT_RECORDTYPE;
+ query.Conjunctive = CSSM_DB_NONE;
+ query.NumSelectionPredicates = 0;
+ query.SelectionPredicate = NULL;
+ query.QueryLimits.TimeLimit = 0; // FIXME - meaningful?
+ query.QueryLimits.SizeLimit = 1; // FIXME - meaningful?
+ query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used?
+
+ DLQuery perryQuery(query);
+ try {
+ resultHand = mSession.DataGetFirst(objDbHand(),
+ &perryQuery,
+ &recordAttrs,
+ NULL, // No data
+ record);
+ }
+ catch(...) {
+ MSDebug("removeOutdatedPlugins: DataGetFirst threw");
+ return; // ???
+ }
+ if(record) {
+ mSession.FreeUniqueRecord(mObjDbHand, *record);
+ }
+ if(resultHand) {
+ if(theAttrs[0].NumberOfValues && theAttrs[1].NumberOfValues) {
+ checkOutdatedPlugin(*theAttrs[1].Value, *theAttrs[0].Value,
+ tbdRecords);
+ }
+ else {
+ MSDebug("removeOutdatedPlugins: incomplete record found (1)!");
+ }
+ for(unsigned dex=0; dex<2; dex++) {
+ if(theAttrs[dex].Value) {
+ if(theAttrs[dex].Value->Data) {
+ mSession.free(theAttrs[dex].Value->Data);
+ }
+ mSession.free(theAttrs[dex].Value);
+ }
+ }
+ }
+ else {
+ /* empty Object DB - we're done */
+ MSDebug("removeOutdatedPlugins: empty object DB");
return;
}
- // build a list of the plugins are are currently in the directory, along with
- // their modification times
+ /* now the rest of the object DB records */
+ for(;;) {
+ bool brtn = mSession.DataGetNext(objDbHand(),
+ resultHand,
+ &recordAttrs,
+ NULL,
+ record);
+ if(!brtn) {
+ /* end of data */
+ break;
+ }
+ if(record) {
+ mSession.FreeUniqueRecord(mObjDbHand, *record);
+ }
+ if(theAttrs[0].NumberOfValues && theAttrs[1].NumberOfValues) {
+ checkOutdatedPlugin(*theAttrs[1].Value,
+ *theAttrs[0].Value,
+ tbdRecords);
+ }
+ else {
+ MSDebug("removeOutdatedPlugins: incomplete record found (2)!");
+ }
+ for(unsigned dex=0; dex<2; dex++) {
+ if(theAttrs[dex].Value) {
+ if(theAttrs[dex].Value->Data) {
+ mSession.free(theAttrs[dex].Value->Data);
+ }
+ mSession.free(theAttrs[dex].Value);
+ }
+ }
+ }
+ /* no DataAbortQuery needed; we scanned until completion */
+ /*
+ * We have a vector of plugins to be deleted. Remove all records from both
+ * DBs associated with the plugins, as specified by guid.
+ */
+ unsigned numRecords = tbdRecords.size();
+ for(unsigned i=0; i<numRecords; i++) {
+ TbdRecord *tbdRecord = tbdRecords[i];
+ mSession.removeRecordsForGuid(tbdRecord->guid(), objDbHand());
+ mSession.removeRecordsForGuid(tbdRecord->guid(), directDbHand());
+ }
+ for(unsigned i=0; i<numRecords; i++) {
+ delete tbdRecords[i];
+ }
+}
+
+
+/*
+ * Update DBs for all bundles in specified directory.
+ */
+void MDSSession::DbFilesInfo::updateForBundleDir(
+ const char *bundleDirPath)
+{
+ /* do this with readdir(); CFBundleCreateBundlesFromDirectory is
+ * much too heavyweight */
+ MSDebug("...updating DBs for dir %s", bundleDirPath);
+ DIR *dir = opendir(bundleDirPath);
+ if (dir == NULL) {
+ MSDebug("updateForBundleDir: error %d opening %s", errno, bundleDirPath);
+ return;
+ }
struct dirent *dp;
- PluginInfoList pluginList;
-
- char tempPath[PATH_MAX];
-
+ char fullPath[MAXPATHLEN];
while ((dp = readdir(dir)) != NULL) {
-
- // stat the file to get its modification time
-
- strncpy(tempPath, kPluginPath, PATH_MAX);
- strncat(tempPath, dp->d_name, PATH_MAX - strlen(kPluginPath));
-
- struct stat sb;
- if (stat(tempPath, &sb) == 0) {
- // do some checking to determine that this path refers to an
- // actual bundle that is likely to be a module
- if (isBundle(tempPath))
- pluginList.push_back(new PluginInfo(tempPath, sb.st_mtimespec));
+ if(isBundle(dp)) {
+ sprintf(fullPath, "%s/%s", bundleDirPath, dp->d_name);
+ updateForBundle(fullPath);
}
}
-
closedir(dir);
-
- // step 1: for any plugin in the common relation which is no longer present,
- // or which is present but which has been modified since the last scan, remove
- // all its records from the MDS database
-
- removeOutdatedPlugins(pluginList);
-
- // step 2: for any plugin present but not in the common relation (note it may
- // have been removed in step 1 because it was out-of-date), insert its records
- // into the MDS database
+}
- insertNewPlugins(pluginList);
+/*
+ * lookup by path - just returns true if there is a record assoociated with the path
+ * in mObjDbHand.
+ */
+bool MDSSession::DbFilesInfo::lookupForPath(
+ const char *path)
+{
+ CSSM_QUERY query;
+ CSSM_DB_UNIQUE_RECORD_PTR record = NULL;
+ CSSM_HANDLE resultHand = 0;
+ CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs;
+ CSSM_DB_ATTRIBUTE_DATA theAttr;
+ CSSM_DB_ATTRIBUTE_INFO_PTR attrInfo = &theAttr.Info;
+ CSSM_SELECTION_PREDICATE predicate;
+ CSSM_DATA predData;
- // free the list of current plugins
+ recordAttrs.DataRecordType = MDS_OBJECT_RECORDTYPE;
+ recordAttrs.SemanticInformation = 0;
+ recordAttrs.NumberOfAttributes = 1;
+ recordAttrs.AttributeData = &theAttr;
- for_each_delete(pluginList.begin(), pluginList.end());
+ attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ attrInfo->Label.AttributeName = "Path";
+ attrInfo->AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING;
+
+ theAttr.NumberOfValues = 0;
+ theAttr.Value = NULL;
+
+ predicate.DbOperator = CSSM_DB_EQUAL;
+ predicate.Attribute.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING;
+ predicate.Attribute.Info.Label.AttributeName = "Path";
+ predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING;
+ predData.Data = (uint8 *)path;
+ predData.Length = strlen(path) + 1;
+ predicate.Attribute.Value = &predData;
+ predicate.Attribute.NumberOfValues = 1;
+
+ query.RecordType = MDS_OBJECT_RECORDTYPE;
+ query.Conjunctive = CSSM_DB_NONE;
+ query.NumSelectionPredicates = 1;
+ query.SelectionPredicate = &predicate;
+ query.QueryLimits.TimeLimit = 0; // FIXME - meaningful?
+ query.QueryLimits.SizeLimit = 1; // FIXME - meaningful?
+ query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used?
+
+ bool ourRtn = true;
+ try {
+ DLQuery perryQuery(query);
+ resultHand = mSession.DataGetFirst(objDbHand(),
+ &perryQuery,
+ &recordAttrs,
+ NULL, // No data
+ record);
+ }
+ catch (...) {
+ ourRtn = false;
+ }
+ if(record) {
+ mSession.FreeUniqueRecord(mObjDbHand, *record);
+ }
+ else {
+ ourRtn = false;
+ }
+ if(resultHand && ourRtn) {
+ /* more resulting pending; terminate the search */
+ try {
+ mSession.DataAbortQuery(mObjDbHand, resultHand);
+ }
+ catch(...) {
+ MSDebug("exception on DataAbortQuery in lookupForPath");
+ }
+ }
+ if(theAttr.Value) {
+ if(theAttr.Value->Data) {
+ mSession.free(theAttr.Value->Data);
+ }
+ mSession.free(theAttr.Value);
+ }
+ return ourRtn;
}
-void
-MDSSession::removeOutdatedPlugins(const PluginInfoList &pluginList)
+/* update entry for one bundle, which is known to exist */
+void MDSSession::DbFilesInfo::updateForBundle(
+ const char *bundlePath)
{
- PluginInfoList::const_iterator it;
- for (it = pluginList.begin(); it != pluginList.end(); it++)
- fprintf(stderr, "%s\n", (*it)->name());
+ MSDebug("...updating DBs for bundle %s", bundlePath);
+
+ /* Quick lookup - do we have ANY entry for a bundle with this path? */
+ if(lookupForPath(bundlePath)) {
+ /* Yep, we're done */
+ return;
+ }
+ MDSAttrParser parser(bundlePath,
+ mSession,
+ objDbHand(),
+ directDbHand());
+ parser.parseAttrs();
}
-void
-MDSSession::insertNewPlugins(const PluginInfoList &pluginList)
+/* DB autocommit on/off */
+void MDSSession::DbFilesInfo::autoCommit(CSSM_BOOL val)
{
+ try {
+ mSession.PassThrough(objDbHand(),
+ CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
+ reinterpret_cast<void *>(val),
+ NULL);
+ mSession.PassThrough(directDbHand(),
+ CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
+ reinterpret_cast<void *>(val),
+ NULL);
+ }
+ catch (...) {
+ MSDebug("DbFilesInfo::autoCommit error!");
+ /* but proceed */
+ }
}
+
+} // end namespace Security
#include <Security/DatabaseSession.h>
#include <Security/handleobject.h>
#include <Security/mds.h>
+#include <Security/MDSModule.h>
+#include <Security/MDSSchema.h>
#include <map>
#include <sys/stat.h>
+#include <sys/param.h>
+#include <sys/types.h>
#include <list>
-typedef list<class PluginInfo *> PluginInfoList;
+namespace Security
+{
class MDSSession: public DatabaseSession, public HandleObject
{
void install ();
void uninstall ();
- void GetDbNames(CSSM_NAME_LIST_PTR &outNameList);
- void FreeNameList(CSSM_NAME_LIST &inNameList);
+ CSSM_DB_HANDLE MDSSession::dbOpen(
+ const char *dbName);
+
+ // some DatabaseSession routines we need to override
+ void DbOpen(const char *DbName,
+ const CSSM_NET_ADDRESS *DbLocation,
+ CSSM_DB_ACCESS_TYPE AccessRequest,
+ const AccessCredentials *AccessCred,
+ const void *OpenParameters,
+ CSSM_DB_HANDLE &DbHandle);
+ void GetDbNames(CSSM_NAME_LIST_PTR &NameList);
+ void FreeNameList(CSSM_NAME_LIST &NameList);
+ void GetDbNameFromHandle(CSSM_DB_HANDLE DBHandle,
+ char **DbName);
// implement CssmHeap::Allocator
- void *malloc(size_t size) { return mCssmMemoryFunctions.malloc(size); };
- void free(void *addr) { mCssmMemoryFunctions.free(addr); }
- void *realloc(void *addr, size_t size) { return mCssmMemoryFunctions.realloc(addr, size); }
+ void *malloc(size_t size) throw(std::bad_alloc)
+ { return mCssmMemoryFunctions.malloc(size); }
+ void free(void *addr) throw()
+ { mCssmMemoryFunctions.free(addr); }
+ void *realloc(void *addr, size_t size) throw(std::bad_alloc)
+ { return mCssmMemoryFunctions.realloc(addr, size); }
-private:
- bool obtainLock(int timeout = 0);
- void releaseLock();
+ MDSModule &module() { return mModule; }
+ void removeRecordsForGuid(
+ const char *guid,
+ CSSM_DB_HANDLE dbHand);
+
+
+ /*
+ * represents two DB files in any location and state
+ */
+ class DbFilesInfo
+ {
+ public:
+ DbFilesInfo(MDSSession &session, const char *dbPath);
+ ~DbFilesInfo();
+ /* these three may not be needed */
+ CSSM_DB_HANDLE objDbHand();
+ CSSM_DB_HANDLE directDbHand();
+ time_t laterTimestamp() { return mLaterTimestamp; }
+
+ /* public functions used by MDSSession */
+ void updateSystemDbInfo(
+ const char *systemPath, // e.g., /System/Library/Frameworks
+ const char *bundlePath); // e.g., /System/Library/Security
+ void removeOutdatedPlugins();
+ void updateForBundleDir(
+ const char *bundleDirPath);
+ void updateForBundle(
+ const char *bundlePath);
+ void autoCommit(CSSM_BOOL val); // DB autocommit on/off
+ private:
+ bool lookupForPath(
+ const char *path);
- void initializeDatabases();
- void updateDatabases();
+ /* object and list to keep track of "to be deleted" records */
+ #define MAX_GUID_LEN 64 /* normally 37 */
+ class TbdRecord
+ {
+ public:
+ TbdRecord(const CSSM_DATA &guid);
+ ~TbdRecord() { }
+ const char *guid() { return mGuid; }
+ private:
+ char mGuid[MAX_GUID_LEN];
+ };
+ typedef vector<TbdRecord *> TbdVector;
- void scanPluginDirectory();
- void removeOutdatedPlugins(const PluginInfoList &pluginList);
- void insertNewPlugins(const PluginInfoList &pluginList);
+ void checkOutdatedPlugin(
+ const CSSM_DATA &pathValue,
+ const CSSM_DATA &guidValue,
+ TbdVector &tbdVector);
+
+ MDSSession &mSession;
+ char mDbPath[MAXPATHLEN];
+ CSSM_DB_HANDLE mObjDbHand;
+ CSSM_DB_HANDLE mDirectDbHand;
+ time_t mLaterTimestamp;
+ }; /* DbFilesInfo */
+private:
+ bool obtainLock(
+ const char *lockFile,
+ int &fd,
+ int timeout = 0);
+ void releaseLock(
+ int &fd);
+
+ /* given DB file name, fill in fully specified path */
+ void dbFullPath(
+ const char *dbName,
+ char fullPath[MAXPATHLEN+1]);
+
+ void updateDataBases();
+
+ bool systemDatabasesPresent(bool purge);
+ void createSystemDatabase(
+ const char *dbName,
+ const RelationInfo *relationInfo,
+ unsigned numRelations,
+ CSSM_DB_HANDLE &dbHand); // RETURNED
+ bool createSystemDatabases();
const CssmMemoryFunctions mCssmMemoryFunctions;
- Guid mCallerGuid;
- bool mCallerGuidPresent;
+ Guid mCallerGuid;
+ bool mCallerGuidPresent;
- struct timespec mLastScanTime;
- int mLockFd;
+ MDSModule &mModule;
+ int mLockFd; // per-user MDS DB lock
};
+} // end namespace Security
+
#endif //_MDSSESSION_H_
END_API(MDS)
}
-#if 0
-static CSSM_RETURN CSSMAPI cssm_GetDbOwner(CSSM_DL_DB_HANDLE DLDBHandle,
- CSSM_ACL_OWNER_PROTOTYPE_PTR Owner)
-{
- BEGIN_API
- findHandle<MDSSession>(DLDBHandle.DLHandle).GetDbOwner(DLDBHandle.DBHandle,
- Required(Owner));
- END_API(MDS)
-}
-#endif
-
static CSSM_RETURN CSSMAPI cssm_CreateRelation(CSSM_DL_DB_HANDLE DLDBHandle,
CSSM_DB_RECORDTYPE RelationID,
const char *RelationName,
END_API(MDS)
}
-#if 0
-static CSSM_RETURN CSSMAPI cssm_GetDbAcl(CSSM_DL_DB_HANDLE DLDBHandle,
- const CSSM_STRING *SelectionTag,
- uint32 *NumberOfAclInfos,
- CSSM_ACL_ENTRY_INFO_PTR *AclInfos)
-{
- BEGIN_API
- findHandle<MDSSession>(DLDBHandle.DLHandle).GetDbAcl(DLDBHandle.DBHandle,
- SelectionTag,
- Required(NumberOfAclInfos),
- Required(AclInfos));
- END_API(MDS)
-}
-
-static CSSM_RETURN CSSMAPI cssm_ChangeDbOwner(CSSM_DL_DB_HANDLE DLDBHandle,
- const CSSM_ACCESS_CREDENTIALS *AccessCred,
- const CSSM_ACL_OWNER_PROTOTYPE *NewOwner)
-{
- BEGIN_API
- findHandle<MDSSession>(DLDBHandle.DLHandle).ChangeDbOwner(DLDBHandle.DBHandle,
- AccessCredentials::required(AccessCred),
- Required(NewOwner));
- END_API(MDS)
-}
-
-static CSSM_RETURN CSSMAPI cssm_PassThrough(CSSM_DL_DB_HANDLE DLDBHandle,
- uint32 PassThroughId,
- const void *InputParams,
- void **OutputParams)
-{
- BEGIN_API
- findHandle<MDSSession>(DLDBHandle.DLHandle).PassThrough(DLDBHandle.DBHandle,
- PassThroughId,
- InputParams,
- OutputParams);
- END_API(MDS)
-}
-#endif
-
static CSSM_RETURN CSSMAPI cssm_FreeUniqueRecord(CSSM_DL_DB_HANDLE DLDBHandle,
CSSM_DB_UNIQUE_RECORD_PTR UniqueRecord)
{
END_API(MDS)
}
-#if 0
-static CSSM_RETURN CSSMAPI cssm_DbDelete(CSSM_DL_HANDLE DLHandle,
- const char *DbName,
- const CSSM_NET_ADDRESS *DbLocation,
- const CSSM_ACCESS_CREDENTIALS *AccessCred)
-{
- BEGIN_API
- findHandle<MDSSession>(DLHandle).DbDelete(DbName,
- DbLocation,
- AccessCredentials::optional(AccessCred));
- END_API(MDS)
-}
-
-static CSSM_RETURN CSSMAPI cssm_DbCreate(CSSM_DL_HANDLE DLHandle,
- const char *DbName,
- const CSSM_NET_ADDRESS *DbLocation,
- const CSSM_DBINFO *DBInfo,
- CSSM_DB_ACCESS_TYPE AccessRequest,
- const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
- const void *OpenParameters,
- CSSM_DB_HANDLE *DbHandle)
-{
- BEGIN_API
- findHandle<MDSSession>(DLHandle).DbCreate(DbName,
- DbLocation,
- Required(DBInfo),
- AccessRequest,
- CredAndAclEntry,
- OpenParameters,
- Required(DbHandle));
- END_API(MDS)
-}
-#endif
-
static CSSM_RETURN CSSMAPI cssm_GetDbNames(CSSM_DL_HANDLE DLHandle,
CSSM_NAME_LIST_PTR *NameList)
{
END_API(MDS)
}
-#if 0
-static CSSM_RETURN CSSMAPI cssm_ChangeDbAcl(CSSM_DL_DB_HANDLE DLDBHandle,
- const CSSM_ACCESS_CREDENTIALS *AccessCred,
- const CSSM_ACL_EDIT *AclEdit)
-{
- BEGIN_API
- findHandle<MDSSession>(DLDBHandle.DLHandle).ChangeDbAcl(DLDBHandle.DBHandle,
- AccessCredentials::required(AccessCred),
- Required(AclEdit));
- END_API(MDS)
-}
-
-static CSSM_RETURN CSSMAPI cssm_Authenticate(CSSM_DL_DB_HANDLE DLDBHandle,
- CSSM_DB_ACCESS_TYPE AccessRequest,
- const CSSM_ACCESS_CREDENTIALS *AccessCred)
-{
- BEGIN_API
- findHandle<MDSSession>(DLDBHandle.DLHandle).Authenticate(DLDBHandle.DBHandle,
- AccessRequest,
- AccessCredentials::required(AccessCred));
- END_API(MDS)
-}
-#endif
-
static CSSM_RETURN CSSMAPI cssm_FreeNameList(CSSM_DL_HANDLE DLHandle,
CSSM_NAME_LIST_PTR NameList)
{
unsigned long fMsgID;
unsigned long fPID;
unsigned long fPort;
+ unsigned long fIPAddress;
sObject obj[ 10 ];
char data[ 1 ];
} sComData;
int checkpw( const char* userName, const char* password )
{
- int siResult = CHECKPW_FAILURE;
struct passwd* pw = NULL;
+ int status;
+
+ pw = getpwnam( userName );
+ if (pw == NULL)
+ return CHECKPW_UNKNOWNUSER;
+
+ status = checkpw_internal(userName, password, pw);
+ endpwent();
+ return status;
+}
+
+int checkpw_internal( const char* userName, const char* password, const struct passwd* pw )
+{
+ int siResult = CHECKPW_FAILURE;
kern_return_t result = err_none;
mach_port_t bsPort = 0;
mach_port_t serverPort = 0;
long curr = 0;
unsigned long i = 0;
- pw = getpwnam( userName );
- if (pw == NULL)
- {
- return CHECKPW_UNKNOWNUSER;
- }
-
do {
// Special case for empty password (this explicitly denies UNIX-like behavior)
break;
}
- // Special marker for Directory Services
- if (strcmp(pw->pw_passwd,"********") != 0) {
- siResult = CHECKPW_BADPASSWORD;
- break;
- }
+ // Try Directory Services directly
result = mach_port_allocate( mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &replyPort );
if ( result != err_none ) {
if ( replyPort != 0 )
mach_port_deallocate( mach_task_self(), replyPort );
- if (pw)
- endpwent();
return siResult;
-}
\ No newline at end of file
+}
#ifndef __CHKUSRNAMPASSWD_H__
#define __CHKUSRNAMPASSWD_H__
+#include <pwd.h>
+
#ifdef __cplusplus
extern "C" {
#endif
--- /dev/null
+#
+# Makefile to install the system-startup code for SecurityServer
+#
+KEYCHAINS_SRC=$(SRCROOT)/keychains
+
+SYSTEM_LIBRARY_DIR=$(DSTROOT)/System/Library
+KEYCHAINS_DIR=$(SYSTEM_LIBRARY_DIR)/Keychains
+X509ANCHORS=$(KEYCHAINS_DIR)/X509Anchors
+
+
+#
+# The other phases do nothing
+#
+build:
+ @echo null build.
+
+debug:
+ @echo null debug.
+
+profile:
+ @echo null profile.
+
+installhdrs:
+ @echo null installhdrs.
+
+installsrc:
+ @echo null installsrc.
+
+clean:
+ @echo null clean.
+
+
+#
+# Install
+#
+install:
+ if [ ! -d $(KEYCHAINS_DIR) ]; then \
+ mkdir -p $(KEYCHAINS_DIR); \
+ chown root.admin $(KEYCHAINS_DIR); \
+ chmod 755 $(KEYCHAINS_DIR); \
+ fi
+ cp $(KEYCHAINS_SRC)/X509Anchors $(X509ANCHORS)
+ chown root.admin $(X509ANCHORS)
+ chmod 664 $(X509ANCHORS)
+ ls -l $(X509ANCHORS)
--- /dev/null
+#!/usr/bin/perl
+#
+#
+#
+use strict;
+
+my $dbname = "X509Anchors";
+
+my $count = 0;
+my $created;
+for my $file (@ARGV) {
+ my @cmd = ("certtool", "i", $file, "k=$dbname", "d");
+ do { push @cmd, "c"; $created = 1; } unless $created;
+ print "$file ";
+ die if system @cmd;
+ $count++;
+}
+
+print "$count certificates placed into $dbname\n";
+exit 0;
expbase=`basename $expfile`
# Don't rerun this unless the file has been relinked
-if [ "${SYMROOT}/${expbase}.timestamp" -nt "${SYMROOT}/${INNER_PRODUCT_SUBPATH}" ]; then
- echo "${SYMROOT}/${INNER_PRODUCT_SUBPATH} is up to date."
+if [ "${BUILT_PRODUCTS_DIR}/${expbase}.timestamp" -nt "${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH}" ]; then
+ echo "${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH} is up to date."
exit 0
fi
-echo "Scanning ${SYMROOT}/${INNER_PRODUCT_SUBPATH}"
-ARCHS=`lipo -info "${SYMROOT}/${INNER_PRODUCT_SUBPATH}" | awk -F : '{print $3}'`
+echo "Scanning ${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH}"
+ARCHS=`lipo -info "${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH}" | awk -F : '{print $3}'`
for arch in $ARCHS
do
- echo "Generating exports file ${SYMROOT}/${expbase}_$arch"
- nm -gp -arch $arch "${SYMROOT}/${INNER_PRODUCT_SUBPATH}" \
+ echo "Generating exports file ${BUILT_PRODUCTS_DIR}/${expbase}_$arch"
+ nm -gp -arch $arch "${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH}" \
| egrep -v '^/| U _' \
| awk '{print $3}' \
- | egrep '_(|tf|ti|C)(|Q[2-9])8Security|^_(Sec|CSSM|Authorization)' \
+ | egrep '_(|tf|ti|C)(|Q[2-9])8Security|_(N|ZN|ZNK|ZTTN|ZTVN)8Security|^_(Sec|CSSM|Authorization)' \
| cat - "$expfile" \
- | sort -u > "${SYMROOT}/${expbase}_$arch"
- echo nmedit -s "${SYMROOT}/${expbase}_$arch" -arch $arch "${SYMROOT}/${INNER_PRODUCT_SUBPATH}"
- nmedit -s "${SYMROOT}/${expbase}_$arch" -arch $arch "${SYMROOT}/${INNER_PRODUCT_SUBPATH}"
+ | sort -u > "${BUILT_PRODUCTS_DIR}/${expbase}_$arch"
+ echo nmedit -s "${BUILT_PRODUCTS_DIR}/${expbase}_$arch" -arch $arch "${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH}"
+ nmedit -s "${BUILT_PRODUCTS_DIR}/${expbase}_$arch" -arch $arch "${BUILT_PRODUCTS_DIR}/${INNER_PRODUCT_SUBPATH}"
done
-touch "${SYMROOT}/${expbase}.timestamp"
+touch "${BUILT_PRODUCTS_DIR}/${expbase}.timestamp"
projects / apple / security.git / commitdiff
